When commit 2fb541c862c9 ("net: sch_generic: aviod concurrent reset and
enqueue op for lockless qdisc") is backported to stable kernel, one
assignment is missing, which causes two problems reported by Joakim and
Vishwanath, see [1] and [2].
So add the assignment back to fix it.
1. https://www.spinics.net/lists/netdev/msg693916.html .
2. https://www.spinics.net/lists/netdev/msg695131.html .
Change-Id: I2e3400f64daa703d44680dedfbd367b152620334
Fixes: 749cc0b0c7 ("net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc")
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Acked-by: Jakub Kicinski <kuba@kernel.org>
Tested-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-Commit: 81504d1952d712c8bb9c3966896efee8a37ea966
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Chinmay Agarwal <chinagar@codeaurora.org>
* refs/heads/tmp-8ee67bc
Revert "nl80211: fix non-split wiphy information"
Reverting usb changes
Linux 4.19.157
powercap: restrict energy meter to root access
Revert "ANDROID: Kbuild, LLVMLinux: allow overriding clang target triple"
Linux 4.19.156
arm64: dts: marvell: espressobin: Add ethernet switch aliases
net: dsa: read mac address from DT for slave device
tools: perf: Fix build error in v4.19.y
perf/core: Fix a memory leak in perf_event_parse_addr_filter()
PM: runtime: Resume the device earlier in __device_release_driver()
Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
ARC: stack unwinding: avoid indefinite looping
usb: mtu3: fix panic in mtu3_gadget_stop()
USB: Add NO_LPM quirk for Kingston flash drive
USB: serial: option: add Telit FN980 composition 0x1055
USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
USB: serial: option: add Quectel EC200T module support
USB: serial: cyberjack: fix write-URB completion race
serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init
serial: 8250_mtk: Fix uart_get_baud_rate warning
fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
vt: Disable KD_FONT_OP_COPY
ACPI: NFIT: Fix comparison to '-ENXIO'
drm/vc4: drv: Add error handding for bind
vsock: use ns_capable_noaudit() on socket create
scsi: core: Don't start concurrent async scan on same host
blk-cgroup: Pre-allocate tree node on blkg_conf_prep
blk-cgroup: Fix memleak on error path
of: Fix reserved-memory overlap detection
x86/kexec: Use up-to-dated screen_info copy to fill boot params
ARM: dts: sun4i-a10: fix cpu_alert temperature
futex: Handle transient "ownerless" rtmutex state correctly
tracing: Fix out of bounds write in get_trace_buf
ftrace: Handle tracing when switching between context
ftrace: Fix recursion check for NMI test
ring-buffer: Fix recursion protection transitions between interrupt context
gfs2: Wake up when sd_glock_disposal becomes zero
mm: always have io_remap_pfn_range() set pgprot_decrypted()
kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled
lib/crc32test: remove extra local_irq_disable/enable
mm: mempolicy: fix potential pte_unmap_unlock pte error
ALSA: usb-audio: Add implicit feedback quirk for MODX
ALSA: usb-audio: Add implicit feedback quirk for Qu-16
ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices
ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2
Fonts: Replace discarded const qualifier
btrfs: tree-checker: fix the error message for transid error
btrfs: tree-checker: Verify inode item
btrfs: tree-checker: Enhance chunk checker to validate chunk profile
btrfs: tree-checker: Fix wrong check on max devid
btrfs: tree-checker: Verify dev item
btrfs: tree-checker: Check chunk item at tree block read time
btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO
btrfs: tree-checker: Make chunk item checker messages more readable
btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it
btrfs: Don't submit any btree write bio if the fs has errors
Btrfs: fix unwritten extent buffers and hangs on future writeback attempts
btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io()
btrfs: extent_io: Handle errors better in btree_write_cache_pages()
btrfs: extent_io: Handle errors better in extent_write_full_page()
btrfs: flush write bio if we loop in extent_write_cache_pages
Revert "btrfs: flush write bio if we loop in extent_write_cache_pages"
btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up
btrfs: extent_io: Kill the forward declaration of flush_write_bio
blktrace: fix debugfs use after free
sfp: Fix error handing in sfp_probe()
sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms
net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition
gianfar: Account for Tx PTP timestamp in the skb headroom
gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
chelsio/chtls: fix always leaking ctrl_skb
chelsio/chtls: fix memory leaks caused by a race
cadence: force nonlinear buffers to be cloned
ptrace: fix task_join_group_stop() for the case when current is traced
tipc: fix use-after-free in tipc_bcast_get_mode
drm/i915: Break up error capture compression loops with cond_resched()
ANDROID: fuse: Add support for d_canonical_path
ANDROID: vfs: add d_canonical_path for stacked filesystem support
ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
Linux 4.19.155
staging: octeon: Drop on uncorrectable alignment or FCS error
staging: octeon: repair "fixed-link" support
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
device property: Don't clear secondary pointer for shared primary firmware node
device property: Keep secondary firmware node secondary by type
ARM: s3c24xx: fix missing system reset
ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
arm: dts: mt7623: add missing pause for switchport
hil/parisc: Disable HIL driver when it gets stuck
cachefiles: Handle readpage error correctly
arm64: berlin: Select DW_APB_TIMER_OF
tty: make FONTX ioctl use the tty pointer they were actually passed
rtc: rx8010: don't modify the global rtc ops
drm/ttm: fix eviction valuable range check.
ext4: fix invalid inode checksum
ext4: fix error handling code in add_new_gdb
ext4: fix leaking sysfs kobject after failed mount
vringh: fix __vringh_iov() when riov and wiov are different
ring-buffer: Return 0 on success from ring_buffer_resize()
9P: Cast to loff_t before multiplying
libceph: clear con->out_msg on Policy::stateful_server faults
ceph: promote to unsigned long long before shifting
drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally
drm/amdgpu: don't map BO in reserved region
i2c: imx: Fix external abort on interrupt in exit paths
ia64: fix build error with !COREDUMP
ubi: check kthread_should_stop() after the setting of task state
perf python scripting: Fix printable strings in python3 scripts
ubifs: dent: Fix some potential memory leaks while iterating entries
NFSD: Add missing NFSv2 .pc_func methods
NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation
powerpc/powernv/elog: Fix race while processing OPAL error log event.
powerpc: Warn about use of smt_snooze_delay
powerpc/rtas: Restrict RTAS requests from userspace
s390/stp: add locking to sysfs functions
powerpc/drmem: Make lmb_size 64 bit
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
iio:adc:ti-adc12138 Fix alignment issue with timestamp
iio:adc:ti-adc0832 Fix alignment issue with timestamp
iio:light:si1145: Fix timestamp alignment and prevent data leak.
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
udf: Fix memory leak when mounting
HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery
vt: keyboard, extend func_buf_lock to readers
vt: keyboard, simplify vt_kdgkbsent
drm/i915: Force VT'd workarounds when running as a guest OS
usb: host: fsl-mph-dr-of: check return of dma_set_mask()
usb: typec: tcpm: reset hard_reset_count for any disconnect
usb: cdc-acm: fix cooldown mechanism
usb: dwc3: core: don't trigger runtime pm when remove driver
usb: dwc3: core: add phy cleanup for probe error handling
usb: dwc3: gadget: Check MPS of the request length
usb: dwc3: ep0: Fix ZLP for OUT ep0 requests
usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC
btrfs: fix use-after-free on readahead extent after failure to create it
btrfs: cleanup cow block on error
btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send()
btrfs: send, recompute reference path after orphanization of a directory
btrfs: reschedule if necessary when logging directory items
btrfs: improve device scanning messages
btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode
scsi: qla2xxx: Fix crash on session cleanup with unload
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
w1: mxc_w1: Fix timeout resolution problem leading to bus error
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
ACPI: debug: don't allow debugging when ACPI is disabled
ACPI: video: use ACPI backlight for HP 635 Notebook
ACPI / extlog: Check for RDMSR failure
ACPI: button: fix handling lid state changes when input device closed
NFS: fix nfs_path in case of a rename retry
fs: Don't invalidate page buffers in block_write_full_page()
media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect
leds: bcm6328, bcm6358: use devres LED registering function
perf/x86/amd/ibs: Fix raw sample data accumulation
perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN
md/raid5: fix oops during stripe resizing
nvme-rdma: fix crash when connect rejected
sgl_alloc_order: fix memory leak
nbd: make the config put is called before the notifying the waiter
ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
ARM: dts: s5pv210: move PMU node out of clock controller
ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
memory: emif: Remove bogus debugfs error handling
ARM: dts: omap4: Fix sgx clock rate for 4430
arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes
cifs: handle -EINTR in cifs_setattr
gfs2: add validation checks for size of superblock
ext4: Detect already used quota file early
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
clk: ti: clockdomain: fix static checker warning
rpmsg: glink: Use complete_all for open states
bnxt_en: Log unknown link speed appropriately.
md/bitmap: md_bitmap_get_counter returns wrong blocks
btrfs: fix replace of seed device
drm/amd/display: HDMI remote sink need mode validation for Linux
power: supply: test_power: add missing newlines when printing parameters by sysfs
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
ACPI: Add out of bounds and numa_off protections to pxm_to_node()
xfs: don't free rt blocks when we're doing a REMAP bunmapi call
arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
usb: xhci: omit duplicate actions when suspending a runtime suspended host.
uio: free uio id after uio file node is freed
USB: adutux: fix debugging
cpufreq: sti-cpufreq: add stih418 support
riscv: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
media: uvcvideo: Fix dereference of out-of-bound list iterator
kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
ia64: kprobes: Use generic kretprobe trampoline handler
printk: reduce LOG_BUF_SHIFT range for H8300
arm64: topology: Stop using MPIDR for topology information
drm/bridge/synopsys: dsi: add support for non-continuous HS clock
mmc: via-sdmmc: Fix data race bug
media: imx274: fix frame interval handling
media: tw5864: check status of tw5864_frameinterval_get
usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart
media: platform: Improve queue set up flow for bug fixing
media: videodev2.h: RGB BT2020 and HSV are always full range
drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly
ath10k: fix VHT NSS calculation when STBC is enabled
ath10k: start recovery process when payload length exceeds max htc length for sdio
video: fbdev: pvr2fb: initialize variables
xfs: fix realtime bitmap/summary file truncation when growing rt volume
power: supply: bq27xxx: report "not charging" on all types
ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
um: change sigio_spinlock to a mutex
f2fs: fix to check segment boundary during SIT page readahead
f2fs: fix uninit-value in f2fs_lookup
f2fs: add trace exit in exception path
sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM
mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
powerpc/powernv/smp: Fix spurious DBG() warning
futex: Fix incorrect should_fail_futex() handling
ata: sata_nv: Fix retrieving of active qcs
RDMA/qedr: Fix memory leak in iWARP CM
mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
xen/events: block rogue events for some time
xen/events: defer eoi in case of excessive number of events
xen/events: use a common cpu hotplug hook for event channels
xen/events: switch user event channels to lateeoi model
xen/pciback: use lateeoi irq binding
xen/pvcallsback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/blkback: use lateeoi irq binding
xen/events: add a new "late EOI" evtchn framework
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: avoid removing an event channel while handling it
xen/events: don't use chip_data for legacy IRQs
Revert "block: ratelimit handle_bad_sector() message"
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
fscrypt: only set dentry_operations on ciphertext dentries
fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory
fscrypt: fix race allowing rename() and link() of ciphertext dentries
fscrypt: clean up and improve dentry revalidation
fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
ata: sata_rcar: Fix DMA boundary mask
serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt
mtd: lpddr: Fix bad logic in print_drs_error
RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel()
cxl: Rework error message for incompatible slots
p54: avoid accessing the data mapped to streaming DMA
evm: Check size of security.evm before using it
bpf: Fix comment for helper bpf_current_task_under_cgroup()
fuse: fix page dereference after free
x86/xen: disable Firmware First mode for correctable memory errors
arch/x86/amd/ibs: Fix re-arming IBS Fetch
cxgb4: set up filter action after rewrites
r8169: fix issue with forced threading in combination with shared interrupts
tipc: fix memory leak caused by tipc_buf_append()
tcp: Prevent low rmem stalls with SO_RCVLOWAT.
ravb: Fix bit fields checking in ravb_hwtstamp_get()
netem: fix zero division in tabledist
mlxsw: core: Fix memory leak on module removal
gtp: fix an use-before-init in gtp_newlink()
chelsio/chtls: fix tls record info to user
chelsio/chtls: fix memory leaks in CPL handlers
chelsio/chtls: fix deadlock issue
efivarfs: Replace invalid slashes with exclamation marks in dentries.
x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled
arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs
scripts/setlocalversion: make git describe output more reliable
objtool: Support Clang non-section symbols in ORC generation
ANDROID: GKI: Enable DEBUG_INFO_DWARF4
UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller
BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr
BACKPORT: xfrm/compat: Add 32=>64-bit messages translator
UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator
UPSTREAM: xfrm/compat: Add 64=>32-bit messages translator
BACKPORT: xfrm: Provide API to register translator module
ANDROID: Publish uncompressed Image on aarch64
FROMLIST: crypto: arm64/poly1305-neon - reorder PAC authentication with SP update
UPSTREAM: crypto: arm64/chacha - fix chacha_4block_xor_neon() for big endian
UPSTREAM: crypto: arm64/chacha - fix hchacha_block_neon() for big endian
Linux 4.19.154
usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets.
eeprom: at25: set minimum read/write access stride to 1
USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
tty: serial: fsl_lpuart: fix lpuart32_poll_get_char
net: korina: cast KSEG0 address to pointer in kfree
ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config()
usb: core: Solve race condition in anchor cleanup functions
brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
mwifiex: don't call del_timer_sync() on uninitialized timer
reiserfs: Fix memory leak in reiserfs_parse_options()
ipvs: Fix uninit-value in do_ip_vs_set_ctl()
tty: ipwireless: fix error handling
scsi: qedi: Fix list_del corruption while removing active I/O
scsi: qedi: Protect active command list to avoid list corruption
Fix use after free in get_capset_info callback.
rtl8xxxu: prevent potential memory leak
brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
scsi: ibmvfc: Fix error return in ibmvfc_probe()
Bluetooth: Only mark socket zapped after unlocking
usb: ohci: Default to per-port over-current protection
xfs: make sure the rt allocator doesn't run off the end
reiserfs: only call unlock_new_inode() if I_NEW
misc: rtsx: Fix memory leak in rtsx_pci_probe
ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
can: flexcan: flexcan_chip_stop(): add error handling and propagate error value
usb: dwc3: simple: add support for Hikey 970
USB: cdc-acm: handle broken union descriptors
udf: Avoid accessing uninitialized data on failed inode read
udf: Limit sparing table size
usb: gadget: function: printer: fix use-after-free in __lock_acquire
misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
mic: vop: copy data to kernel space then write to io memory
scsi: target: core: Add CONTROL field for trace events
scsi: mvumi: Fix error return in mvumi_io_attach()
PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
mac80211: handle lack of sband->bitrates in rates
ip_gre: set dev->hard_header_len and dev->needed_headroom properly
ntfs: add check for mft record size in superblock
media: venus: core: Fix runtime PM imbalance in venus_probe
fs: dlm: fix configfs memory leak
media: saa7134: avoid a shift overflow
mmc: sdio: Check for CISTPL_VERS_1 buffer size
media: uvcvideo: Ensure all probed info is returned to v4l2
media: media/pci: prevent memory leak in bttv_probe
media: bdisp: Fix runtime PM imbalance on error
media: platform: sti: hva: Fix runtime PM imbalance on error
media: platform: s3c-camif: Fix runtime PM imbalance on error
media: vsp1: Fix runtime PM imbalance on error
media: exynos4-is: Fix a reference count leak
media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync
media: sti: Fix reference count leaks
media: st-delta: Fix reference count leak in delta_run_work
media: ati_remote: sanity check for both endpoints
media: firewire: fix memory leak
crypto: ccp - fix error handling
block: ratelimit handle_bad_sector() message
i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs
perf: correct SNOOPX field offset
sched/features: Fix !CONFIG_JUMP_LABEL case
NTB: hw: amd: fix an issue about leak system resources
nvmet: fix uninitialized work for zero kato
powerpc/powernv/dump: Fix race while processing OPAL dump
arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers
arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts
arm64: dts: qcom: pm8916: Remove invalid reg size from wcd_codec
memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
memory: omap-gpmc: Fix build error without CONFIG_OF
memory: omap-gpmc: Fix a couple off by ones
ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator
ARM: dts: imx6sl: fix rng node
netfilter: nf_fwd_netdev: clear timestamp in forwarding path
netfilter: conntrack: connection timeout after re-register
KVM: x86: emulating RDPID failure shall return #UD rather than #GP
Input: sun4i-ps2 - fix handling of platform_get_irq() error
Input: twl4030_keypad - fix handling of platform_get_irq() error
Input: omap4-keypad - fix handling of platform_get_irq() error
Input: ep93xx_keypad - fix handling of platform_get_irq() error
Input: stmfts - fix a & vs && typo
Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
SUNRPC: fix copying of multiple pages in gss_read_proxy_verf()
vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages
vfio/pci: Clear token on bypass registration failure
ext4: limit entries returned when counting fsmap records
svcrdma: fix bounce buffers for unaligned offsets and multiple pages
watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3
watchdog: Use put_device on error
watchdog: Fix memleak in watchdog_cdev_register
clk: bcm2835: add missing release if devm_clk_hw_register fails
clk: at91: clk-main: update key before writing AT91_CKGR_MOR
clk: rockchip: Initialize hw to error to avoid undefined behavior
pwm: img: Fix null pointer access in probe
rpmsg: smd: Fix a kobj leak in in qcom_smd_parse_edge()
PCI: iproc: Set affinity mask on MSI interrupts
i2c: rcar: Auto select RESET_CONTROLLER
mailbox: avoid timer start from callback
rapidio: fix the missed put_device() for rio_mport_add_riodev
rapidio: fix error handling path
ramfs: fix nommu mmap with gaps in the page cache
lib/crc32.c: fix trivial typo in preprocessor condition
f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info
IB/rdmavt: Fix sizeof mismatch
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
powerpc/perf/hv-gpci: Fix starting index value
powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints
overflow: Include header file with SIZE_MAX declaration
kdb: Fix pager search for multi-line strings
RDMA/hns: Fix missing sq_sig_type when querying QP
RDMA/hns: Set the unsupported wr opcode
perf intel-pt: Fix "context_switch event has no tid" error
RDMA/cma: Consolidate the destruction of a cma_multicast in one place
RDMA/cma: Remove dead code for kernel rdmacm multicast
powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm
powerpc/tau: Disable TAU between measurements
powerpc/tau: Check processor type before enabling TAU interrupt
ANDROID: GKI: update the ABI xml
Linux 4.19.153
powerpc/tau: Remove duplicated set_thresholds() call
powerpc/tau: Convert from timer to workqueue
powerpc/tau: Use appropriate temperature sample interval
RDMA/qedr: Fix inline size returned for iWARP
RDMA/qedr: Fix use of uninitialized field
xfs: fix high key handling in the rt allocator's query_range function
xfs: limit entries returned when counting fsmap records
arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER
ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
mtd: mtdoops: Don't write panic data twice
powerpc/pseries: explicitly reschedule during drmem_lmb list traversal
mtd: lpddr: fix excessive stack usage with clang
RDMA/ucma: Add missing locking around rdma_leave_multicast()
RDMA/ucma: Fix locking for ctx->events_reported
powerpc/icp-hv: Fix missing of_node_put() in success path
powerpc/pseries: Fix missing of_node_put() in rng_init()
IB/mlx4: Adjust delayed work when a dup is observed
IB/mlx4: Fix starvation in paravirt mux/demux
mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary
mm/memcg: fix device private memcg accounting
netfilter: nf_log: missing vlan offload tag and proto
net: korina: fix kfree of rx/tx descriptor array
ipvs: clear skb->tstamp in forwarding path
mwifiex: fix double free
platform/x86: mlx-platform: Remove PSU EEPROM configuration
scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
scsi: target: tcmu: Fix warning: 'page' may be used uninitialized
usb: dwc2: Fix INTR OUT transfers in DDMA mode.
nl80211: fix non-split wiphy information
usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above.
iwlwifi: mvm: split a print to avoid a WARNING in ROC
mfd: sm501: Fix leaks in probe()
net: enic: Cure the enic api locking trainwreck
qtnfmac: fix resource leaks on unsupported iftype error return path
HID: hid-input: fix stylus battery reporting
slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback
slimbus: core: do not enter to clock pause mode in core
slimbus: core: check get_addr before removing laddr ida
quota: clear padding in v2r1_mem2diskdqb()
usb: dwc2: Fix parameter type in function pointer prototype
ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
misc: mic: scif: Fix error handling path
ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
net: dsa: rtl8366rb: Support all 4096 VLANs
net: dsa: rtl8366: Skip PVID setting if not requested
net: dsa: rtl8366: Refactor VLAN/PVID init
net: dsa: rtl8366: Check validity of passed VLANs
cpufreq: armada-37xx: Add missing MODULE_DEVICE_TABLE
net: stmmac: use netif_tx_start|stop_all_queues() function
net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow
pinctrl: mcp23s08: Fix mcp23x17 precious range
pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser
HID: roccat: add bounds checking in kone_sysfs_write_settings()
video: fbdev: radeon: Fix memleak in radeonfb_pci_register
video: fbdev: sis: fix null ptr dereference
video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
drivers/virt/fsl_hypervisor: Fix error handling path
pwm: lpss: Add range limit check for the base_unit register value
pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare()
pty: do tty_flip_buffer_push without port->lock in pty_write
tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
tty: serial: earlycon dependency
VMCI: check return value of get_user_pages_fast() for errors
backlight: sky81452-backlight: Fix refcount imbalance on error
scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba()
scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
drm/gma500: fix error check
staging: rtl8192u: Do not use GFP_KERNEL in atomic context
mwifiex: Do not use GFP_KERNEL in atomic context
brcmfmac: check ndev pointer
ASoC: qcom: lpass-cpu: fix concurrency issue
ASoC: qcom: lpass-platform: fix memory leak
wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path
ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
Bluetooth: hci_uart: Cancel init work before unregistering
ath10k: provide survey info as accumulated data
spi: spi-s3c64xx: Check return values
spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath()
pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB
regulator: resolve supply after creating regulator
media: ti-vpe: Fix a missing check and reference count leak
media: stm32-dcmi: Fix a reference count leak
media: s5p-mfc: Fix a reference count leak
media: camss: Fix a reference count leak.
media: platform: fcp: Fix a reference count leak.
media: rockchip/rga: Fix a reference count leak.
media: rcar-vin: Fix a reference count leak.
media: tc358743: cleanup tc358743_cec_isr
media: tc358743: initialize variable
media: mx2_emmaprp: Fix memleak in emmaprp_probe
cypto: mediatek - fix leaks in mtk_desc_ring_alloc
hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61}
crypto: omap-sham - fix digcnt register handling with export/import
media: omap3isp: Fix memleak in isp_probe
media: uvcvideo: Silence shift-out-of-bounds warning
media: uvcvideo: Set media controller entity functions
media: m5mols: Check function pointer in m5mols_sensor_power
media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()"
media: tuner-simple: fix regression in simple_set_radio_freq
crypto: picoxcell - Fix potential race condition bug
crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc()
crypto: algif_skcipher - EBUSY on aio should be an error
x86/events/amd/iommu: Fix sizeof mismatch
x86/nmi: Fix nmi_handle() duration miscalculation
drivers/perf: xgene_pmu: Fix uninitialized resource struct
x86/fpu: Allow multiple bits in clearcpuid= parameter
EDAC/ti: Fix handling of platform_get_irq() error
EDAC/i5100: Fix error handling order in i5100_init_one()
crypto: algif_aead - Do not set MAY_BACKLOG on the async path
ima: Don't ignore errors from crypto_shash_update()
KVM: SVM: Initialize prev_ga_tag before use
KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
cifs: Return the error from crypt_message when enc/dec key not found.
cifs: remove bogus debug code
ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887
icmp: randomize the global rate limiter
r8169: fix operation under forced interrupt threading
tcp: fix to update snd_wl1 in bulk receiver fast path
nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download()
net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels
net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup
net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
chelsio/chtls: correct function return and return type
chelsio/chtls: correct netdevice for vlan interface
chelsio/chtls: fix socket lock
ALSA: bebob: potential info leak in hwdep_read()
binder: fix UAF when releasing todo list
net/tls: sendfile fails with ktls offload
r8169: fix data corruption issue on RTL8402
net/ipv4: always honour route mtu during forwarding
tipc: fix the skb_unshare() in tipc_buf_append()
net: usb: qmi_wwan: add Cellient MPL200 card
net/smc: fix valid DMBE buffer sizes
net: fix pos incrementment in ipv6_route_seq_next
net: fec: Fix PHY init after phy_reset_after_clk_enable()
net: fec: Fix phy_device lookup for phy_reset_after_clk_enable()
mlx4: handle non-napi callers to napi_poll
ipv4: Restore flowi4_oif update before call to xfrm_lookup_route
ibmveth: Identify ingress large send packets.
ibmveth: Switch order of ibmveth_helper calls.
ANDROID: clang: update to 11.0.5
FROMLIST: arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
ANDROID: GKI: enable CONFIG_WIREGUARD
UPSTREAM: wireguard: peerlookup: take lock before checking hash in replace operation
UPSTREAM: wireguard: noise: take lock when removing handshake entry from table
UPSTREAM: wireguard: queueing: make use of ip_tunnel_parse_protocol
UPSTREAM: net: ip_tunnel: add header_ops for layer 3 devices
UPSTREAM: wireguard: receive: account for napi_gro_receive never returning GRO_DROP
UPSTREAM: wireguard: device: avoid circular netns references
UPSTREAM: wireguard: noise: do not assign initiation time in if condition
UPSTREAM: wireguard: noise: separate receive counter from send counter
UPSTREAM: wireguard: queueing: preserve flow hash across packet scrubbing
UPSTREAM: wireguard: noise: read preshared key while taking lock
UPSTREAM: wireguard: selftests: use newer iproute2 for gcc-10
UPSTREAM: wireguard: send/receive: use explicit unlikely branch instead of implicit coalescing
UPSTREAM: wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning
UPSTREAM: wireguard: send/receive: cond_resched() when processing worker ringbuffers
UPSTREAM: wireguard: socket: remove errant restriction on looping to self
UPSTREAM: wireguard: selftests: use normal kernel stack size on ppc64
UPSTREAM: wireguard: receive: use tunnel helpers for decapsulating ECN markings
UPSTREAM: wireguard: queueing: cleanup ptr_ring in error path of packet_queue_init
UPSTREAM: wireguard: send: remove errant newline from packet_encrypt_worker
UPSTREAM: wireguard: noise: error out precomputed DH during handshake rather than config
UPSTREAM: wireguard: receive: remove dead code from default packet type case
UPSTREAM: wireguard: queueing: account for skb->protocol==0
UPSTREAM: wireguard: selftests: remove duplicated include <sys/types.h>
UPSTREAM: wireguard: socket: remove extra call to synchronize_net
UPSTREAM: wireguard: send: account for mtu=0 devices
UPSTREAM: wireguard: receive: reset last_under_load to zero
UPSTREAM: wireguard: selftests: reduce complexity and fix make races
UPSTREAM: wireguard: device: use icmp_ndo_send helper
UPSTREAM: wireguard: selftests: tie socket waiting to target pid
UPSTREAM: wireguard: selftests: ensure non-addition of peers with failed precomputation
UPSTREAM: wireguard: noise: reject peers with low order public keys
UPSTREAM: wireguard: allowedips: fix use-after-free in root_remove_peer_lists
UPSTREAM: net: skbuff: disambiguate argument and member for skb_list_walk_safe helper
UPSTREAM: net: introduce skb_list_walk_safe for skb segment walking
UPSTREAM: wireguard: socket: mark skbs as not on list when receiving via gro
UPSTREAM: wireguard: queueing: do not account for pfmemalloc when clearing skb header
UPSTREAM: wireguard: selftests: remove ancient kernel compatibility code
UPSTREAM: wireguard: allowedips: use kfree_rcu() instead of call_rcu()
UPSTREAM: wireguard: main: remove unused include <linux/version.h>
UPSTREAM: wireguard: global: fix spelling mistakes in comments
UPSTREAM: wireguard: Kconfig: select parent dependency for crypto
UPSTREAM: wireguard: selftests: import harness makefile for test suite
UPSTREAM: net: WireGuard secure network tunnel
UPSTREAM: timekeeping: Boot should be boottime for coarse ns accessor
UPSTREAM: timekeeping: Add missing _ns functions for coarse accessors
UPSTREAM: icmp: introduce helper for nat'd source address in network device context
UPSTREAM: crypto: poly1305-x86_64 - Use XORL r32,32
UPSTREAM: crypto: curve25519-x86_64 - Use XORL r32,32
UPSTREAM: crypto: arm/poly1305 - Add prototype for poly1305_blocks_neon
UPSTREAM: crypto: arm/curve25519 - include <linux/scatterlist.h>
UPSTREAM: crypto: x86/curve25519 - Remove unused carry variables
UPSTREAM: crypto: x86/chacha-sse3 - use unaligned loads for state array
UPSTREAM: crypto: lib/chacha20poly1305 - Add missing function declaration
UPSTREAM: crypto: arch/lib - limit simd usage to 4k chunks
UPSTREAM: crypto: arm[64]/poly1305 - add artifact to .gitignore files
UPSTREAM: crypto: x86/curve25519 - leave r12 as spare register
UPSTREAM: crypto: x86/curve25519 - replace with formally verified implementation
UPSTREAM: crypto: arm64/chacha - correctly walk through blocks
UPSTREAM: crypto: x86/curve25519 - support assemblers with no adx support
UPSTREAM: crypto: chacha20poly1305 - prevent integer overflow on large input
UPSTREAM: crypto: Kconfig - allow tests to be disabled when manager is disabled
UPSTREAM: crypto: arm/chacha - fix build failured when kernel mode NEON is disabled
UPSTREAM: crypto: x86/poly1305 - emit does base conversion itself
UPSTREAM: crypto: chacha20poly1305 - add back missing test vectors and test chunking
UPSTREAM: crypto: x86/poly1305 - fix .gitignore typo
UPSTREAM: crypto: curve25519 - Fix selftest build error
UPSTREAM: crypto: {arm,arm64,mips}/poly1305 - remove redundant non-reduction from emit
UPSTREAM: crypto: x86/poly1305 - wire up faster implementations for kernel
UPSTREAM: crypto: x86/poly1305 - import unmodified cryptogams implementation
UPSTREAM: crypto: poly1305 - add new 32 and 64-bit generic versions
UPSTREAM: crypto: lib/curve25519 - re-add selftests
UPSTREAM: crypto: arm/curve25519 - add arch-specific key generation function
UPSTREAM: crypto: chacha - fix warning message in header file
UPSTREAM: crypto: arch - conditionalize crypto api in arch glue for lib code
UPSTREAM: crypto: lib/chacha20poly1305 - use chacha20_crypt()
UPSTREAM: crypto: x86/chacha - only unregister algorithms if registered
UPSTREAM: crypto: chacha_generic - remove unnecessary setkey() functions
UPSTREAM: crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine
UPSTREAM: crypto: chacha20poly1305 - import construction and selftest from Zinc
UPSTREAM: crypto: arm/curve25519 - wire up NEON implementation
UPSTREAM: crypto: arm/curve25519 - import Bernstein and Schwabe's Curve25519 ARM implementation
UPSTREAM: crypto: curve25519 - x86_64 library and KPP implementations
UPSTREAM: crypto: lib/curve25519 - work around Clang stack spilling issue
UPSTREAM: crypto: curve25519 - implement generic KPP driver
UPSTREAM: crypto: curve25519 - add kpp selftest
UPSTREAM: crypto: curve25519 - generic C library implementations
UPSTREAM: crypto: blake2s - x86_64 SIMD implementation
UPSTREAM: crypto: blake2s - implement generic shash driver
UPSTREAM: crypto: testmgr - add test cases for Blake2s
UPSTREAM: crypto: blake2s - generic C library implementation and selftest
UPSTREAM: crypto: mips/poly1305 - incorporate OpenSSL/CRYPTOGAMS optimized implementation
UPSTREAM: crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation
UPSTREAM: crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation
UPSTREAM: crypto: x86/poly1305 - expose existing driver as poly1305 library
UPSTREAM: crypto: x86/poly1305 - depend on generic library not generic shash
UPSTREAM: crypto: poly1305 - expose init/update/final library interface
UPSTREAM: crypto: x86/poly1305 - unify Poly1305 state struct with generic code
UPSTREAM: crypto: poly1305 - move core routines into a separate library
UPSTREAM: crypto: chacha - unexport chacha_generic routines
UPSTREAM: crypto: mips/chacha - wire up accelerated 32r2 code from Zinc
UPSTREAM: crypto: mips/chacha - import 32r2 ChaCha code from Zinc
UPSTREAM: crypto: arm/chacha - expose ARM ChaCha routine as library function
UPSTREAM: crypto: arm/chacha - remove dependency on generic ChaCha driver
UPSTREAM: crypto: arm/chacha - import Eric Biggers's scalar accelerated ChaCha code
UPSTREAM: crypto: arm64/chacha - expose arm64 ChaCha routine as library function
UPSTREAM: crypto: arm64/chacha - depend on generic chacha library instead of crypto driver
UPSTREAM: crypto: arm64/chacha - use combined SIMD/ALU routine for more speed
UPSTREAM: crypto: arm64/chacha - optimize for arbitrary length inputs
UPSTREAM: crypto: x86/chacha - expose SIMD ChaCha routine as library function
UPSTREAM: crypto: x86/chacha - depend on generic chacha library instead of crypto driver
UPSTREAM: crypto: chacha - move existing library code into lib/crypto
UPSTREAM: crypto: lib - tidy up lib/crypto Kconfig and Makefile
UPSTREAM: crypto: chacha - constify ctx and iv arguments
UPSTREAM: crypto: x86/poly1305 - Clear key material from stack in SSE2 variant
UPSTREAM: crypto: xchacha20 - fix comments for test vectors
UPSTREAM: crypto: xchacha - add test vector from XChaCha20 draft RFC
UPSTREAM: crypto: arm64/chacha - add XChaCha12 support
UPSTREAM: crypto: arm64/chacha20 - refactor to allow varying number of rounds
UPSTREAM: crypto: arm64/chacha20 - add XChaCha20 support
UPSTREAM: crypto: x86/chacha - avoid sleeping under kernel_fpu_begin()
UPSTREAM: crypto: x86/chacha - yield the FPU occasionally
UPSTREAM: crypto: x86/chacha - add XChaCha12 support
UPSTREAM: crypto: x86/chacha20 - refactor to allow varying number of rounds
UPSTREAM: crypto: x86/chacha20 - add XChaCha20 support
UPSTREAM: crypto: x86/chacha20 - Add a 4-block AVX-512VL variant
UPSTREAM: crypto: x86/chacha20 - Add a 2-block AVX-512VL variant
UPSTREAM: crypto: x86/chacha20 - Add a 8-block AVX-512VL variant
UPSTREAM: crypto: x86/chacha20 - Add a 4-block AVX2 variant
UPSTREAM: crypto: x86/chacha20 - Add a 2-block AVX2 variant
UPSTREAM: crypto: x86/chacha20 - Use larger block functions more aggressively
UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 8-block AVX2 variant
UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 4-block SSSE3 variant
UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 1-block SSSE3 variant
ANDROID: GKI: Enable CONFIG_USB_ANNOUNCE_NEW_DEVICES
ANDROID: GKI: Enable CONFIG_X86_X2APIC
ANDROID: move builds to use gas prebuilts
UPSTREAM: binder: fix UAF when releasing todo list
Conflicts:
crypto/algif_aead.c
drivers/rpmsg/qcom_glink_native.c
drivers/scsi/ufs/ufs-qcom.c
drivers/slimbus/qcom-ngd-ctrl.c
fs/notify/inotify/inotify_user.c
include/linux/dcache.h
include/linux/fsnotify.h
mm/oom_kill.c
Fixed build errors:
fs/fuse/dir.c
Change-Id: I95bdbb1b183fa2c569023f18e09799d9cb96fc9f
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
[ Upstream commit eadd1befdd778a1eca57fad058782bd22b4db804 ]
Currently it is possible to craft a special netlink RTM_NEWQDISC
command that can result in jitter being equal to 0x80000000. It is
enough to set the 32 bit jitter to 0x02000000 (it will later be
multiplied by 2^6) or just set the 64 bit jitter via
TCA_NETEM_JITTER64. This causes an overflow during the generation of
uniformly distributed numbers in tabledist(), which in turn leads to
division by zero (sigma != 0, but sigma * 2 is 0).
The related fragment of code needs 32-bit division - see commit
9b0ed89 ("netem: remove unnecessary 64 bit modulus"), so switching to
64 bit is not an option.
Fix the issue by keeping the value of jitter within the range that can
be adequately handled by tabledist() - [0;INT_MAX]. As negative std
deviation makes no sense, take the absolute value of the passed value
and cap it at INT_MAX. Inside tabledist(), switch to unsigned 32 bit
arithmetic in order to prevent overflows.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Aleksandr Nogikh <nogikh@google.com>
Reported-by: syzbot+ec762a6342ad0d3c0d8f@syzkaller.appspotmail.com
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
Link: https://lore.kernel.org/r/20201028170731.1383332-1-aleksandrnogikh@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit a7a12b5a0f950bc6b9f7153390634ea798738db9 ]
the following command
# tc action add action tunnel_key \
> set src_ip 2001:db8::1 dst_ip 2001:db8::2 id 10 erspan_opts 1:6789:0:0
generates the following splat:
BUG: KASAN: slab-out-of-bounds in tunnel_key_copy_opts+0xcc9/0x1010 [act_tunnel_key]
Write of size 4 at addr ffff88813f5f1cc8 by task tc/873
CPU: 2 PID: 873 Comm: tc Not tainted 5.9.0+ #282
Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014
Call Trace:
dump_stack+0x99/0xcb
print_address_description.constprop.7+0x1e/0x230
kasan_report.cold.13+0x37/0x7c
tunnel_key_copy_opts+0xcc9/0x1010 [act_tunnel_key]
tunnel_key_init+0x160c/0x1f40 [act_tunnel_key]
tcf_action_init_1+0x5b5/0x850
tcf_action_init+0x15d/0x370
tcf_action_add+0xd9/0x2f0
tc_ctl_action+0x29b/0x3a0
rtnetlink_rcv_msg+0x341/0x8d0
netlink_rcv_skb+0x120/0x380
netlink_unicast+0x439/0x630
netlink_sendmsg+0x719/0xbf0
sock_sendmsg+0xe2/0x110
____sys_sendmsg+0x5ba/0x890
___sys_sendmsg+0xe9/0x160
__sys_sendmsg+0xd3/0x170
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f872a96b338
Code: 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 25 43 2c 00 8b 00 85 c0 75 17 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 41 89 d4 55
RSP: 002b:00007ffffe367518 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000005f8f5aed RCX: 00007f872a96b338
RDX: 0000000000000000 RSI: 00007ffffe367580 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000000001c
R10: 000000000000000b R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000686760 R14: 0000000000000601 R15: 0000000000000000
Allocated by task 873:
kasan_save_stack+0x19/0x40
__kasan_kmalloc.constprop.7+0xc1/0xd0
__kmalloc+0x151/0x310
metadata_dst_alloc+0x20/0x40
tunnel_key_init+0xfff/0x1f40 [act_tunnel_key]
tcf_action_init_1+0x5b5/0x850
tcf_action_init+0x15d/0x370
tcf_action_add+0xd9/0x2f0
tc_ctl_action+0x29b/0x3a0
rtnetlink_rcv_msg+0x341/0x8d0
netlink_rcv_skb+0x120/0x380
netlink_unicast+0x439/0x630
netlink_sendmsg+0x719/0xbf0
sock_sendmsg+0xe2/0x110
____sys_sendmsg+0x5ba/0x890
___sys_sendmsg+0xe9/0x160
__sys_sendmsg+0xd3/0x170
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The buggy address belongs to the object at ffff88813f5f1c00
which belongs to the cache kmalloc-256 of size 256
The buggy address is located 200 bytes inside of
256-byte region [ffff88813f5f1c00, ffff88813f5f1d00)
The buggy address belongs to the page:
page:0000000011b48a19 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13f5f0
head:0000000011b48a19 order:1 compound_mapcount:0
flags: 0x17ffffc0010200(slab|head)
raw: 0017ffffc0010200 0000000000000000 0000000d00000001 ffff888107c43400
raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88813f5f1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88813f5f1c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88813f5f1c80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
^
ffff88813f5f1d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88813f5f1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
using IPv6 tunnels, act_tunnel_key allocates a fixed amount of memory for
the tunnel metadata, but then it expects additional bytes to store tunnel
specific metadata with tunnel_key_copy_opts().
Fix the arguments of __ipv6_tun_set_dst(), so that 'md_size' contains the
size previously computed by tunnel_key_get_opts_len(), like it's done for
IPv4 tunnels.
Fixes: 0ed5269f9e ("net/sched: add tunnel option support to act_tunnel_key")
Reported-by: Shuang Li <shuali@redhat.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Link: https://lore.kernel.org/r/36ebe969f6d13ff59912d6464a4356fe6f103766.1603231100.git.dcaratti@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-9ce79d9:
Linux 4.19.149
KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch
ata: sata_mv, avoid trigerrable BUG_ON
ata: make qc_prep return ata_completion_errors
ata: define AC_ERR_OK
kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE
s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl
mm, THP, swap: fix allocating cluster for swapfile by mistake
kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
s390/dasd: Fix zero write for FBA devices
tracing: fix double free
KVM: SVM: Add a dedicated INVD intercept routine
KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE
MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
regmap: fix page selection for noinc reads
ALSA: asihpi: fix iounmap in error handler
bpf: Fix a rcu warning for bpffs map pretty-print
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
batman-adv: Add missing include for in_interrupt()
drm/sun4i: sun8i-csc: Secondary CSC register correction
net: qed: RDMA personality shouldn't fail VF load
drm/vc4/vc4_hdmi: fill ASoC card owner
bpf: Fix clobbering of r2 in bpf_gen_ld_abs
mac802154: tx: fix use-after-free
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
atm: eni: fix the missed pci_disable_device() for eni_init_one()
batman-adv: bla: fix type misuse for backbone_gw hash indexing
mwifiex: Increase AES key storage size to 256 bits
clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init()
ieee802154/adf7242: check status of adf7242_read_reg
ieee802154: fix one possible memleak in ca8210_dev_com_init
objtool: Fix noreturn detection for ignored functions
i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices()
drm/amdkfd: fix a memory leak issue
lockdep: fix order in trace_hardirqs_off_caller()
s390/init: add missing __init annotations
RISC-V: Take text_mutex in ftrace_init_nop()
ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1
ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions
ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
nvme: explicitly update mpath disk capacity on revalidation
net: openvswitch: use div_u64() for 64-by-32 divisions
perf parse-events: Use strcmp() to compare the PMU name
ubi: fastmap: Free unused fastmap anchor peb during detach
btrfs: qgroup: fix data leak caused by race between writeback and truncate
vfio/pci: fix racy on error and request eventfd ctx
selftests/x86/syscall_nt: Clear weird flags after each test
scsi: libfc: Skip additional kref updating work event
scsi: libfc: Handling of extra kref
nvme: fix possible deadlock when I/O is blocked
cifs: Fix double add page to memcg when cifs_readpages
vfio/pci: Clear error and request eventfd ctx after releasing
x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
mtd: parser: cmdline: Support MTD names containing one or more colons
rapidio: avoid data race between file operation callbacks and mport_cdev_add().
mm/swap_state: fix a data race in swapin_nr_pages
ceph: fix potential race in ceph_check_caps
PCI: tegra: Fix runtime PM imbalance on error
mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
wlcore: fix runtime pm imbalance in wlcore_regdomain_config
wlcore: fix runtime pm imbalance in wl1271_tx_work
ASoC: img-i2s-out: Fix runtime PM imbalance on error
perf kcore_copy: Fix module map when there are no modules loaded
perf metricgroup: Free metric_events on error
perf util: Fix memory leak of prefix_if_not_in
perf stat: Fix duration_time value for higher intervals
perf trace: Fix the selection for architectures to generate the errno name tables
perf evsel: Fix 2 memory leaks
vfio/pci: fix memory leaks of eventfd ctx
btrfs: don't force read-only after error in drop snapshot
usb: dwc3: Increase timeout for CmdAct cleared by device controller
printk: handle blank console arguments passed in.
drm/nouveau/dispnv50: fix runtime pm imbalance on error
drm/nouveau: fix runtime pm imbalance on error
drm/nouveau/debugfs: fix runtime pm imbalance on error
e1000: Do not perform reset in reset_task if we are already down
arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register
scsi: cxlflash: Fix error return code in cxlflash_probe()
USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
fuse: don't check refcount after stealing page
powerpc/traps: Make unrecoverable NMIs die instead of panic
ALSA: hda: Fix potential race in unsol event handler
tty: serial: samsung: Correct clock selection logic
tipc: fix memory leak in service subscripting
USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
phy: samsung: s5pv210-usb2: Add delay after reset
power: supply: max17040: Correct voltage reading
perf mem2node: Avoid double free related to realloc
atm: fix a memory leak of vcc->user_back
dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion
arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]
sparc64: vcc: Fix error return code in vcc_probe()
staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
scsi: aacraid: Fix error handling paths in aac_probe_one()
net: openvswitch: use u64 for meter bucket
KVM: arm64: vgic-its: Fix memory leak on the error path of vgic_add_lpi()
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
bdev: Reduce time holding bd_mutex in sync in blkdev_close()
KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
serial: uartps: Wait for tx_empty in console setup
scsi: qedi: Fix termination timeouts in session logout
mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
nvmet-rdma: fix double free of rdma queue
mm/vmscan.c: fix data races using kswapd_classzone_idx
mm/filemap.c: clear page error before actual read
mm/kmemleak.c: use address-of operator on section symbols
NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests()
PCI: pciehp: Fix MSI interrupt race
ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor
ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
PCI: Use ioremap(), not phys_to_virt() for platform ROM
svcrdma: Fix leak of transport addresses
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
scsi: hpsa: correct race condition in offload enabled
RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
nvme: Fix controller creation races with teardown flow
nvme-multipath: do not reset on unknown status
tools: gpio-hammer: Avoid potential overflow in main
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
perf cpumap: Fix snprintf overflow check
serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
serial: 8250_omap: Fix sleeping function called from invalid context during probe
serial: 8250_port: Don't service RX FIFO if throttled
perf parse-events: Fix 3 use after frees found with clang ASAN
thermal: rcar_thermal: Handle probe error gracefully
tracing: Use address-of operator on section symbols
drm/msm/a5xx: Always set an OPP supported hardware value
drm/msm: fix leaks if initialization fails
KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like the valid ones
RDMA/cm: Remove a race freeing timewait_info
nfsd: Don't add locks to closed or closing open stateids
rtc: ds1374: fix possible race condition
rtc: sa1100: fix possible race condition
tpm: ibmvtpm: Wait for buffer to be set before proceeding
ext4: mark block bitmap corrupted when found instead of BUGON
xfs: mark dir corrupt when lookup-by-hash fails
xfs: don't ever return a stale pointer from __xfs_dir3_free_read
media: tda10071: fix unsigned sign extension overflow
Bluetooth: L2CAP: handle l2cap config request during open state
scsi: aacraid: Disabling TM path and only processing IOP reset
ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read
drm/amd/display: Stop if retimer is not available
drm/amdgpu: increase atombios cmd timeout
mm: avoid data corruption on CoW fault into PFN-mapped VMA
perf jevents: Fix leak of mapfile memory
ext4: fix a data race at inode->i_disksize
timekeeping: Prevent 32bit truncation in scale64_check_overflow()
Bluetooth: guard against controllers sending zero'd events
media: go7007: Fix URB type for interrupt handling
bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal
random: fix data races at timer_rand_state
firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp
drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic
dmaengine: tegra-apb: Prevent race conditions on channel's freeing
dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all
bpf: Remove recursion prevention from rcu free callback
x86/pkeys: Add check for pkey "overflow"
media: staging/imx: Missing assignment in imx_media_capture_device_register()
dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all
KVM: x86: fix incorrect comparison in trace event
RDMA/rxe: Fix configuration of atomic queue pair attributes
perf test: Fix test trace+probe_vfs_getname.sh on s390
ALSA: usb-audio: Don't create a mixer element with bogus volume range
mt76: clear skb pointers from rx aggregation reorder buffer during cleanup
crypto: chelsio - This fixes the kernel panic which occurs during a libkcapi test
clk: stratix10: use do_div() for 64-bit calculation
drm/omap: fix possible object reference leak
scsi: lpfc: Fix coverity errors in fmdi attribute handling
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
selinux: sel_avc_get_stat_idx should increase position index
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
skbuff: fix a data race in skb_queue_len()
ALSA: hda: Clear RIRB status before reading WP
KVM: fix overflow of zero page refcount with ksm running
Bluetooth: prefetch channel before killing sock
mm: pagewalk: fix termination condition in walk_pte_range()
mm/swapfile.c: swap_next should increase position index
Bluetooth: Fix refcount use-after-free issue
tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility
selftests/ftrace: fix glob selftest
ceph: ensure we have a new cap before continuing in fill_inode
ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
ARM: 8948/1: Prevent OOB access in stacktrace
tracing: Set kernel_stack's caller size properly
Bluetooth: btrtl: Use kvmalloc for FW allocations
powerpc/eeh: Only dump stack once if an MMIO loop is detected
s390/cpum_sf: Use kzalloc and minor changes
dmaengine: zynqmp_dma: fix burst length configuration
scsi: ufs: Fix a race condition in the tracing code
scsi: ufs: Make ufshcd_add_command_trace() easier to read
ACPI: EC: Reference count query handlers under lock
sctp: move trace_sctp_probe_path into sctp_outq_sack
media: ti-vpe: cal: Restrict DMA to avoid memory corruption
seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
ipv6_route_seq_next should increase position index
rt_cpu_seq_next should increase position index
neigh_stat_seq_next() should increase position index
xfs: fix log reservation overflows when allocating large rt extents
KVM: arm/arm64: vgic: Fix potential double free dist->spis in __kvm_vgic_destroy()
kernel/sys.c: avoid copying possible padding bytes in copy_to_user
ASoC: max98090: remove msleep in PLL unlocked workaround
CIFS: Properly process SMB3 lease breaks
debugfs: Fix !DEBUG_FS debugfs_create_automount
scsi: pm80xx: Cleanup command when a reset times out
gfs2: clean up iopen glock mess in gfs2_create_inode
mmc: core: Fix size overflow for mmc partitions
ubi: Fix producing anchor PEBs
RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
xfs: fix attr leaf header freemap.size underflow
fix dget_parent() fastpath race
RDMA/i40iw: Fix potential use after free
RDMA/qedr: Fix potential use after free
dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
tracing: Adding NULL checks for trace_array descriptor pointer
tpm_crb: fix fTPM on AMD Zen+ CPUs
drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table
mfd: mfd-core: Protect against NULL call-back function pointer
mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table
clk/ti/adpll: allocate room for terminating null
net: silence data-races on sk_backlog.tail
scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce
scsi: fnic: fix use after free
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
leds: mlxreg: Fix possible buffer overflow
lib/string.c: implement stpcpy
ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520
ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
ALSA: usb-audio: Add delay quirk for H570e USB headsets
x86/ioapic: Unbreak check_timer()
arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
media: smiapp: Fix error handling at NVM reading
ASoC: kirkwood: fix IRQ error handling
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
m68k: q40: Fix info-leak in rtc_ioctl
scsi: aacraid: fix illegal IO beyond last LBA
mm: fix double page fault on arm64 if PTE_AF is cleared
ath10k: fix memory leak for tpc_stats_final
ath10k: fix array out-of-bounds access
dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling)
media: mc-device.c: fix memleak in media_device_register_entity
selinux: allow labeling before policy is loaded
ANDROID: GKI: prevent removal of monitored symbols
ANDROID: Refresh ABI.xmls with libabigail 1.8.0-98bbf30d
Linux 4.19.148
serial: 8250: Avoid error message on reprobe
tcp_bbr: adapt cwnd based on ack aggregation estimation
tcp_bbr: refactor bbr_target_cwnd() for general inflight provisioning
mm: memcg: fix memcg reclaim soft lockup
kbuild: support LLVM=1 to switch the default tools to Clang/LLVM
kbuild: replace AS=clang with LLVM_IAS=1
kbuild: remove AS variable
x86/boot: kbuild: allow readelf executable to be specified
net: wan: wanxl: use $(M68KCC) instead of $(M68KAS) for rebuilding firmware
net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding firmware
Documentation/llvm: fix the name of llvm-size
Documentation/llvm: add documentation on building w/ Clang/LLVM
kbuild: add OBJSIZE variable for the size tool
MAINTAINERS: add CLANG/LLVM BUILD SUPPORT info
ipv4: Update exception handling for multipath routes via same device
net: add __must_check to skb_put_padto()
net: qrtr: check skb_put_padto() return value
net: phy: Avoid NPD upon phy_detach() when driver is unbound
bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
bnxt_en: return proper error codes in bnxt_show_temp
tipc: use skb_unshare() instead in tipc_buf_append()
tipc: fix shutdown() of connection oriented socket
tipc: Fix memory leak in tipc_group_create_member()
nfp: use correct define to return NONE fec
net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc
net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
net: dsa: rtl8366: Properly clear member config
net: DCB: Validate DCB_ATTR_DCB_BUFFER argument
ipv6: avoid lockdep issue in fib6_del()
ip: fix tos reflection in ack and reset packets
hdlc_ppp: add range checks in ppp_cp_parse_cr()
geneve: add transport ports in route lookup for geneve
cxgb4: Fix offset when clearing filter byte counters
mm/thp: fix __split_huge_pmd_locked() for migration PMD
kprobes: fix kill kprobe which has been marked as gone
KVM: fix memory leak in kvm_io_bus_unregister_dev()
af_key: pfkey_dump needs parameter validation
ANDROID: drop KERNEL_DIR setting in build.config.common
Linux 4.19.147
x86/defconfig: Enable CONFIG_USB_XHCI_HCD=y
powerpc/dma: Fix dma_map_ops::get_required_mask
ehci-hcd: Move include to keep CRC stable
x86/boot/compressed: Disable relocation relaxation
serial: 8250_pci: Add Realtek 816a and 816b
Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
Input: trackpoint - add new trackpoint variant IDs
percpu: fix first chunk size calculation for populated bitmap
Revert "ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO"
i2c: i801: Fix resume bug
usblp: fix race between disconnect() and read()
USB: UAS: fix disconnect by unplugging a hub
USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook
drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata()
drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail
MIPS: SNI: Fix spurious interrupts
fbcon: Fix user font detection test at fbcon_resize().
perf test: Free formats for perf pmu parse test
MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
perf test: Fix the "signal" test inline assembly
Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload
ASoC: qcom: Set card->owner to avoid warnings
clk: rockchip: Fix initialization of mux_pll_src_4plls_p
clk: davinci: Use the correct size when allocating memory
KVM: MIPS: Change the definition of kvm type
spi: Fix memory leak on splited transfers
i2c: algo: pca: Reapply i2c bus settings after reset
f2fs: Return EOF on unaligned end of file DIO read
f2fs: fix indefinite loop scanning for free nid
nvme-rdma: cancel async events before freeing event struct
nvme-fc: cancel async events before freeing event struct
openrisc: Fix cache API compile issue when not inlining
rapidio: Replace 'select' DMAENGINES 'with depends on'
SUNRPC: stop printk reading past end of string
NFS: Zero-stateid SETATTR should first return delegation
spi: spi-loopback-test: Fix out-of-bounds read
regulator: pwm: Fix machine constraints application
scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery
scsi: libfc: Fix for double free()
scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall
hv_netvsc: Remove "unlikely" from netvsc_select_queue
net: handle the return value of pskb_carve_frag_list() correctly
RDMA/bnxt_re: Restrict the max_gids to 256
gfs2: initialize transaction tr_ailX_lists earlier
scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up
scsi: qla2xxx: Move rport registration out of internal work_list
scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed
dsa: Allow forwarding of redirected IGMP traffic
ANDROID: Refresh ABI.xmls with libabigail 1.8.0-1dca710a
ANDROID: KMI symbol lists: migrate section name
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/sound/wm8994.txt
Makefile
drivers/scsi/ufs/ufshcd.c
drivers/usb/dwc3/gadget.c
mm/memory.c
net/qrtr/qrtr.c
Change-Id: I51d2167f5b2aca5ff0e50a5399d6c13b7a9a7e64
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-204dd19:
UPSTREAM: driver core: Avoid deferred probe due to fw_devlink_pause/resume()
UPSTREAM: driver core: Rename dev_links_info.defer_sync to defer_hook
UPSTREAM: driver core: Don't do deferred probe in parallel with kernel_init thread
Restore sdcardfs feature
Revert rpmh and usb changes
Linux 4.19.136
regmap: debugfs: check count when read regmap file
rtnetlink: Fix memory(net_device) leak when ->newlink fails
udp: Improve load balancing for SO_REUSEPORT.
udp: Copy has_conns in reuseport_grow().
sctp: shrink stream outq when fails to do addstream reconf
sctp: shrink stream outq only when new outcnt < old outcnt
AX.25: Prevent integer overflows in connect and sendmsg
tcp: allow at most one TLP probe per flight
rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
qrtr: orphan socket in qrtr_release()
net: udp: Fix wrong clean up for IS_UDPLITE macro
net-sysfs: add a newline when printing 'tx_timeout' by sysfs
ip6_gre: fix null-ptr-deref in ip6gre_init_net()
drivers/net/wan/x25_asy: Fix to make it work
dev: Defer free of skbs in flush_backlog
AX.25: Prevent out-of-bounds read in ax25_sendmsg()
AX.25: Fix out-of-bounds read in ax25_connect()
Linux 4.19.135
ath9k: Fix regression with Atheros 9271
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
dm integrity: fix integrity recalculation that is improperly skipped
ASoC: qcom: Drop HAS_DMA dependency to fix link failure
ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10
x86, vmlinux.lds: Page-align end of ..page_aligned sections
parisc: Add atomic64_set_release() define to avoid CPU soft lockups
drm/amd/powerplay: fix a crash when overclocking Vega M
drm/amdgpu: Fix NULL dereference in dpm sysfs handlers
io-mapping: indicate mapping failure
mm: memcg/slab: fix memory leak at non-root kmem_cache destroy
mm: memcg/slab: synchronize access to kmem_cache dying flag using a spinlock
mm/memcg: fix refcount error while moving and swapping
Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
vt: Reject zero-sized screen buffer size.
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
serial: 8250_mtk: Fix high-speed baud rates clamping
serial: 8250: fix null-ptr-deref in serial8250_start_tx()
staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
staging: wlan-ng: properly check endpoint types
Revert "cifs: Fix the target file was deleted when rename failed."
usb: xhci: Fix ASM2142/ASM3142 DMA addressing
usb: xhci-mtk: fix the failure of bandwidth allocation
binder: Don't use mmput() from shrinker function.
RISC-V: Upgrade smp_mb__after_spinlock() to iorw,iorw
x86: math-emu: Fix up 'cmp' insn for clang ias
arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe()
hwmon: (adm1275) Make sure we are reading enough data for different chips
usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
dmaengine: ioat setting ioat timeout as module parameter
hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow
regmap: dev_get_regmap_match(): fix string comparison
spi: mediatek: use correct SPI_CFG2_REG MACRO
Input: add `SW_MACHINE_COVER`
dmaengine: tegra210-adma: Fix runtime PM imbalance on error
HID: apple: Disable Fn-key key-re-mapping on clone keyboards
HID: steam: fixes race in handling device list.
HID: alps: support devices with report id 2
HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
scripts/gdb: fix lx-symbols 'gdb.error' while loading modules
scripts/decode_stacktrace: strip basepath from all paths
serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
bonding: check return value of register_netdevice() in bond_newlink()
i2c: rcar: always clear ICSAR to avoid side effects
net: ethernet: ave: Fix error returns in ave_init
ipvs: fix the connection sync failed in some cases
qed: suppress "don't support RoCE & iWARP" flooding on HW init
mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
bonding: check error value of register_netdevice() immediately
net: smc91x: Fix possible memory leak in smc_drv_probe()
drm: sun4i: hdmi: Fix inverted HPD result
ieee802154: fix one possible memleak in adf7242_probe
net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration
ax88172a: fix ax88172a_unbind() failures
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path
fpga: dfl: fix bug in port reset handshake
bnxt_en: Fix race when modifying pause settings.
btrfs: fix page leaks after failure to lock page for delalloc
btrfs: fix mount failure caused by race with umount
btrfs: fix double free on ulist after backref resolution failure
ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression
IB/umem: fix reference count leak in ib_umem_odp_get()
tipc: clean up skb list lock handling on send path
spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion")
irqdomain/treewide: Keep firmware node unconditionally allocated
fuse: fix weird page warning
drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups()
drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
net: sky2: initialize return of gm_phy_read
drivers/net/wan/lapbether: Fixed the value of hard_header_len
xtensa: update *pos in cpuinfo_op.next
xtensa: fix __sync_fetch_and_{and,or}_4 declarations
scsi: scsi_transport_spi: Fix function pointer check
mac80211: allow rx of mesh eapol frames with default rx key
pinctrl: amd: fix npins for uart0 in kerncz_groups
gpio: arizona: put pm_runtime in case of failure
gpio: arizona: handle pm_runtime_get_sync failure case
soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner
ANDROID: build: update ABI definitions
ANDROID: update the kernel release format for GKI
ANDROID: Incremental fs: magic number compatible 32-bit
ANDROID: kbuild: don't merge .*..compoundliteral in modules
ANDROID: GKI: preserve ABI for struct sock_cgroup_data
Revert "genetlink: remove genl_bind"
Revert "arm64/alternatives: use subsections for replacement sequences"
Linux 4.19.134
spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH
rxrpc: Fix trace string
libceph: don't omit recovery_deletes in target_copy()
printk: queue wake_up_klogd irq_work only if per-CPU areas are ready
genirq/affinity: Handle affinity setting on inactive interrupts correctly
sched/fair: handle case of task_h_load() returning 0
sched: Fix unreliable rseq cpu_id for new tasks
arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return
arm64: ptrace: Consistently use pseudo-singlestep exceptions
arm64: ptrace: Override SPSR.SS when single-stepping is enabled
thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power
misc: atmel-ssc: lock with mutex instead of spinlock
dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
intel_th: Fix a NULL dereference when hub driver is not loaded
intel_th: pci: Add Emmitsburg PCH support
intel_th: pci: Add Tiger Lake PCH-H support
intel_th: pci: Add Jasper Lake CPU support
powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey
hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
riscv: use 16KB kernel stack on 64-bit
MIPS: Fix build for LTS kernel caused by backporting lpj adjustment
timer: Fix wheel index calculation on last level
timer: Prevent base->clk from moving backward
uio_pdrv_genirq: fix use without device tree and no interrupt
Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
mei: bus: don't clean driver pointer
Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
ovl: fix unneeded call to ovl_change_flags()
ovl: relax WARN_ON() when decoding lower directory file handle
ovl: inode reference leak in ovl_is_inuse true case.
serial: mxs-auart: add missed iounmap() in probe failure and remove
virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
virt: vbox: Fix guest capabilities mask check
virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream
USB: serial: option: add Quectel EG95 LTE modem
USB: serial: option: add GosunCn GM500 series
USB: serial: ch341: add new Product ID for CH340
USB: serial: cypress_m8: enable Simply Automated UPB PIM
USB: serial: iuu_phoenix: fix memory corruption
usb: gadget: function: fix missing spinlock in f_uac1_legacy
usb: chipidea: core: add wakeup support for extcon
usb: dwc2: Fix shutdown callback in platform
USB: c67x00: fix use after free in c67x00_giveback_urb
ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534
ALSA: hda/realtek - change to suitable link model for ASUS platform
ALSA: usb-audio: Fix race against the error recovery URB submission
ALSA: line6: Sync the pending work cancel at disconnection
ALSA: line6: Perform sanity check for each URB creation
HID: quirks: Ignore Simply Automated UPB PIM
HID: quirks: Always poll Obins Anne Pro 2 keyboard
HID: magicmouse: do not set up autorepeat
slimbus: core: Fix mismatch in of_node_get/put
mtd: rawnand: oxnas: Release all devices in the _remove() path
mtd: rawnand: oxnas: Unregister all devices on error
mtd: rawnand: oxnas: Keep track of registered devices
mtd: rawnand: brcmnand: fix CS0 layout
mtd: rawnand: timings: Fix default tR_max and tCCS_min timings
mtd: rawnand: marvell: Fix probe error path
mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered
soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request
soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS
soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data
soc: qcom: rpmh: Update dirty flag only when data changes
perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
apparmor: ensure that dfa state tables have entries
copy_xstate_to_kernel: Fix typo which caused GDB regression
regmap: debugfs: Don't sleep while atomic for fast_io regmaps
ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
Revert "thermal: mediatek: fix register index error"
staging: comedi: verify array index is correct before using it
usb: gadget: udc: atmel: fix uninitialized read in debug printk
spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
arm64: dts: meson: add missing gxl rng clock
phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked
iio:health:afe4404 Fix timestamp alignment and prevent data leak.
ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S
ACPI: video: Use native backlight on Acer TravelMate 5735Z
Input: mms114 - add extra compatible for mms345l
ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S
ACPI: video: Use native backlight on Acer Aspire 5783z
ALSA: usb-audio: Rewrite registration quirk handling
mmc: sdhci: do not enable card detect interrupt for gpio cd type
doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode
ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp (0951:16d8)
scsi: sr: remove references to BLK_DEV_SR_VENDOR, leave it enabled
ARM: at91: pm: add quirk for sam9x60's ulp1
HID: quirks: Remove ITE 8595 entry from hid_have_special_driver
net: sfp: add some quirks for GPON modules
net: sfp: add support for module quirks
Revert "usb/ehci-platform: Set PM runtime as active on resume"
Revert "usb/xhci-plat: Set PM runtime as active on resume"
Revert "usb/ohci-platform: Fix a warning when hibernating"
of: of_mdio: Correct loop scanning logic
net: dsa: bcm_sf2: Fix node reference count
spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer
spi: fix initial SPI_SR value in spi-fsl-dspi
iio:health:afe4403 Fix timestamp alignment and prevent data leak.
iio:pressure:ms5611 Fix buffer element alignment
iio:humidity:hts221 Fix alignment and data leak issues
iio: pressure: zpa2326: handle pm_runtime_get_sync failure
iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
iio: magnetometer: ak8974: Fix runtime PM imbalance on error
iio:humidity:hdc100x Fix alignment and data leak issues
iio:magnetometer:ak8974: Fix alignment and data leak issues
arm64/alternatives: don't patch up internal branches
i2c: eg20t: Load module automatically if ID matches
gfs2: read-only mounts should grab the sd_freeze_gl glock
tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
arm64/alternatives: use subsections for replacement sequences
m68k: mm: fix node memblock init
m68k: nommu: register start of the memory with memblock
drm/exynos: fix ref count leak in mic_pre_enable
drm/msm: fix potential memleak in error branch
vlan: consolidate VLAN parsing code and limit max parsing depth
sched: consistently handle layer3 header accesses in the presence of VLANs
cgroup: Fix sock_cgroup_data on big-endian.
cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
tcp: md5: allow changing MD5 keys in all socket states
tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
tcp: md5: do not send silly options in SYNCOOKIES
tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
tcp: make sure listeners don't initialize congestion-control state
tcp: fix SO_RCVLOWAT possible hangs under high mem pressure
net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
net_sched: fix a memory leak in atm_tc_init()
net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
llc: make sure applications use ARPHRD_ETHER
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
genetlink: remove genl_bind
net: rmnet: fix lower interface leak
perf: Make perf able to build with latest libbfd
UPSTREAM: media: v4l2-ctrl: Add H264 profile and levels
UPSTREAM: media: v4l2-ctrl: Add control for h.264 chroma qp offset
ANDROID: GKI: ASoC: compress: revert some code to avoid race condition
ANDROID: GKI: Update the ABI xml representation.
ANDROID: GKI: kernel: tick-sched: Add an API for wakeup callbacks
ANDROID: ASoC: Compress: Check and set pcm_new driver op
Revert "ANDROID: GKI: arm64: gki_defconfig: Disable CONFIG_ARM64_TAGGED_ADDR_ABI"
ANDROID: arm64: configs: enabe CONFIG_TMPFS
Revert "ALSA: compress: fix partial_drain completion state"
ANDROID: GKI: enable CONFIG_EXT4_FS_POSIX_ACL.
ANDROID: GKI: set CONFIG_STATIC_USERMODEHELPER_PATH
Linux 4.19.133
s390/mm: fix huge pte soft dirty copying
ARC: elf: use right ELF_ARCH
ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
dm: use noio when sending kobject event
drm/radeon: fix double free
btrfs: fix fatal extent_buffer readahead vs releasepage race
Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok()
kprobes: Do not expose probe addresses to non-CAP_SYSLOG
module: Do not expose section addresses to non-CAP_SYSLOG
module: Refactor section attr into bin attribute
kernel: module: Use struct_size() helper
kallsyms: Refactor kallsyms_show_value() to take cred
KVM: x86: Mark CR4.TSD as being possibly owned by the guest
KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
KVM: x86: bit 8 of non-leaf PDPEs is not reserved
KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART
KVM: arm64: Fix definition of PAGE_HYP_DEVICE
ALSA: usb-audio: add quirk for MacroSilicon MS2109
ALSA: hda - let hs_mic be picked ahead of hp_mic
ALSA: opl3: fix infoleak in opl3
mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
net: macb: mark device wake capable when "magic-packet" property present
bnxt_en: fix NULL dereference in case SR-IOV configuration fails
cxgb4: fix all-mask IP address comparison
nbd: Fix memory leak in nbd_add_socket
arm64: kgdb: Fix single-step exception handling oops
ALSA: compress: fix partial_drain completion state
net: hns3: fix use-after-free when doing self test
smsc95xx: avoid memory leak in smsc95xx_bind
smsc95xx: check return value of smsc95xx_reset
net: cxgb4: fix return error value in t4_prep_fw
drm/mediatek: Check plane visibility in atomic_update
net: qrtr: Fix an out of bounds read qrtr_endpoint_post()
x86/entry: Increase entry_stack size to a full page
nvme-rdma: assign completion vector correctly
block: release bip in a right way in error path
usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work
scsi: mptscsih: Fix read sense data size
ARM: imx6: add missing put_device() call in imx6q_suspend_init()
cifs: update ctime and mtime during truncate
s390/kasan: fix early pgm check handler execution
drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003
drm: panel-orientation-quirks: Add quirk for Asus T101HA panel
i40e: protect ring accesses with READ- and WRITE_ONCE
ixgbe: protect ring accesses with READ- and WRITE_ONCE
spi: spidev: fix a potential use-after-free in spidev_release()
spi: spidev: fix a race between spidev_release and spidev_remove
gpu: host1x: Detach driver on unregister
drm/tegra: hub: Do not enable orphaned window group
ARM: dts: omap4-droid4: Fix spi configuration and increase rate
regmap: fix alignment issue
spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths
spi: spi-fsl-dspi: use IRQF_SHARED mode to request IRQ
spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer
spi: spi-fsl-dspi: Adding shutdown hook
KVM: s390: reduce number of IO pins to 1
ANDROID: GKI: update abi based on padding fields being added
ANDROID: GKI: USB: Gadget: add Android ABI padding to struct usb_gadget
ANDROID: GKI: sound/usb/card.h: add Android ABI padding to struct snd_usb_endpoint
ANDROID: fscrypt: fix DUN contiguity with inline encryption + IV_INO_LBLK_32 policies
ANDROID: f2fs: add back compress inode check
Linux 4.19.132
efi: Make it possible to disable efivar_ssdt entirely
dm zoned: assign max_io_len correctly
irqchip/gic: Atomically update affinity
MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen
cifs: Fix the target file was deleted when rename failed.
SMB3: Honor lease disabling for multiuser mounts
SMB3: Honor persistent/resilient handle flags for multiuser mounts
SMB3: Honor 'seal' flag for multiuser mounts
Revert "ALSA: usb-audio: Improve frames size computation"
nfsd: apply umask on fs without ACL support
i2c: mlxcpld: check correct size of maximum RECV_LEN packet
i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
nvme: fix a crash in nvme_mpath_add_disk
SMB3: Honor 'posix' flag for multiuser mounts
virtio-blk: free vblk-vqs in error path of virtblk_probe()
drm: sun4i: hdmi: Remove extra HPD polling
hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add()
hwmon: (max6697) Make sure the OVERT mask is set correctly
cxgb4: fix SGE queue dump destination buffer context
cxgb4: use correct type for all-mask IP address comparison
cxgb4: parse TC-U32 key values and masks natively
cxgb4: use unaligned conversion for fetching timestamp
drm/msm/dpu: fix error return code in dpu_encoder_init
crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
kgdb: Avoid suspicious RCU usage warning
nvme-multipath: fix deadlock between ana_work and scan_work
nvme-multipath: set bdi capabilities once
s390/debug: avoid kernel warning on too large number of pages
usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
mm/slub: fix stack overruns with SLUB_STATS
mm/slub.c: fix corrupted freechain in deactivate_slab()
usbnet: smsc95xx: Fix use-after-free after removal
EDAC/amd64: Read back the scrub rate PCI register on F15h
mm: fix swap cache node allocation mask
btrfs: fix a block group ref counter leak after failure to remove block group
ANDROID: Update ABI representation for libabigail update
ANDROID: Update the ABI representation
ANDROID: Update the ABI xml representation
ANDROID: GKI: fix ABI diffs caused by GPU heap and pool vmstat additions
ANDROID: sched: consider stune boost margin when computing energy
ANDROID: GKI: move abi files to android/
ANDROID: GKI: drop unneeded "_whitelist" off of symbol filenames
UPSTREAM: binder: fix null deref of proc->context
ANDROID: cpufreq: schedutil: maintain raw cache when next_f is not changed
UPSTREAM: net: bpf: Make bpf_ktime_get_ns() available to non GPL programs
UPSTREAM: usb: musb: mediatek: add reset FADDR to zero in reset interrupt handle
ANDROID: GKI: scripts: Makefile: update the lz4 command (#2)
ANDROID: Update the ABI xml representation
Revert "drm/dsi: Fix byte order of DCS set/get brightness"
Linux 4.19.131
Revert "tty: hvc: Fix data abort due to race in hvc_open"
xfs: add agf freeblocks verify in xfs_agf_verify
dm writecache: add cond_resched to loop in persistent_memory_claim()
dm writecache: correct uncommitted_block when discarding uncommitted entry
NFSv4 fix CLOSE not waiting for direct IO compeletion
pNFS/flexfiles: Fix list corruption if the mirror count changes
SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
sunrpc: fixed rollback in rpc_gssd_dummy_populate()
Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
drm/radeon: fix fb_div check in ni_init_smc_spll_table()
drm: rcar-du: Fix build error
ring-buffer: Zero out time extend if it is nested and not absolute
tracing: Fix event trigger to accept redundant spaces
arm64: perf: Report the PC value in REGS_ABI_32 mode
ocfs2: fix panic on nfs server over ocfs2
ocfs2: fix value of OCFS2_INVALID_SLOT
ocfs2: load global_inode_alloc
ocfs2: avoid inode removal while nfsd is accessing it
mm/slab: use memzero_explicit() in kzfree()
btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
btrfs: fix data block group relocation failure due to concurrent scrub
x86/asm/64: Align start of __clear_user() loop to 16-bytes
KVM: nVMX: Plumb L2 GPA through to PML emulation
KVM: X86: Fix MSR range of APIC registers in X2APIC mode
erofs: fix partially uninitialized misuse in z_erofs_onlinepage_fixup
ACPI: sysfs: Fix pm_profile_attr type
ALSA: hda/realtek - Add quirk for MSI GE63 laptop
ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
RISC-V: Don't allow write+exec only page mapping request in mmap
blktrace: break out of blktrace setup on concurrent calls
kbuild: improve cc-option to clean up all temporary files
arm64: sve: Fix build failure when ARM64_SVE=y and SYSCTL=n
s390/vdso: fix vDSO clock_getres()
s390/ptrace: fix setting syscall number
net: alx: fix race condition in alx_remove
ibmvnic: Harden device login requests
hwrng: ks-sa - Fix runtime PM imbalance on error
riscv/atomic: Fix sign extension for RV64I
drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp()
ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function
sata_rcar: handle pm_runtime_get_sync failure cases
sched/core: Fix PI boosting between RT and DEADLINE tasks
sched/deadline: Initialize ->dl_boosted
i2c: core: check returned size of emulated smbus block read
i2c: fsi: Fix the port number field in status register
net: bcmgenet: use hardware padding of runt frames
netfilter: ipset: fix unaligned atomic access
usb: gadget: udc: Potential Oops in error handling code
ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
cxgb4: move handling L2T ARP failures to caller
net: qed: fix excessive QM ILT lines consumption
net: qed: fix NVMe login fails over VFs
net: qed: fix left elements count calculation
RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
ASoC: rockchip: Fix a reference count leak.
RDMA/cma: Protect bind_list and listen_list while finding matching cm id
RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532
rxrpc: Fix handling of rwind from an ACK packet
ARM: dts: NSP: Correct FA2 mailbox node
regmap: Fix memory leak from regmap_register_patch
x86/resctrl: Fix a NULL vs IS_ERR() static checker warning in rdt_cdp_peer_get()
ARM: dts: Fix duovero smsc interrupt for suspend
ASoC: fsl_ssi: Fix bclk calculation for mono channel
regualtor: pfuze100: correct sw1a/sw2 on pfuze3000
efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
ASoC: q6asm: handle EOS correctly
xfrm: Fix double ESP trailer insertion in IPsec crypto offload.
cifs/smb3: Fix data inconsistent when zero file range
cifs/smb3: Fix data inconsistent when punch hole
IB/mad: Fix use after free when destroying MAD agent
loop: replace kill_bdev with invalidate_bdev
cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
xhci: Return if xHCI doesn't support LPM
xhci: Fix enumeration issue when setting max packet size for FS devices.
xhci: Fix incorrect EP_STATE_MASK
scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action
ALSA: usb-audio: Fix OOB access of mixer element list
ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG)
ALSA: usb-audio: add quirk for Denon DCD-1500RE
usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs
usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
xhci: Poll for U0 after disabling USB2 LPM
usb: host: xhci-mtk: avoid runtime suspend when removing hcd
USB: ehci: reopen solution for Synopsys HC bug
usb: add USB_QUIRK_DELAY_INIT for Logitech C922
usb: dwc2: Postponed gadget registration to the udc class driver
USB: ohci-sm501: Add missed iounmap() in remove
net: core: reduce recursion limit value
net: Do not clear the sock TX queue in sk_set_socket()
net: Fix the arp error in some cases
sch_cake: don't call diffserv parsing code when it is not needed
tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
sch_cake: fix a few style nits
sch_cake: don't try to reallocate or unshare skb unconditionally
ip_tunnel: fix use-after-free in ip_tunnel_lookup()
net: phy: Check harder for errors in get_phy_id()
ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
tcp: grow window for OOO packets only for SACK flows
tcp: don't ignore ECN CWR on pure ACK
sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
rxrpc: Fix notification call on completion of discarded calls
rocker: fix incorrect error handling in dma_rings_init
net: usb: ax88179_178a: fix packet alignment padding
net: increment xmit_recursion level in dev_direct_xmit()
net: use correct this_cpu primitive in dev_recursion_level
net: place xmit recursion in softnet data
net: fix memleak in register_netdevice()
net: bridge: enfore alignment for ethernet address
mld: fix memory leak in ipv6_mc_destroy_dev()
ibmveth: Fix max MTU limit
apparmor: don't try to replace stale label in ptraceme check
ALSA: hda/realtek - Enable micmute LED on and HP system
ALSA: hda/realtek: Enable mute LED on an HP system
ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294
fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()"
i2c: tegra: Fix Maximum transfer size
i2c: tegra: Add missing kerneldoc for some fields
i2c: tegra: Cleanup kerneldoc comments
EDAC/amd64: Add Family 17h Model 30h PCI IDs
net: sched: export __netdev_watchdog_up()
net: bcmgenet: remove HFB_CTRL access
mtd: rawnand: marvell: Fix the condition on a return code
fanotify: fix ignore mask logic for events on child and on dir
block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
net: be more gentle about silly gso requests coming from user
ANDROID: lib/vdso: do not update timespec if clock_getres() fails
Revert "ANDROID: fscrypt: add key removal notifier chain"
ANDROID: update the ABI xml and qcom whitelist
ANDROID: fs: export vfs_{read|write}
ANDROID: GKI: update abi definitions now that sdcardfs is gone
Revert "ANDROID: sdcardfs: Enable modular sdcardfs"
Revert "ANDROID: vfs: Add setattr2 for filesystems with per mount permissions"
Revert "ANDROID: vfs: fix export symbol type"
Revert "ANDROID: vfs: Add permission2 for filesystems with per mount permissions"
Revert "ANDROID: vfs: fix export symbol types"
Revert "ANDROID: vfs: add d_canonical_path for stacked filesystem support"
Revert "ANDROID: fs: Restore vfs_path_lookup() export"
ANDROID: sdcardfs: remove sdcardfs from system
Revert "ALSA: usb-audio: Improve frames size computation"
ANDROID: Makefile: append BUILD_NUMBER to version string when defined
ANDROID: GKI: Update ABI for incremental fs
ANDROID: GKI: Update cuttlefish whitelist
ANDROID: GKI: Disable INCREMENTAL_FS on x86 too
ANDROID: cpufreq: schedutil: drop cache when update skipped due to rate limit
Linux 4.19.130
KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated
kvm: x86: Fix reserved bits related calculation errors caused by MKTME
kvm: x86: Move kvm_set_mmio_spte_mask() from x86.c to mmu.c
md: add feature flag MD_FEATURE_RAID0_LAYOUT
Revert "dpaa_eth: fix usage as DSA master, try 3"
net: core: device_rename: Use rwsem instead of a seqcount
sched/rt, net: Use CONFIG_PREEMPTION.patch
kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
net: octeon: mgmt: Repair filling of RX ring
e1000e: Do not wake up the system via WOL if device wakeup is disabled
kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
crypto: algboss - don't wait during notifier callback
crypto: algif_skcipher - Cap recv SG list at ctx->used
drm/i915/icl+: Fix hotplug interrupt disabling after storm detection
drm/i915: Whitelist context-local timestamp in the gen9 cmdparser
s390: fix syscall_get_error for compat processes
mtd: rawnand: tmio: Fix the probe error path
mtd: rawnand: mtk: Fix the probe error path
mtd: rawnand: plat_nand: Fix the probe error path
mtd: rawnand: socrates: Fix the probe error path
mtd: rawnand: oxnas: Fix the probe error path
mtd: rawnand: oxnas: Add of_node_put()
mtd: rawnand: orion: Fix the probe error path
mtd: rawnand: xway: Fix the probe error path
mtd: rawnand: sharpsl: Fix the probe error path
mtd: rawnand: diskonchip: Fix the probe error path
mtd: rawnand: Pass a nand_chip object to nand_release()
mtd: rawnand: Pass a nand_chip object to nand_scan()
block: nr_sects_write(): Disable preemption on seqcount write
x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld
drm/dp_mst: Increase ACT retry timeout to 3s
ext4: avoid race conditions when remounting with options that change dax
ext4: fix partial cluster initialization when splitting extent
selinux: fix double free
drm/amdgpu: Replace invalid device ID with a valid device ID
drm/qxl: Use correct notify port address when creating cursor ring
drm/dp_mst: Reformat drm_dp_check_act_status() a bit
drm: encoder_slave: fix refcouting error for modules
libata: Use per port sync for detach
arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
block: Fix use-after-free in blkdev_get()
afs: afs_write_end() should change i_size under the right lock
afs: Fix non-setting of mtime when writing into mmap
bcache: fix potential deadlock problem in btree_gc_coalesce
ext4: stop overwrite the errcode in ext4_setup_super
perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events()
usb/ehci-platform: Set PM runtime as active on resume
usb: host: ehci-platform: add a quirk to avoid stuck
usb/xhci-plat: Set PM runtime as active on resume
xdp: Fix xsk_generic_xmit errno
net/filter: Permit reading NET in load_bytes_relative when MAC not set
x86/idt: Keep spurious entries unset in system_vectors
scsi: acornscsi: Fix an error handling path in acornscsi_probe()
drm/sun4i: hdmi ddc clk: Fix size of m divider
ASoC: rt5645: Add platform-data for Asus T101HA
ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet
ASoC: core: only convert non DPCM link to DPCM link
afs: Fix memory leak in afs_put_sysnames()
selftests/net: in timestamping, strncpy needs to preserve null byte
drivers/perf: hisi: Fix wrong value for all counters enable
NTB: ntb_test: Fix bug when counting remote files
NTB: perf: Fix race condition when run with ntb_test
NTB: perf: Fix support for hardware that doesn't have port numbers
NTB: perf: Don't require one more memory window than number of peers
NTB: Revert the change to use the NTB device dev for DMA allocations
NTB: ntb_tool: reading the link file should not end in a NULL byte
ntb_tool: pass correct struct device to dma_alloc_coherent
ntb_perf: pass correct struct device to dma_alloc_coherent
gfs2: fix use-after-free on transaction ail lists
blktrace: fix endianness for blk_log_remap()
blktrace: fix endianness in get_pdu_int()
blktrace: use errno instead of bi_status
selftests/vm/pkeys: fix alloc_random_pkey() to make it really random
elfnote: mark all .note sections SHF_ALLOC
include/linux/bitops.h: avoid clang shift-count-overflow warnings
lib/zlib: remove outdated and incorrect pre-increment optimization
geneve: change from tx_error to tx_dropped on missing metadata
crypto: omap-sham - add proper load balancing support for multicore
pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()'
pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
scsi: ufs: Don't update urgent bkops level when toggling auto bkops
scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
gfs2: Allow lock_nolock mount to specify jid=X
openrisc: Fix issue with argument clobbering for clone/fork
rxrpc: Adjust /proc/net/rxrpc/calls to display call->debug_id not user_ID
vfio/mdev: Fix reference count leak in add_mdev_supported_type
ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
powerpc/4xx: Don't unmap NULL mbase
of: Fix a refcounting bug in __of_attach_node_sysfs()
NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION
net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
clk: sprd: return correct type of value for _sprd_pll_recalc_rate
KVM: PPC: Book3S HV: Ignore kmemleak false positives
scsi: ufs-qcom: Fix scheduling while atomic issue
clk: bcm2835: Fix return type of bcm2835_register_gate
scsi: target: tcmu: Fix a use after free in tcmu_check_expired_queue_cmd()
ASoC: fix incomplete error-handling in img_i2s_in_probe.
x86/apic: Make TSC deadline timer detection message visible
RDMA/iw_cxgb4: cleanup device debugfs entries on ULD remove
usb: gadget: Fix issue with config_ep_by_speed function
usb: gadget: fix potential double-free in m66592_probe.
usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke
usb: dwc2: gadget: move gadget resume after the core is in L0 state
watchdog: da9062: No need to ping manually before setting timeout
IB/cma: Fix ports memory leak in cma_configfs
PCI: dwc: Fix inner MSI IRQ domain registration
PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone
powerpc/64s/pgtable: fix an undefined behaviour
arm64: tegra: Fix ethernet phy-mode for Jetson Xavier
scsi: target: tcmu: Userspace must not complete queued commands
clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
fpga: dfl: afu: Corrected error handling levels
tty: n_gsm: Fix bogus i++ in gsm_data_kick
USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet
drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation
usb/ohci-platform: Fix a warning when hibernating
vfio-pci: Mask cap zero
powerpc/ps3: Fix kexec shutdown hang
powerpc/pseries/ras: Fix FWNMI_VALID off by one
ipmi: use vzalloc instead of kmalloc for user creation
HID: Add quirks for Trust Panora Graphic Tablet
tty: n_gsm: Fix waking up upper tty layer when room available
tty: n_gsm: Fix SOF skipping
powerpc/64: Don't initialise init_task->thread.regs
PCI: Fix pci_register_host_bridge() device_register() error handling
clk: ti: composite: fix memory leak
dlm: remove BUG() before panic()
pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map
scsi: mpt3sas: Fix double free warnings
power: supply: smb347-charger: IRQSTAT_D is volatile
power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()'
scsi: qla2xxx: Fix warning after FC target reset
PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
PCI: rcar: Fix incorrect programming of OB windows
drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish
serial: amba-pl011: Make sure we initialize the port.lock spinlock
i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths
staging: sm750fb: add missing case while setting FB_VISUAL
usb: dwc3: gadget: Properly handle failed kick_transfer
thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR
slimbus: ngd: get drvdata from correct device
tty: hvc: Fix data abort due to race in hvc_open
s390/qdio: put thinint indicator after early error
ALSA: usb-audio: Fix racy list management in output queue
ALSA: usb-audio: Improve frames size computation
staging: gasket: Fix mapping refcnt leak when register/store fails
staging: gasket: Fix mapping refcnt leak when put attribute fails
firmware: qcom_scm: fix bogous abuse of dma-direct internals
pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries
scsi: qedf: Fix crash when MFW calls for protocol stats while function is still probing
gpio: dwapb: Append MODULE_ALIAS for platform driver
ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity
scsi: qedi: Do not flush offload work if ARP not resolved
arm64: dts: mt8173: fix unit name warnings
staging: greybus: fix a missing-check bug in gb_lights_light_config()
x86/purgatory: Disable various profiling and sanitizing options
apparmor: fix nnp subset test for unconfined
scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
scsi: sr: Fix sr_probe() missing deallocate of device minor
ASoC: meson: add missing free_irq() in error path
apparmor: check/put label on apparmor_sk_clone_security()
apparmor: fix introspection of of task mode for unconfined tasks
mksysmap: Fix the mismatch of '.L' symbols in System.map
NTB: Fix the default port and peer numbers for legacy drivers
NTB: ntb_pingpong: Choose doorbells based on port number
yam: fix possible memory leak in yam_init_driver
pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case
powerpc/crashkernel: Take "mem=" option into account
PCI: vmd: Filter resource type bits from shadow register
nfsd: Fix svc_xprt refcnt leak when setup callback client failed
powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run
clk: clk-flexgen: fix clock-critical handling
scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
mfd: wm8994: Fix driver operation if loaded as modules
gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration
m68k/PCI: Fix a memory leak in an error handling path
RDMA/mlx5: Add init2init as a modify command
vfio/pci: fix memory leaks in alloc_perm_bits()
ps3disk: use the default segment boundary
PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register
dm mpath: switch paths in dm_blk_ioctl() code path
serial: 8250: Fix max baud limit in generic 8250 port
usblp: poison URBs upon disconnect
clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical
i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
f2fs: report delalloc reserve as non-free in statfs for project quota
iio: bmp280: fix compensation of humidity
scsi: qla2xxx: Fix issue with adapter's stopping state
PCI: Allow pci_resize_resource() for devices on root bus
ALSA: isa/wavefront: prevent out of bounds write in ioctl
ALSA: hda/realtek - Introduce polarity for micmute LED GPIO
scsi: qedi: Check for buffer overflow in qedi_set_path()
ARM: integrator: Add some Kconfig selections
ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type
backlight: lp855x: Ensure regulators are disabled on probe failure
clk: qcom: msm8916: Fix the address location of pll->config_reg
remoteproc: Fix IDR initialisation in rproc_alloc()
iio: pressure: bmp280: Tolerate IRQ before registering
i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
ASoC: tegra: tegra_wm8903: Support nvidia, headset property
clk: sunxi: Fix incorrect usage of round_down()
power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select
ANDROID: ext4: Optimize match for casefolded encrypted dirs
ANDROID: ext4: Handle casefolding with encryption
ANDROID: extcon: Remove redundant EXPORT_SYMBOL_GPL
ANDROID: update the ABI xml representation
ANDROID: GKI: cfg80211: add ABI changes for CONFIG_NL80211_TESTMODE
ANDROID: gki_defconfig: x86: Enable KERNEL_LZ4
ANDROID: GKI: scripts: Makefile: update the lz4 command
FROMLIST: f2fs: fix use-after-free when accessing bio->bi_crypt_context
UPSTREAM: fdt: Update CRC check for rng-seed
ANDROID: GKI: Update ABI for incremental fs
ANDROID: GKI: Update whitelist and defconfig for incfs
ANDROID: Use depmod from the hermetic toolchain
Linux 4.19.129
perf symbols: Fix debuginfo search for Ubuntu
perf probe: Check address correctness by map instead of _etext
perf probe: Fix to check blacklist address correctly
perf probe: Do not show the skipped events
w1: omap-hdq: cleanup to add missing newline for some dev_dbg
mtd: rawnand: pasemi: Fix the probe error path
mtd: rawnand: brcmnand: fix hamming oob layout
sunrpc: clean up properly in gss_mech_unregister()
sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations.
kbuild: force to build vmlinux if CONFIG_MODVERSION=y
powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
powerpc/64s: Don't let DT CPU features set FSCR_DSCR
drivers/macintosh: Fix memleak in windfarm_pm112 driver
ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries
ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin
ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus
ARM: tegra: Correct PL310 Auxiliary Control Register initialization
kernel/cpu_pm: Fix uninitted local in cpu_pm
alpha: fix memory barriers so that they conform to the specification
dm crypt: avoid truncating the logical block size
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
sparc32: fix register window handling in genregs32_[gs]et()
gnss: sirf: fix error return code in sirf_probe()
pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210
power: vexpress: add suppress_bind_attrs to true
igb: Report speed and duplex as unknown when device is runtime suspended
media: ov5640: fix use of destroyed mutex
b43_legacy: Fix connection problem with WPA3
b43: Fix connection problem with WPA3
b43legacy: Fix case where channel status is corrupted
Bluetooth: hci_bcm: fix freeing not-requested IRQ
media: go7007: fix a miss of snd_card_free
carl9170: remove P2P_GO support
e1000e: Relax condition to trigger reset for ME workaround
e1000e: Disable TSO for buffer overrun workaround
PCI: Program MPS for RCiEP devices
ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()
btrfs: fix wrong file range cleanup after an error filling dealloc range
btrfs: fix error handling when submitting direct I/O bio
PCI: Generalize multi-function power dependency device links
PCI: Unify ACS quirk desired vs provided checking
PCI: Make ACS quirk implementations more uniform
serial: 8250_pci: Move Pericom IDs to pci_ids.h
PCI: Add Loongson vendor ID
x86/amd_nb: Add Family 19h PCI IDs
PCI: vmd: Add device id for VMD device 8086:9A0B
PCI: Add Amazon's Annapurna Labs vendor ID
PCI: Add Genesys Logic, Inc. Vendor ID
ALSA: lx6464es - add support for LX6464ESe pci express variant
x86/amd_nb: Add PCI device IDs for family 17h, model 70h
PCI: mediatek: Add controller support for MT7629
PCI: Enable NVIDIA HDA controllers
PCI: Add NVIDIA GPU multi-function power dependencies
PCI: Add Synopsys endpoint EDDA Device ID
misc: pci_endpoint_test: Add support to test PCI EP in AM654x
misc: pci_endpoint_test: Add the layerscape EP device support
PCI: Move Rohm Vendor ID to generic list
PCI: Move Synopsys HAPS platform device IDs
PCI: add USR vendor id and use it in r8169 and w6692 driver
x86/amd_nb: Add PCI device IDs for family 17h, model 30h
hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs
pci:ipmi: Move IPMI PCI class id defines to pci_ids.h
PCI: Remove unused NFP32xx IDs
PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
PCI: Add ACS quirk for iProc PAXB
PCI: Avoid FLR for AMD Starship USB 3.0
PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect
ext4: fix race between ext4_sync_parent() and rename()
ext4: fix error pointer dereference
ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
evm: Fix possible memory leak in evm_calc_hmac_or_hash()
ima: Directly assign the ima_default_policy pointer to ima_rules
ima: Fix ima digest hash table key calculation
mm: initialize deferred pages with interrupts enabled
mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
btrfs: send: emit file capabilities after chown
btrfs: include non-missing as a qualifier for the latest_bdev
string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type
platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015)
platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
cpuidle: Fix three reference count leaks
spi: dw: Return any value retrieved from the dma_transfer callback
mmc: sdhci-esdhc-imx: fix the mask for tuning start point
ixgbe: fix signed-integer-overflow warning
mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
bcache: fix refcount underflow in bcache_device_free()
MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
PCI: Don't disable decoding when mmio_always_on is set
macvlan: Skip loopback packets in RX handler
btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a new qgroup
m68k: mac: Don't call via_flush_cache() on Mac IIfx
x86/mm: Stop printing BRK addresses
crypto: stm32/crc32 - fix multi-instance
crypto: stm32/crc32 - fix run-time self test issue.
crypto: stm32/crc32 - fix ext4 chksum BUG_ON()
mips: Add udelay lpj numbers adjustment
mips: MAAR: Use more precise address mask
x86/boot: Correct relocation destination on old linkers
mwifiex: Fix memory corruption in dump_station
rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
net/mlx5e: IPoIB, Drop multicast packets that this interface sent
veth: Adjust hard_start offset on redirect XDP frames
md: don't flush workqueue unconditionally in md_open
mt76: avoid rx reorder buffer overflow
net: qed*: Reduce RX and TX default ring count when running inside kdump kernel
wcn36xx: Fix error handling path in 'wcn36xx_probe()'
ath10k: Remove msdu from idr when management pkt send fails
nvme: refine the Qemu Identify CNS quirk
platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types
platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there
platform/x86: intel-vbtn: Split keymap into buttons and switches parts
platform/x86: intel-vbtn: Use acpi_evaluate_integer()
xfs: fix duplicate verification from xfs_qm_dqflush()
xfs: reset buffer write failure state on successful completion
kgdb: Fix spurious true from in_dbg_master()
mips: cm: Fix an invalid error code of INTVN_*_ERR
MIPS: Truncate link address into 32bit for 32bit kernel
Crypto/chcr: fix for ccm(aes) failed test
xfs: clean up the error handling in xfs_swap_extents
powerpc/spufs: fix copy_to_user while atomic
net: allwinner: Fix use correct return type for ndo_start_xmit()
media: cec: silence shift wrapping warning in __cec_s_log_addrs()
net: lpc-enet: fix error return code in lpc_mii_init()
drivers/perf: hisi: Fix typo in events attribute array
sched/core: Fix illegal RCU from offline CPUs
exit: Move preemption fixup up, move blocking operations down
lib/mpi: Fix 64-bit MIPS build with Clang
net: bcmgenet: set Rx mode before starting netif
selftests/bpf: Fix memory leak in extract_build_id()
netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
audit: fix a net reference leak in audit_list_rules_send()
Bluetooth: btbcm: Add 2 missing models to subver tables
MIPS: Make sparse_init() using top-down allocation
media: platform: fcp: Set appropriate DMA parameters
media: dvb: return -EREMOTEIO on i2c transfer failure.
audit: fix a net reference leak in audit_send_reply()
dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
e1000: Distribute switch variables for initialization
tools api fs: Make xxx__mountpoint() more scalable
brcmfmac: fix wrong location to get firmware feature
staging: android: ion: use vmap instead of vm_map_ram
net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss()
x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
spi: dw: Fix Rx-only DMA transfers
mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error
batman-adv: Revert "disable ethtool link speed detection when auto negotiation off"
ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
clocksource: dw_apb_timer_of: Fix missing clockevent timers
clocksource: dw_apb_timer: Make CPU-affiliation being optional
spi: dw: Enable interrupts in accordance with DMA xfer mode
kgdb: Prevent infinite recursive entries to the debugger
kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb
Bluetooth: Add SCO fallback for invalid LMP parameters error
MIPS: Loongson: Build ATI Radeon GPU driver as module
ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
arm64: insn: Fix two bugs in encoding 32-bit logical immediates
spi: dw: Zero DMA Tx and Rx configurations on stack
arm64: cacheflush: Fix KGDB trap detection
efi/libstub/x86: Work around LLVM ELF quirk build regression
net: ena: fix error returning in ena_com_get_hash_function()
net: atlantic: make hw_get_regs optional
spi: pxa2xx: Apply CS clk quirk to BXT
objtool: Ignore empty alternatives
media: si2157: Better check for running tuner in init
crypto: ccp -- don't "select" CONFIG_DMADEVICES
drm: bridge: adv7511: Extend list of audio sample rates
ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception
xen/pvcalls-back: test for errors when calling backend_connect()
mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card()
ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description
mmc: sdhci-msm: Clear tuning done flag while hs400 tuning
agp/intel: Reinforce the barrier after GTT updates
perf: Add cond_resched() to task_function_call()
fat: don't allow to mount if the FAT length == 0
mm/slub: fix a memory leak in sysfs_slab_add()
drm/vkms: Hold gem object while still in-use
Smack: slab-out-of-bounds in vsscanf
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
scsi: megaraid_sas: TM command refire leads to controller firmware crash
KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
KVM: nSVM: leave ASID aside in copy_vmcb_control_area
KVM: nSVM: fix condition for filtering async PF
video: fbdev: w100fb: Fix a potential double free.
proc: Use new_inode not new_inode_pseudo
ovl: initialize error in ovl_copy_xattr
selftests/net: in rxtimestamp getopt_long needs terminating null entry
crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req()
crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req()
crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()
spi: pxa2xx: Fix runtime PM ref imbalance on probe error
spi: pxa2xx: Balance runtime PM enable/disable on error
spi: bcm2835: Fix controller unregister order
spi: pxa2xx: Fix controller unregister order
spi: Fix controller unregister order
spi: No need to assign dummy value in spi_unregister_controller()
x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
x86/speculation: Add support for STIBP always-on preferred mode
x86/speculation: Change misspelled STIPB to STIBP
KVM: x86: only do L1TF workaround on affected processors
KVM: x86/mmu: Consolidate "is MMIO SPTE" code
kvm: x86: Fix L1TF mitigation for shadow MMU
KVM: x86: Fix APIC page invalidation race
x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned
ALSA: pcm: disallow linking stream to itself
crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated
PM: runtime: clk: Fix clk_pm_runtime_get() error path
spi: bcm-qspi: when tx/rx buffer is NULL set to 0
spi: bcm2835aux: Fix controller unregister order
spi: dw: Fix controller unregister order
nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
ACPI: PM: Avoid using power resources if there are none for D0
ACPI: GED: add support for _Exx / _Lxx handler methods
ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock
ALSA: usb-audio: Fix inconsistent card PM state after resume
ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
ALSA: es1688: Add the missed snd_card_free()
efi/efivars: Add missing kobject_put() in sysfs entry creation error path
x86/reboot/quirks: Add MacBook6,1 reboot quirk
x86/speculation: Prevent rogue cross-process SSBD shutdown
x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
x86_64: Fix jiffies ODR violation
btrfs: tree-checker: Check level for leaves and nodes
aio: fix async fsync creds
mm: add kvfree_sensitive() for freeing sensitive data objects
perf probe: Accept the instance number of kretprobe event
x86/cpu/amd: Make erratum #1054 a legacy erratum
RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated
ath9k_htc: Silence undersized packet warnings
powerpc/xive: Clear the page tables for the ESB IO mapping
drivers/net/ibmvnic: Update VNIC protocol version reporting
Input: synaptics - add a second working PNP_ID for Lenovo T470s
sched/fair: Don't NUMA balance for kthreads
ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
Input: mms114 - fix handling of mms345l
crypto: talitos - fix ECB and CBC algs ivsize
btrfs: Detect unbalanced tree with empty leaf before crashing btree operations
btrfs: merge btrfs_find_device and find_device
lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user()
x86: uaccess: Inhibit speculation past access_ok() in user_access_begin()
arch/openrisc: Fix issues with access_ok()
Fix 'acccess_ok()' on alpha and SH
make 'user_access_begin()' do 'access_ok()'
selftests: bpf: fix use of undeclared RET_IF macro
tun: correct header offsets in napi frags mode
vxlan: Avoid infinite loop when suppressing NS messages with invalid options
bridge: Avoid infinite loop when suppressing NS messages with invalid options
net_failover: fixed rollback in net_failover_open()
ipv6: fix IPV6_ADDRFORM operation logic
writeback: Drop I_DIRTY_TIME_EXPIRE
writeback: Fix sync livelock due to b_dirty_time processing
writeback: Avoid skipping inode writeback
writeback: Protect inode->i_io_list with inode->i_lock
Revert "writeback: Avoid skipping inode writeback"
ANDROID: gki_defconfig: increase vbus_draw to 500mA
fscrypt: remove stale definition
fs-verity: remove unnecessary extern keywords
fs-verity: fix all kerneldoc warnings
fscrypt: add support for IV_INO_LBLK_32 policies
fscrypt: make test_dummy_encryption use v2 by default
fscrypt: support test_dummy_encryption=v2
fscrypt: add fscrypt_add_test_dummy_key()
linux/parser.h: add include guards
fscrypt: remove unnecessary extern keywords
fscrypt: name all function parameters
fscrypt: fix all kerneldoc warnings
ANDROID: Update the ABI
ANDROID: GKI: power: power-supply: Add POWER_SUPPLY_PROP_CHARGER_STATUS property
ANDROID: GKI: add dev to usb_gsi_request
ANDROID: GKI: dma-buf: add dent_count to dma_buf
ANDROID: Update the ABI xml and whitelist
ANDROID: GKI: update whitelist
ANDROID: extcon: Export symbol of `extcon_get_edev_name`
ANDROID: kbuild: merge more sections with LTO
UPSTREAM: timekeeping/vsyscall: Update VDSO data unconditionally
ANDROID: GKI: Revert "genetlink: disallow subscribing to unknown mcast groups"
BACKPORT: usb: musb: Add support for MediaTek musb controller
UPSTREAM: usb: musb: Add musb_clearb/w() interface
UPSTREAM: usb: musb: Add noirq type of dma create interface
UPSTREAM: usb: musb: Add get/set toggle hooks
UPSTREAM: dt-bindings: usb: musb: Add support for MediaTek musb controller
FROMGIT: driver core: Remove unnecessary is_fwnode_dev variable in device_add()
FROMGIT: driver core: Remove check in driver_deferred_probe_force_trigger()
FROMGIT: of: platform: Batch fwnode parsing when adding all top level devices
FROMGIT: BACKPORT: driver core: fw_devlink: Add support for batching fwnode parsing
BACKPORT: driver core: Look for waiting consumers only for a fwnode's primary device
BACKPORT: driver core: Add device links from fwnode only for the primary device
Linux 4.19.128
Revert "net/mlx5: Annotate mutex destroy for root ns"
uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned
x86/speculation: Add Ivy Bridge to affected list
x86/speculation: Add SRBDS vulnerability and mitigation documentation
x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
x86/cpu: Add 'table' argument to cpu_matches()
x86/cpu: Add a steppings field to struct x86_cpu_id
nvmem: qfprom: remove incorrect write support
CDC-ACM: heed quirk also in error handling
staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
tty: hvc_console, fix crashes on parallel open/close
vt: keyboard: avoid signed integer overflow in k_ascii
usb: musb: Fix runtime PM imbalance on error
usb: musb: start session in resume for host port
iio: vcnl4000: Fix i2c swapped word reading.
USB: serial: option: add Telit LE910C1-EUX compositions
USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
USB: serial: qcserial: add DW5816e QDL support
net: check untrusted gso_size at kernel entry
vsock: fix timeout in vsock_accept()
NFC: st21nfca: add missed kfree_skb() in an error path
net: usb: qmi_wwan: add Telit LE910C1-EUX composition
l2tp: do not use inet_hash()/inet_unhash()
l2tp: add sk_family checks to l2tp_validate_socket
devinet: fix memleak in inetdev_init()
Revert "ANDROID: Remove default y on BRIDGE_IGMP_SNOOPING"
ANDROID: Update the ABI xml and whitelist
ANDROID: GKI: update whitelist
ANDROID: arch: arm64: vdso: export the symbols for time()
ANDROID: Incremental fs: Remove dependency on PKCS7_MESSAGE_PARSER
ANDROID: dm-bow: Add block_size option
f2fs: attach IO flags to the missing cases
f2fs: add node_io_flag for bio flags likewise data_io_flag
f2fs: remove unused parameter of f2fs_put_rpages_mapping()
f2fs: handle readonly filesystem in f2fs_ioc_shutdown()
f2fs: avoid utf8_strncasecmp() with unstable name
f2fs: don't return vmalloc() memory from f2fs_kmalloc()
ANDROID: GKI: set CONFIG_BLK_DEV_LOOP_MIN_COUNT to 16
ANDROID: Incremental fs: Cache successful hash calculations
ANDROID: Incremental fs: Fix four error-path bugs
Linux 4.19.127
net: smsc911x: Fix runtime PM imbalance on error
net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
net/ethernet/freescale: rework quiesce/activate for ucc_geth
null_blk: return error for invalid zone size
s390/mm: fix set_huge_pte_at() for empty ptes
drm/edid: Add Oculus Rift S to non-desktop list
net: bmac: Fix read of MAC address from ROM
x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
i2c: altera: Fix race between xfer_msg and isr thread
evm: Fix RCU list related warnings
ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT
ARC: Fix ICCM & DCCM runtime size checks
s390/ftrace: save traced function caller
spi: dw: use "smp_mb()" to avoid sending spi data error
powerpc/powernv: Avoid re-registration of imc debugfs directory
scsi: hisi_sas: Check sas_port before using it
drm/i915: fix port checks for MST support on gen >= 11
airo: Fix read overflows sending packets
net: dsa: mt7530: set CPU port to fallback mode
scsi: ufs: Release clock if DMA map fails
mmc: fix compilation of user API
kernel/relay.c: handle alloc_percpu returning NULL in relay_open
p54usb: add AirVasT USB stick device-id
HID: i2c-hid: add Schneider SCL142ALM to descriptor override
HID: sony: Fix for broken buttons on DS3 USB dongles
mm: Fix mremap not considering huge pmd devmap
libnvdimm: Fix endian conversion issues
Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race window"
f2fs: fix retry logic in f2fs_write_cache_pages()
ANDROID: Update ABI representation
Linux 4.19.126
mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
bonding: Fix reference count leak in bond_sysfs_slave_add.
crypto: chelsio/chtls: properly set tp->lsndtime
qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
xsk: Add overflow check for u64 division, stored into u32
bnxt_en: Fix accumulation of bp->net_stats_prev.
esp6: get the right proto for transport mode in esp6_gso_encap
netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
netfilter: nfnetlink_cthelper: unbreak userspace helper support
netfilter: ipset: Fix subcounter update skip
netfilter: nft_reject_bridge: enable reject with bridge vlan
ip_vti: receive ipip packet by calling ip_tunnel_rcv
vti4: eliminated some duplicate code.
xfrm: fix error in comment
xfrm: fix a NULL-ptr deref in xfrm_local_error
xfrm: fix a warning in xfrm_policy_insert_list
xfrm interface: fix oops when deleting a x-netns interface
xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output
xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
copy_xstate_to_kernel(): don't leave parts of destination uninitialized
x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
mac80211: mesh: fix discovery timer re-arming issue / crash
RDMA/core: Fix double destruction of uobject
mmc: core: Fix recursive locking issue in CQE recovery path
parisc: Fix kernel panic in mem_init()
iommu: Fix reference count leak in iommu_group_alloc.
include/asm-generic/topology.h: guard cpumask_of_node() macro argument
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
libceph: ignore pool overlay and cache logic on redirects
ALSA: hda/realtek - Add new codec supported for ALC287
ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio
exec: Always set cap_ambient in cap_bprm_set_creds
ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround
ALSA: hwdep: fix a left shifting 1 by 31 UB bug
RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
mmc: block: Fix use-after-free issue for rpmb
ARM: dts: bcm: HR2: Fix PPI interrupt types
ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
ARM: dts/imx6q-bx50v3: Set display interface clock parents
IB/qib: Call kobject_put() when kobject_init_and_add() fails
gpio: exar: Fix bad handling for ida_simple_get error path
ARM: uaccess: fix DACR mismatch with nested exceptions
ARM: uaccess: integrate uaccess_save and uaccess_restore
ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h
ARM: 8843/1: use unified assembler in headers
ARM: 8970/1: decompressor: increase tag size
Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
Input: synaptics-rmi4 - really fix attn_data use-after-free
Input: i8042 - add ThinkPad S230u to i8042 reset list
Input: dlink-dir685-touchkeys - fix a typo in driver name
Input: xpad - add custom init packet for Xbox One S controllers
Input: evdev - call input_flush_device() on release(), not flush()
Input: usbtouchscreen - add support for BonXeon TP
samples: bpf: Fix build error
cifs: Fix null pointer check in cifs_read
riscv: stacktrace: Fix undefined reference to `walk_stackframe'
IB/i40iw: Remove bogus call to netdev_master_upper_dev_get()
net: freescale: select CONFIG_FIXED_PHY where needed
usb: gadget: legacy: fix redundant initialization warnings
usb: dwc3: pci: Enable extcon driver for Intel Merrifield
cachefiles: Fix race between read_waiter and read_copier involving op->to_do
gfs2: move privileged user check to gfs2_quota_lock_check
net: microchip: encx24j600: add missed kthread_stop
ALSA: usb-audio: add mapping for ASRock TRX40 Creator
gpio: tegra: mask GPIO IRQs during IRQ shutdown
ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
ARM: dts: rockchip: swap clock-names of gpu nodes
arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node
arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts
ARM: dts: rockchip: fix phy nodename for rk3228-evb
mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails
net/mlx4_core: fix a memory leak bug.
net: sun: fix missing release regions in cas_init_one().
net/mlx5: Annotate mutex destroy for root ns
net/mlx5e: Update netdev txq on completions during closure
sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed
sctp: Don't add the shutdown timer if its already been added
r8152: support additional Microsoft Surface Ethernet Adapter variant
net sched: fix reporting the first-time use timestamp
net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()"
net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
net/mlx5: Add command entry handling completion
net: ipip: fix wrong address family in init error path
net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
__netif_receive_skb_core: pass skb by reference
net: dsa: mt7530: fix roaming from DSA user ports
dpaa_eth: fix usage as DSA master, try 3
ax25: fix setsockopt(SO_BINDTODEVICE)
ANDROID: modules: fix lockprove warning
FROMGIT: USB: dummy-hcd: use configurable endpoint naming scheme
UPSTREAM: usb: raw-gadget: fix null-ptr-deref when reenabling endpoints
UPSTREAM: usb: raw-gadget: documentation updates
UPSTREAM: usb: raw-gadget: support stalling/halting/wedging endpoints
UPSTREAM: usb: raw-gadget: fix gadget endpoint selection
UPSTREAM: usb: raw-gadget: improve uapi headers comments
UPSTREAM: usb: raw-gadget: fix return value of ep read ioctls
UPSTREAM: usb: raw-gadget: fix raw_event_queue_fetch locking
UPSTREAM: usb: raw-gadget: Fix copy_to/from_user() checks
f2fs: fix wrong discard space
f2fs: compress: don't compress any datas after cp stop
f2fs: remove unneeded return value of __insert_discard_tree()
f2fs: fix wrong value of tracepoint parameter
f2fs: protect new segment allocation in expand_inode_data
f2fs: code cleanup by removing ifdef macro surrounding
writeback: Avoid skipping inode writeback
ANDROID: GKI: Update the ABI
ANDROID: GKI: update whitelist
ANDROID: GKI: support mm_event for FS/IO/UFS path
ANDROID: net: bpf: permit redirect from ingress L3 to egress L2 devices at near max mtu
FROMGIT: driver core: Update device link status correctly for SYNC_STATE_ONLY links
UPSTREAM: driver core: Fix handling of SYNC_STATE_ONLY + STATELESS device links
BACKPORT: driver core: Fix SYNC_STATE_ONLY device link implementation
ANDROID: Bulk update the ABI xml and qcom whitelist
Revert "ANDROID: Incremental fs: Avoid continually recalculating hashes"
f2fs: avoid inifinite loop to wait for flushing node pages at cp_error
f2fs: compress: fix zstd data corruption
f2fs: add compressed/gc data read IO stat
f2fs: fix potential use-after-free issue
f2fs: compress: don't handle non-compressed data in workqueue
f2fs: remove redundant assignment to variable err
f2fs: refactor resize_fs to avoid meta updates in progress
f2fs: use round_up to enhance calculation
f2fs: introduce F2FS_IOC_RESERVE_COMPRESS_BLOCKS
f2fs: Avoid double lock for cp_rwsem during checkpoint
f2fs: report delalloc reserve as non-free in statfs for project quota
f2fs: Fix wrong stub helper update_sit_info
f2fs: compress: let lz4 compressor handle output buffer budget properly
f2fs: remove blk_plugging in block_operations
f2fs: introduce F2FS_IOC_RELEASE_COMPRESS_BLOCKS
f2fs: shrink spinlock coverage
f2fs: correctly fix the parent inode number during fsync()
f2fs: introduce mempool for {,de}compress intermediate page allocation
f2fs: introduce f2fs_bmap_compress()
f2fs: support fiemap on compressed inode
f2fs: support partial truncation on compressed inode
f2fs: remove redundant compress inode check
f2fs: use strcmp() in parse_options()
f2fs: Use the correct style for SPDX License Identifier
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/display/mediatek/mediatek,dpi.txt
Documentation/devicetree/bindings/usb/dwc3.txt
drivers/media/v4l2-core/v4l2-ctrls.c
drivers/mmc/core/queue.c
drivers/mmc/host/sdhci-msm.c
drivers/scsi/ufs/ufs-qcom.c
drivers/slimbus/qcom-ngd-ctrl.c
drivers/usb/gadget/composite.c
fs/crypto/keyring.c
fs/f2fs/data.c
include/linux/fs.h
include/linux/usb/gadget.h
include/uapi/linux/v4l2-controls.h
kernel/sched/cpufreq_schedutil.c
kernel/sched/fair.c
kernel/time/tick-sched.c
mm/vmalloc.c
net/netlink/genetlink.c
net/qrtr/qrtr.c
sound/core/compress_offload.c
sound/soc/soc-compress.c
Fixed errors:
drivers/scsi/ufs/ufshcd.c
drivers/soc/qcom/rq_stats.c
Change-Id: I06ea6a6c3f239045e2947f27af617aa6f523bfdb
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Add enable_flow flag to the prio qdisc. Packet flow is enabled by
default, but can be disabled from userspace (e.g. IPROUTE2 tc tool).
This allows for suspending packet dequeue on a per-qdisc basis,
which is needed to support Quality of Service (QOS).
Export a function that will look up desired qdisc and call it's
registered change function to enable/disable flow. This API also
returns the size of the qdisc in order to be able to collect data on
the size of the qdisc before doing flow control operations. This is
required to effectively diagnose the state of the queues when
debugging flow control.
The PRIO qdisc supports flow control, such that packet
dequeue can be disabled based on boolean flag 'enable_flow'.
When flow is re-enabled, the latency for new packets
arriving at network driver is high. To reduce the delay in
scheduling packets, the qdisc will now invoke
__netif_schedule() to expedite dequeue. This significantly
reduces the latency of packets arriving at network driver.
Change-Id: I0e9096e4241d459540028558fdec18ece460d517
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: Sharath Chandra Vurukala <sharathv@codeaurora.org>
[ Upstream commit 2fb541c862c987d02dfdf28f1545016deecfa0d5 ]
Currently there is concurrent reset and enqueue operation for the
same lockless qdisc when there is no lock to synchronize the
q->enqueue() in __dev_xmit_skb() with the qdisc reset operation in
qdisc_deactivate() called by dev_deactivate_queue(), which may cause
out-of-bounds access for priv->ring[] in hns3 driver if user has
requested a smaller queue num when __dev_xmit_skb() still enqueue a
skb with a larger queue_mapping after the corresponding qdisc is
reset, and call hns3_nic_net_xmit() with that skb later.
Reused the existing synchronize_net() in dev_deactivate_many() to
make sure skb with larger queue_mapping enqueued to old qdisc(which
is saved in dev_queue->qdisc_sleeping) will always be reset when
dev_reset_queue() is called.
Fixes: 6b3ba9146f ("net: sched: allow qdiscs to handle locking")
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit d7bf2ebebc2bd61ab95e2a8e33541ef282f303d4 ]
There are a couple of places in net/sched/ that check skb->protocol and act
on the value there. However, in the presence of VLAN tags, the value stored
in skb->protocol can be inconsistent based on whether VLAN acceleration is
enabled. The commit quoted in the Fixes tag below fixed the users of
skb->protocol to use a helper that will always see the VLAN ethertype.
However, most of the callers don't actually handle the VLAN ethertype, but
expect to find the IP header type in the protocol field. This means that
things like changing the ECN field, or parsing diffserv values, stops
working if there's a VLAN tag, or if there are multiple nested VLAN
tags (QinQ).
To fix this, change the helper to take an argument that indicates whether
the caller wants to skip the VLAN tags or not. When skipping VLAN tags, we
make sure to skip all of them, so behaviour is consistent even in QinQ
mode.
To make the helper usable from the ECN code, move it to if_vlan.h instead
of pkt_sched.h.
v3:
- Remove empty lines
- Move vlan variable definitions inside loop in skb_protocol()
- Also use skb_protocol() helper in IP{,6}_ECN_decapsulate() and
bpf_skb_ecn_set_ce()
v2:
- Use eth_type_vlan() helper in skb_protocol()
- Also fix code that reads skb->protocol directly
- Change a couple of 'if/else if' statements to switch constructs to avoid
calling the helper twice
Reported-by: Ilya Ponetayev <i.ponetaev@ndmsystems.com>
Fixes: d8b9605d26 ("net: sched: fix skb->protocol use in case of accelerated vlan path")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 306381aec7c2b5a658eebca008c8a1b666536cba ]
When tcf_block_get() fails inside atm_tc_init(),
atm_tc_put() is called to release the qdisc p->link.q.
But the flow->ref prevents it to do so, as the flow->ref
is still zero.
Fix this by moving the p->link.ref initialization before
tcf_block_get().
Fixes: 6529eaba33 ("net: sched: introduce tcf block infractructure")
Reported-and-tested-by: syzbot+d411cff6ab29cc2c311b@syzkaller.appspotmail.com
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 8c95eca0bb8c4bd2231a0d581f1ad0d50c90488c ]
As a further optimisation of the diffserv parsing codepath, we can skip it
entirely if CAKE is configured to neither use diffserv-based
classification, nor to zero out the diffserv bits.
Fixes: c87b4ecdbe8d ("sch_cake: Make sure we can write the IP header before changing DSCP bits")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 3f608f0c41360b11b04c763f348b712f651c8bac ]
I spotted a few nits when comparing the in-tree version of sch_cake with
the out-of-tree one: A redundant error variable declaration shadowing an
outer declaration, and an indentation alignment issue. Fix both of these.
Fixes: 046f6fd5da ("sched: Add Common Applications Kept Enhanced (cake) qdisc")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 9208d2863ac689a563b92f2161d8d1e7127d0add ]
cake_handle_diffserv() tries to linearize mac and network header parts of
skb and to make it writable unconditionally. In some cases it leads to full
skb reallocation, which reduces throughput and increases CPU load. Some
measurements of IPv4 forward + NAPT on MIPS router with 580 MHz single-core
CPU was conducted. It appears that on kernel 4.9 skb_try_make_writable()
reallocates skb, if skb was allocated in ethernet driver via so-called
'build skb' method from page cache (it was discovered by strange increase
of kmalloc-2048 slab at first).
Obtain DSCP value via read-only skb_header_pointer() call, and leave
linearization only for DSCP bleaching or ECN CE setting. And, as an
additional optimisation, skip diffserv parsing entirely if it is not needed
by the current configuration.
Fixes: c87b4ecdbe8d ("sch_cake: Make sure we can write the IP header before changing DSCP bits")
Signed-off-by: Ilya Ponetayev <i.ponetaev@ndmsystems.com>
[ fix a few style issues, reflow commit message ]
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 1a3db27ad9a72d033235b9673653962c02e3486e ]
Since the quiesce/activate rework, __netdev_watchdog_up() is directly
called in the ucc_geth driver.
Unfortunately, this function is not available for modules and thus
ucc_geth cannot be built as a module anymore. Fix it by exporting
__netdev_watchdog_up().
Since the commit introducing the regression was backported to stable
branches, this one should ideally be as well.
Fixes: 79dde73cf9bc ("net/ethernet/freescale: rework quiesce/activate for ucc_geth")
Signed-off-by: Valentin Longchamp <valentin@longchamp.me>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit df4953e4e997e273501339f607b77953772e3559 ]
syzbot managed to set up sfq so that q->scaled_quantum was zero,
triggering an infinite loop in sfq_dequeue()
More generally, we must only accept quantum between 1 and 2^18 - 7,
meaning scaled_quantum must be in [1, 0x7FFF] range.
Otherwise, we also could have a loop in sfq_dequeue()
if scaled_quantum happens to be 0x8000, since slot->allot
could indefinitely switch between 0 and 0x8000.
Fixes: eeaeb068f1 ("sch_sfq: allow big packets and be fair")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot+0251e883fe39e7a0cb0a@syzkaller.appspotmail.com
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 2761121af87de45951989a0adada917837d8fa82 ]
Do not assume the attribute has the right size.
Fixes: aea5f654e6 ("net/sched: add skbprio scheduler")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 14695212d4cd8b0c997f6121b6df8520038ce076 ]
My intent was to not let users set a zero drop_batch_size,
it seems I once again messed with min()/max().
Fixes: 9d18562a22 ("fq_codel: add batch ability to fq_codel_drop()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 0d1c3530e1bd38382edef72591b78e877e0edcd3 ]
In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")
I moved cp->hash calculation before the first
tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched.
This difference could lead to another out of bound access.
cp->alloc_hash should always be the size allocated, we should
update it after this tcindex_alloc_perfect_hash().
Reported-and-tested-by: syzbot+dcc34d54d68ef7d2d53d@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+c72da7b9ed57cde6fca2@syzkaller.appspotmail.com
Fixes: 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit ef299cc3fa1a9e1288665a9fdc8bff55629fd359 ]
route4_change() allocates a new filter and copies values from
the old one. After the new filter is inserted into the hash
table, the old filter should be removed and freed, as the final
step of the update.
However, the current code mistakenly removes the new one. This
looks apparently wrong to me, and it causes double "free" and
use-after-free too, as reported by syzbot.
Reported-and-tested-by: syzbot+f9b32aaacd60305d9687@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+2f8c233f131943d6056d@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+9c2df9fd5e9445b74e01@syzkaller.appspotmail.com
Fixes: 1109c00547 ("net: sched: RCU cls_route")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 961d0e5b32946703125964f9f5b6321d60f4d706 ]
Currently the software CBS does not consider the packet sending time
when depleting the credits. It caused the throughput to be
Idleslope[kbps] * (Port transmit rate[kbps] / |Sendslope[kbps]|) where
Idleslope * (Port transmit rate / (Idleslope + |Sendslope|)) = Idleslope
is expected. In order to fix the issue above, this patch takes the time
when the packet sending completes into account by moving the anchor time
variable "last" ahead to the send completion time upon transmission and
adding wait when the next dequeue request comes before the send
completion time of the previous packet.
changelog:
V2->V3:
- remove unnecessary whitespace cleanup
- add the checks if port_rate is 0 before division
V1->V2:
- combine variable "send_completed" into "last"
- add the comment for estimate of the packet sending
Fixes: 585d763af0 ("net/sched: Introduce Credit Based Shaper (CBS) qdisc")
Signed-off-by: Zh-yuan Ye <ye.zh-yuan@socionext.com>
Reviewed-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 7e6dc03eeb023e18427a373522f1d247b916a641 ]
Add missing attribute validation for TCA_FQ_ORPHAN_MASK
to the netlink policy.
Fixes: 06eb395fa9 ("pkt_sched: fq: better control of DDOS traffic")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 8a9093c79863b58cc2f9874d7ae788f0d622a596 ]
tc flower rules that are based on src or dst port blocking are sometimes
ineffective due to uninitialized stack data. __skb_flow_dissect() extracts
ports from the skb for tc flower to match against. However, the port
dissection is not done when when the FLOW_DIS_IS_FRAGMENT bit is set in
key_control->flags. All callers of __skb_flow_dissect(), zero-out the
key_control field except for fl_classify() as used by the flower
classifier. Thus, the FLOW_DIS_IS_FRAGMENT may be set on entry to
__skb_flow_dissect(), since key_control is allocated on the stack
and may not be initialized.
Since key_basic and key_control are present for all flow keys, let's
make sure they are initialized.
Fixes: 62230715fd24 ("flow_dissector: do not dissect l4 ports for fragments")
Co-developed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Jason Baron <jbaron@akamai.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit e2debf0852c4d66ba1a8bde12869b196094c70a7 ]
unlike other classifiers that can be offloaded (i.e. users can set flags
like 'skip_hw' and 'skip_sw'), 'cls_flower' doesn't validate the size of
netlink attribute 'TCA_FLOWER_FLAGS' provided by user: add a proper entry
to fl_policy.
Fixes: 5b33f48842 ("net/flower: Introduce hardware offload support")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 1afa3cc90f8fb745c777884d79eaa1001d6927a6 ]
unlike other classifiers that can be offloaded (i.e. users can set flags
like 'skip_hw' and 'skip_sw'), 'cls_matchall' doesn't validate the size
of netlink attribute 'TCA_MATCHALL_FLAGS' provided by user: add a proper
entry to mall_policy.
Fixes: b87f7936a9 ("net/sched: Add match-all classifier hw offloading.")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 52b5ae501c045010aeeb1d5ac0373ff161a88291 ]
Jakub noticed there is a potential resource leak in
tcindex_set_parms(): when tcindex_filter_result_init() fails
and it jumps to 'errout1' which doesn't release the memory
and resources allocated by tcindex_alloc_perfect_hash().
We should just jump to 'errout_alloc' which calls
tcindex_free_perfect_hash().
Fixes: b9a24bb76b ("net_sched: properly handle failure case of tcf_exts_init()")
Reported-by: Jakub Kicinski <kuba@kernel.org>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 599be01ee567b61f4471ee8078870847d0a11e8e ]
As Eric noticed, tcindex_alloc_perfect_hash() uses cp->hash
to compute the size of memory allocation, but cp->hash is
set again after the allocation, this caused an out-of-bound
access.
So we have to move all cp->hash initialization and computation
before the memory allocation. Move cp->mask and cp->shift together
as cp->hash may need them for computation too.
Reported-and-tested-by: syzbot+35d4dea36c387813ed31@syzkaller.appspotmail.com
Fixes: 331b72922c ("net: sched: RCU cls_tcindex")
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: John Fastabend <john.fastabend@gmail.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 2e24cd755552350b94a7617617c6877b8cbcb701 ]
The current implementations of ops->bind_class() are merely
searching for classid and updating class in the struct tcf_result,
without invoking either of cl_ops->bind_tcf() or
cl_ops->unbind_tcf(). This breaks the design of them as qdisc's
like cbq use them to count filters too. This is why syzbot triggered
the warning in cbq_destroy_class().
In order to fix this, we have to call cl_ops->bind_tcf() and
cl_ops->unbind_tcf() like the filter binding path. This patch does
so by refactoring out two helper functions __tcf_bind_filter()
and __tcf_unbind_filter(), which are lockless and accept a Qdisc
pointer, then teaching each implementation to call them correctly.
Note, we merely pass the Qdisc pointer as an opaque pointer to
each filter, they only need to pass it down to the helper
functions without understanding it at all.
Fixes: 07d79fc7d9 ("net_sched: add reverse binding for tc class")
Reported-and-tested-by: syzbot+0a0596220218fcb603a8@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+63bdb6006961d8c917c6@syzkaller.appspotmail.com
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 61678d28d4a45ef376f5d02a839cc37509ae9281 ]
syzbot reported an out-of-bound access in em_nbyte. As initially
analyzed by Eric, this is because em_nbyte sets its own em->datalen
in em_nbyte_change() other than the one specified by user, but this
value gets overwritten later by its caller tcf_em_validate().
We should leave em->datalen untouched to respect their choices.
I audit all the in-tree ematch users, all of those implement
->change() set em->datalen, so we can just avoid setting it twice
in this case.
Reported-and-tested-by: syzbot+5af9a90dad568aa9f611@syzkaller.appspotmail.com
Reported-by: syzbot+2f07903a5b05e7f36410@syzkaller.appspotmail.com
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit e0ad032e144731a5928f2d75e91c2064ba1a764c ]
If packet corruption failed we jump to finish_segs and return
NET_XMIT_SUCCESS. Seeing success will make the parent qdisc
increment its backlog, that's incorrect - we need to return
NET_XMIT_DROP.
Fixes: 6071bd1aa1 ("netem: Segment GSO packets on enqueue")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit a7fa12d15855904aff1716e1fc723c03ba38c5cc ]
To corrupt a GSO frame we first perform segmentation. We then
proceed using the first segment instead of the full GSO skb and
requeue the rest of the segments as separate packets.
If there are any issues with processing the first segment we
still want to process the rest, therefore we jump to the
finish_segs label.
Commit 177b8007463c ("net: netem: fix backlog accounting for
corrupted GSO frames") started using the pointer to the first
segment in the "rest of segments processing", but as mentioned
above the first segment may had already been freed at this point.
Backlog corrections for parent qdiscs have to be adjusted.
Fixes: 177b8007463c ("net: netem: fix backlog accounting for corrupted GSO frames")
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 83c8c3cf45163f0c823db37be6ab04dfcf8ac751 ]
As explained in the "net: sched: taprio: Avoid division by zero on
invalid link speed" commit, it is legal for the ethtool API to return
zero as a link speed. So guard against it to ensure we don't perform a
division by zero in kernel.
Fixes: e0a7683d30e9 ("net/sched: cbs: fix port_rate miscalculation")
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 1c6c09a0ae62fa3ea8f8ead2ac3920e6fff2de64 ]
The discussion to be made is absolutely the same as in the case of
previous patch ("taprio: Set default link speed to 10 Mbps in
taprio_set_picos_per_byte"). Nothing is lost when setting a default.
Cc: Leandro Dorileo <leandro.maciel.dorileo@intel.com>
Fixes: e0a7683d30e9 ("net/sched: cbs: fix port_rate miscalculation")
Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 177b8007463c4f36c9a2c7ce7aa9875a4cad9bd5 ]
When GSO frame has to be corrupted netem uses skb_gso_segment()
to produce the list of frames, and re-enqueues the segments one
by one. The backlog length has to be adjusted to account for
new frames.
The current calculation is incorrect, leading to wrong backlog
lengths in the parent qdisc (both bytes and packets), and
incorrect packet backlog count in netem itself.
Parent backlog goes negative, netem's packet backlog counts
all non-first segments twice (thus remaining non-zero even
after qdisc is emptied).
Move the variables used to count the adjustment into local
scope to make 100% sure they aren't used at any stage in
backports.
Fixes: 6071bd1aa1 ("netem: Segment GSO packets on enqueue")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e0a7683d30e91e30ee6cf96314ae58a0314a095e ]
The Credit Based Shaper heavily depends on link speed to calculate
the scheduling credits, we can't properly calculate the credits if the
device has failed to report the link speed.
In that case we can't dequeue packets assuming a wrong port rate that will
result into an inconsistent credit distribution.
This patch makes sure we fail to dequeue case:
1) __ethtool_get_link_ksettings() reports error or 2) the ethernet driver
failed to set the ksettings' speed value (setting link speed to
SPEED_UNKNOWN).
Additionally we properly re calculate the port rate whenever the link speed
is changed.
Fixes: 3d0bd028ff ("net/sched: Add support for HW offloading for CBS")
Signed-off-by: Leandro Dorileo <leandro.maciel.dorileo@intel.com>
Reviewed-by: Vedang Patel <vedang.patel@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2ecba2d1e45b24620a7c3df9531895cf68d5dec6 ]
The csum calculation is different for IPv4/6. For VLAN packets,
tc_skb_protocol returns the VLAN protocol rather than the packet's one
(e.g. IPv4/6), so csum is not calculated. Furthermore, VLAN may not be
stripped so csum is not calculated in this case too. Calculate the
csum for those cases.
Fixes: d8b9605d26 ("net: sched: fix skb->protocol use in case of accelerated vlan path")
Signed-off-by: Eli Britstein <elibr@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 240ce7f6428ff5188b9eedc066e1e4d645b8635f ]
When a child Qdisc is removed from one of the PRIO Qdisc's bands, it is
replaced unconditionally by a NOOP qdisc. As a result, any traffic hitting
that band gets dropped. That is incorrect--no Qdisc was explicitly added
when PRIO was created, and after removal, none should have to be added
either.
Fix PRIO by first attempting to create a default Qdisc and only falling
back to noop when that fails. This pattern of attempting to create an
invisible FIFO, using NOOP only as a fallback, is also seen in other
Qdiscs.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Petr Machata <petrm@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 68aab823c223646fab311f8a6581994facee66a0 ]
The variables 'window_interval' is u64 and do_div()
truncates it to 32 bits, which means it can test
non-zero and be truncated to zero for division.
The unit of window_interval is nanoseconds,
so its lower 32-bit is relatively easy to exceed.
Fix this issue by using div64_u64() instead.
Fixes: 7298de9cd7 ("sch_cake: Add ingress mode")
Signed-off-by: Wen Yang <wenyang@linux.alibaba.com>
Cc: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Cc: Toke Høiland-Jørgensen <toke@redhat.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: cake@lists.bufferbloat.net
Cc: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit d9e15a2733067c9328fb56d98fe8e574fa19ec31 ]
As diagnosed by Florian :
If TCA_FQ_QUANTUM is set to 0x80000000, fq_deueue()
can loop forever in :
if (f->credit <= 0) {
f->credit += q->quantum;
goto begin;
}
... because f->credit is either 0 or -2147483648.
Let's limit TCA_FQ_QUANTUM to no more than 1 << 20 :
This max value should limit risks of breaking user setups
while fixing this bug.
Fixes: afe4fd0624 ("pkt_sched: fq: Fair Queue packet scheduler")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Diagnosed-by: Florian Westphal <fw@strlen.de>
Reported-by: syzbot+dc9071cc5a85950bdfce@syzkaller.appspotmail.com
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 2f23cd42e19c22c24ff0e221089b7b6123b117c5 ]
sch->q.len hasn't been set if the subqueue is a NOLOCK qdisc
in mq_dump() and mqprio_dump().
Fixes: ce679e8df7 ("net: sched: add support for TCQ_F_NOLOCK subqueues to sch_mqprio")
Signed-off-by: Dust Li <dust.li@linux.alibaba.com>
Signed-off-by: Tony Lu <tonylu@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 9f104c7736904ac72385bbb48669e0c923ca879b ]
When user runs a command like
tc qdisc add dev eth1 root mqprio
KASAN stack-out-of-bounds warning is emitted.
Currently, NLA_ALIGN macro used in mqprio_dump provides too large
buffer size as argument for nla_put and memcpy down the call stack.
The flow looks like this:
1. nla_put expects exact object size as an argument;
2. Later it provides this size to memcpy;
3. To calculate correct padding for SKB, nla_put applies NLA_ALIGN
macro itself.
Therefore, NLA_ALIGN should not be applied to the nla_put parameter.
Otherwise it will lead to out-of-bounds memory access in memcpy.
Fixes: 4e8b86c062 ("mqprio: Introduce new hardware offload mode and shaper in mqprio")
Signed-off-by: Vladyslav Tarasiuk <vladyslavt@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 8c6c37fdc20ec9ffaa342f827a8e20afe736fb0c ]
To ensure parent qdiscs have the same notion of the number of enqueued
packets even after splitting a GSO packet, update the qdisc tree with the
number of packets that was added due to the split.
Reported-by: Pete Heist <pete@heistp.net>
Tested-by: Pete Heist <pete@heistp.net>
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 14e54ab9143fa60794d13ea0a66c792a2046a8f3 ]
When a classful qdisc's child qdisc has set the flag
TCQ_F_CPUSTATS (pfifo_fast for example), the child qdisc's
cpu_bstats should be passed to gnet_stats_copy_basic(),
but many classful qdisc didn't do that. As a result,
`tc -s class show dev DEV` always return 0 for bytes and
packets in this case.
Pass the child qdisc's cpu_bstats to gnet_stats_copy_basic()
to fix this issue.
The qstats also has this problem, but it has been fixed
in 5dd431b6b9 ("net: sched: introduce and use qstats read...")
and bstats still remains buggy.
Fixes: 22e0f8b932 ("net: sched: make bstats per cpu and estimator RCU safe")
Signed-off-by: Dust Li <dust.li@linux.alibaba.com>
Signed-off-by: Tony Lu <tonylu@linux.alibaba.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 4f0e97d070984d487df027f163e52bb72d1713d8 ]
info->options_len is 'u8' type, and when opts_len with a value >
IP_TUNNEL_OPTS_MAX, 'info->options_len = opts_len' will cast int
to u8 and set a wrong value to info->options_len.
Kernel crashed in my test when doing:
# opts="0102:80:00800022"
# for i in {1..99}; do opts="$opts,0102:80:00800022"; done
# ip link add name geneve0 type geneve dstport 0 external
# tc qdisc add dev eth0 ingress
# tc filter add dev eth0 protocol ip parent ffff: \
flower indev eth0 ip_proto udp action tunnel_key \
set src_ip 10.0.99.192 dst_ip 10.0.99.193 \
dst_port 6081 id 11 geneve_opts $opts \
action mirred egress redirect dev geneve0
So we should do the similar check as cls_flower does, return error
when opts_len > IP_TUNNEL_OPTS_MAX in tunnel_key_copy_opts().
Fixes: 0ed5269f9e ("net/sched: add tunnel option support to act_tunnel_key")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Yunsheng Lin
Srinivasarao P
Aleksandr Nogikh
Davide Caratti
Subash Abhinov Kasiviswanathan
Toke Høiland-Jørgensen
Cong Wang
Ilya Ponetayev
Valentin Longchamp
Eric Dumazet
Zh-yuan Ye
Jakub Kicinski
Jason Baron
Jakub Kicinski
YueHaibing
Vladimir Oltean
Leandro Dorileo
Eli Britstein
Petr Machata
Wen Yang
Dust Li
Vladyslav Tarasiuk
Xin Long