July 2024 - Linux-stable-mirror

[PATCH] serial: core: check uartclk for zero to avoid divide by zero

by George Kennedy

Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor(). The check for uartclk being zero in uart_set_info() needs to be done before other settings are made as subsequent calls to ioctl TIOCSSERIAL for the same port would be impacted if the uartclk check was done where uartclk gets set. Oops: divide error: 0000 PREEMPT SMP KASAN PTI RIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580) Call Trace: <TASK> serial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576 drivers/tty/serial/8250/8250_port.c:2589) serial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502 drivers/tty/serial/8250/8250_port.c:2741) serial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862) uart_change_line_settings (./include/linux/spinlock.h:376 ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222) uart_port_startup (drivers/tty/serial/serial_core.c:342) uart_startup (drivers/tty/serial/serial_core.c:368) uart_set_info (drivers/tty/serial/serial_core.c:1034) uart_set_info_user (drivers/tty/serial/serial_core.c:1059) tty_set_serial (drivers/tty/tty_io.c:2637) tty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791) __x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907 fs/ioctl.c:893 fs/ioctl.c:893) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Reported-by: syzkaller <syzkaller(a)googlegroups.com> Cc: stable(a)vger.kernel.org Signed-off-by: George Kennedy <george.kennedy(a)oracle.com> --- serial_struct baud_base=0x30000000 will cause the crash. drivers/tty/serial/serial_core.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 2a8006e3d687..9967444eae10 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -881,6 +881,14 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port, new_flags = (__force upf_t)new_info->flags; old_custom_divisor = uport->custom_divisor; + if (!(uport->flags & UPF_FIXED_PORT)) { + unsigned int uartclk = new_info->baud_base * 16; + /* check needs to be done here before other settings made */ + if (uartclk == 0) { + retval = -EINVAL; + goto exit; + } + } if (!capable(CAP_SYS_ADMIN)) { retval = -EPERM; if (change_irq || change_port || -- 2.39.3

9 months, 1 week

1
0
0 0

[PATCH v3] tpm: Relocate buf->handles to appropriate place

by Jarkko Sakkinen

tpm_buf_append_name() has the following snippet in the beginning: if (!tpm2_chip_auth(chip)) { tpm_buf_append_u32(buf, handle); /* count the number of handles in the upper bits of flags */ buf->handles++; return; } The claim in the comment is wrong, and the comment is in the wrong place as alignment in this case should not anyway be a concern of the call site. In essence the comment is lying about the code, and thus needs to be adressed. Further, 'handles' was incorrectly place to struct tpm_buf, as tpm-buf.c does manage its state. It is easy to grep that only piece of code that actually uses the field is tpm2-sessions.c. Address the issues by moving the variable to struct tpm_chip. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> v3: * Reset chip->handles in the beginning of tpm2_start_auth_session() so that it shows correct value, when TCG_TPM2_HMAC is enabled but tpm2_sessions_init() has never been called. v2: * Was a bit more broken than I first thought, as 'handles' is only useful for tpm2-sessions.c and has zero relation to tpm-buf.c. --- drivers/char/tpm/tpm-buf.c | 1 - drivers/char/tpm/tpm2-cmd.c | 2 +- drivers/char/tpm/tpm2-sessions.c | 7 ++++--- include/linux/tpm.h | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c index cad0048bcc3c..d06e8e063151 100644 --- a/drivers/char/tpm/tpm-buf.c +++ b/drivers/char/tpm/tpm-buf.c @@ -44,7 +44,6 @@ void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal) head->tag = cpu_to_be16(tag); head->length = cpu_to_be32(sizeof(*head)); head->ordinal = cpu_to_be32(ordinal); - buf->handles = 0; } EXPORT_SYMBOL_GPL(tpm_buf_reset); diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 1e856259219e..b781e4406fc2 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -776,7 +776,7 @@ int tpm2_auto_startup(struct tpm_chip *chip) if (rc) goto out; - rc = tpm2_sessions_init(chip); + /* rc = tpm2_sessions_init(chip); */ out: /* diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index d3521aadd43e..5e7c12d64ba8 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -238,8 +238,7 @@ void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, if (!tpm2_chip_auth(chip)) { tpm_buf_append_u32(buf, handle); - /* count the number of handles in the upper bits of flags */ - buf->handles++; + chip->handles++; return; } @@ -310,7 +309,7 @@ void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, if (!tpm2_chip_auth(chip)) { /* offset tells us where the sessions area begins */ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; + int offset = chip->handles * 4 + TPM_HEADER_SIZE; u32 len = 9 + passphrase_len; if (tpm_buf_length(buf) != offset) { @@ -963,6 +962,8 @@ int tpm2_start_auth_session(struct tpm_chip *chip) int rc; u32 null_key; + chip->handles = 0; + if (!auth) { dev_warn_once(&chip->dev, "auth session is not active\n"); return 0; diff --git a/include/linux/tpm.h b/include/linux/tpm.h index e93ee8d936a9..b664f7556494 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -202,9 +202,9 @@ struct tpm_chip { /* active locality */ int locality; + /* handle count for session: */ + u8 handles; #ifdef CONFIG_TCG_TPM2_HMAC - /* details for communication security via sessions */ - /* saved context for NULL seed */ u8 null_key_context[TPM2_MAX_CONTEXT_SIZE]; /* name of NULL seed */ @@ -377,7 +377,6 @@ struct tpm_buf { u32 flags; u32 length; u8 *data; - u8 handles; }; enum tpm2_object_attributes { @@ -517,7 +516,7 @@ static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, if (tpm2_chip_auth(chip)) { tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, passphraselen); } else { - offset = buf->handles * 4 + TPM_HEADER_SIZE; + offset = chip->handles * 4 + TPM_HEADER_SIZE; head = (struct tpm_header *)buf->data; /* @@ -541,6 +540,7 @@ void tpm2_end_auth_session(struct tpm_chip *chip); static inline int tpm2_start_auth_session(struct tpm_chip *chip) { + chip->handles = 0; return 0; } static inline void tpm2_end_auth_session(struct tpm_chip *chip) -- 2.45.2

9 months, 1 week

4
7
0 0

[PATCH v2 0/2] media: qcom: camss: Fix two CAMSS bugs found by dogfooding with SoftISP

by Bryan O'Donoghue

v2: - Updates commits with Johan's Review/Reported tags - Adds Closes: https://lore.kernel.org/lkml/ZoVNHOTI0PKMNt4_@hovoldconsulting.com - Cc's stable - Adds in suggested kernel log to allow others to more easily match kernel log to fixes - Link to v1: https://lore.kernel.org/r/20240714-linux-next-24-07-13-camss-fixes-v1-0-8f8… V1: Dogfooding with SoftISP has uncovered two bugs in this series which I'm posting fixes for. - The first error: A simple race condition which to be honest I'm surprised I haven't found earlier nor has anybody else. Simply stated the order we typically end up loading CAMSS on boot has masked out the pm_runtime_enable() race condition that has been present in CAMSS for a long time. If you blacklist qcom-camss in modules.d and then modprobe after boot, the race condition shows up easily. Moving the pm_runtime_enable prior to subdevice registration fixes the problem. The second error: Nomenclature: - CSIPHY: CSI Physical layer analogue to digital domain serialiser - CSID: CSI Decoder - VFE: Video Front End - RDI: Raw Data Interface - VC: Virtual Channel In order to support streaming multiple virtual-channels on the same RDI a V4L2 provided use_count variable is used to decide whether or not to actually terminate streaming and release buffers for 'msm_vfe_rdiX'. Unfortunately use_count indicates the number of times msm_vfe_rdiX has been opened by user-space not the number of concurrent streams on msm_vfe_rdiX. Simply stated use_count and stream_count are two different things. The silicon enabling code to select between VCs is valid but, a different solution needs to be found to support _concurrent_ VC streams. Right now the upstream use_count as-is is breaking the non concurrent VC case and I don't believe there are upstream users of concurrent VCs on CAMSS. This series implements a revert for the invalid use_count check, retaining the ability to select which VC is active on the RDI. Dogfooding with libcamera's SoftISP in Hangouts, Zoom and multiple runs of libcamera's "qcam" application is a very different test-case to the simple capture of frames we previously did when validating the 'use_count' change. A partial revert in expectation of a renewed push to fixup that concurrent VC issue is included. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (2): media: qcom: camss: Remove use_count guard in stop_streaming media: qcom: camss: Fix ordering of pm_runtime_enable drivers/media/platform/qcom/camss/camss-video.c | 6 ------ drivers/media/platform/qcom/camss/camss.c | 5 +++-- 2 files changed, 3 insertions(+), 8 deletions(-) --- base-commit: c6ce8f9ab92edc9726996a0130bfc1c408132d47 change-id: 20240713-linux-next-24-07-13-camss-fixes-fa98c0965a5d Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

9 months, 1 week

2
5
0 0

Re: [PATCH 6.9 000/142] 6.9.10-rc2 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

9 months, 1 week

1
0
0 0

[PATCH 4.19 00/65] 4.19.318-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.318 release. There are 65 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 19 Jul 2024 06:37:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.318-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.318-rc2 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory felix <fuzhen5(a)huawei.com> SUNRPC: Fix RPC client cleaned up the freed pipefs dentries Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Menglong Dong <imagedong(a)tencent.com> net: tcp: fix unexcepted socket die when snd_wnd is 0 Eric Dumazet <edumazet(a)google.com> tcp: refactor tcp_retransmit_timer() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Aleksander Jan Bajkowski <olek2(a)wp.pl> net: lantiq_etop: add blank line after declaration Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915: make find_fw_domain work on intel_uncore Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Jaganath Kanakkassery <jaganath.k.os(a)gmail.com> Bluetooth: Fix incorrect pointer arithmatic in ext_adv_report_evt Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Yuchung Cheng <ycheng(a)google.com> net: tcp better handling of reordering then loss cases Yousuk Seung <ysseung(a)google.com> tcp: add ece_ack flag to reno sack functions zhang kai <zhangkaiheb(a)126.com> tcp: tcp_mark_head_lost is only valid for sack-tcp Eric Dumazet <edumazet(a)google.com> tcp: take care of compressed acks in tcp_add_reno_sack() Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing ------------- Diffstat: Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/xmon/xmon.c | 6 +- drivers/char/hpet.c | 34 ++++- drivers/firmware/dmi_scan.c | 11 ++ drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + drivers/gpu/drm/amd/include/atomfirmware.h | 2 +- drivers/gpu/drm/i915/intel_uncore.c | 20 +-- drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 ++----- drivers/i2c/busses/i2c-rcar.c | 17 ++- drivers/infiniband/core/user_mad.c | 21 ++- drivers/input/ff-core.c | 7 +- drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 ++- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++++------- drivers/media/usb/s2255/s2255drv.c | 20 +-- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/lantiq_etop.c | 5 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/s390/crypto/pkey_api.c | 4 +- drivers/usb/core/config.c | 18 ++- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/serial/option.c | 38 ++++++ fs/jffs2/super.c | 1 + fs/nilfs2/alloc.c | 18 ++- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 38 +++++- fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 + fs/nilfs2/the_nilfs.h | 2 +- fs/orangefs/super.c | 3 +- include/linux/fsnotify.h | 8 +- include/linux/sunrpc/clnt.h | 1 + kernel/exit.c | 2 + mm/page-writeback.c | 2 +- net/bluetooth/hci_event.c | 2 +- net/ceph/mon_client.c | 14 +- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp_input.c | 158 ++++++++++++---------- net/ipv4/tcp_metrics.c | 1 + net/ipv4/tcp_timer.c | 45 +++++- net/sctp/socket.c | 7 +- net/sunrpc/clnt.c | 5 +- tools/testing/selftests/net/msg_zerocopy.c | 14 +- 55 files changed, 543 insertions(+), 263 deletions(-)

9 months, 1 week

2
1
0 0

[git:media_tree/master] media: stm32: dcmipp: correct error handling in dcmipp_create_subdevs

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: stm32: dcmipp: correct error handling in dcmipp_create_subdevs Author: Alain Volmat <alain.volmat(a)foss.st.com> Date: Wed Jul 3 13:59:16 2024 +0200 Correct error handling within the dcmipp_create_subdevs by properly decrementing the i counter when releasing the subdevs. Fixes: 28e0f3772296 ("media: stm32-dcmipp: STM32 DCMIPP camera interface driver") Cc: stable(a)vger.kernel.org Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Acked-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> [hverkuil: correct the indices: it's [i], not [i - 1].] drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- diff --git a/drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c b/drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c index 4acc3b90d03a..7f771ea49b78 100644 --- a/drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c +++ b/drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c @@ -202,8 +202,8 @@ static int dcmipp_create_subdevs(struct dcmipp_device *dcmipp) return 0; err_init_entity: - while (i > 0) - dcmipp->pipe_cfg->ents[i - 1].release(dcmipp->entity[i - 1]); + while (i-- > 0) + dcmipp->pipe_cfg->ents[i].release(dcmipp->entity[i]); return ret; }

9 months, 1 week

1
0
0 0

[PATCH 5.10 000/284] 5.10.221-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.221 release. There are 284 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 06 Jul 2024 09:44:13 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.221-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.221-rc2 Yunseong Kim <yskelg(a)gmail.com> tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Udit Kumar <u-kumar1(a)ti.com> serial: 8250_omap: Fix Errata i2310 with RX FIFO level check Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xdp: xdp_mem_allocator can be NULL in trace_mem_connect(). Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Add sound-dai-cells for RK3368 Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption Ard Biesheuvel <ardb(a)kernel.org> efi/x86: Free EFI memory map only when installing a new one. Ard Biesheuvel <ardb(a)kernel.org> efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures Ard Biesheuvel <ardb(a)kernel.org> efi: memmap: Move manipulation routines into x86 arch tree Liu Zixian <liuzixian4(a)huawei.com> efi: Correct comment on efi_memmap_alloc Zheng Zhi Yuan <kevinjone25(a)g.ncu.edu.tw> drivers: fix typo in firmware/efi/memmap.c Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix data races around icsk->icsk_af_ops. Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix data races around sk->sk_prot. Eric Dumazet <edumazet(a)google.com> ipv6: annotate some data-races around sk->sk_prot Matthew Wilcox (Oracle) <willy(a)infradead.org> nfs: Leave pages in the pagecache if readpage failed Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Refuse too small period requests Jaime Liao <jaimeliao(a)mxic.com.tw> mtd: spinand: macronix: Add support for serial NAND flash Arnd Bergmann <arnd(a)arndb.de> syscalls: fix compat_sys_io_pgetevents_time64 usage Arnd Bergmann <arnd(a)arndb.de> ftruncate: pass a signed offset Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix double free on error Niklas Cassel <cassel(a)kernel.org> ata: ahci: Clean up sysfs file on error Sven Eckelmann <sven(a)narfation.org> batman-adv: Don't accept TT entries for out-of-spec VIDs Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix potential UAF by revoke of fence registers Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes Arnd Bergmann <arnd(a)arndb.de> hexagon: fix fadvise64_64 calling conventions Arnd Bergmann <arnd(a)arndb.de> csky, hexagon: fix broken sys_sync_file_range Dragan Simic <dsimic(a)manjaro.org> kbuild: Install dtb files as 0644 in Makefile.dtbinst Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: recover socket queue on CAN bus error during BAM transmission Shigeru Yoshida <syoshida(a)redhat.com> net: can: j1939: Initialize unused data in j1939_send_one() Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> tty: mcf: MCF54418 has 10 UARTS Udit Kumar <u-kumar1(a)ti.com> serial: 8250_omap: Implementation of Errata i2310 Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix endpoint checking in cxacru_bind() Dan Carpenter <dan.carpenter(a)linaro.org> usb: musb: da8xx: fix a resource leak in probe() Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: fix races against disable Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: SS+ support Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: improve link status logs Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix sensor data read operation Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix overflows in compensate() functions Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix calibration data variable Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix pressure value output Fernando Yang <hagisf(a)usp.br> iio: adc: ad7266: Fix variable checking bug David Lechner <dlechner(a)baylibre.com> counter: ti-eqep: enable clock at probe Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not invert write-protect twice Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Jan Kara <jack(a)suse.cz> ocfs2: fix DIO failure due to insufficient transaction credits Linus Torvalds <torvalds(a)linux-foundation.org> x86: stop playing stack games in profile_pc() Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) Aleksandr Mishin <amishin(a)t-argos.ru> gpio: davinci: Validate the obtained number of IRQs Liu Ying <victor.liu(a)nxp.com> drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Hannes Reinecke <hare(a)suse.de> nvme: fixup comment for nvme RDMA Provider Type Erick Archer <erick.archer(a)outlook.com> drm/radeon/radeon_display: Decrease the size of allocated memory Andrew Davis <afd(a)ti.com> soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Ricardo Ribalda <ribalda(a)chromium.org> media: dvbdev: Initialize sbuf Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emux: improve patch ioctl data validation Dawei Li <dawei.li(a)shingroup.cn> net/dpaa2: Avoid explicit cpumask var allocation on stack Dawei Li <dawei.li(a)shingroup.cn> net/iucv: Avoid explicit cpumask var allocation on stack Anton Protopopov <aspsk(a)isovalent.com> bpf: Add a check for struct bpf_fib_lookup size Denis Arefev <arefev(a)swemel.ru> mtd: partitions: redboot: Added conversion of operands to a larger type Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Arnd Bergmann <arnd(a)arndb.de> parisc: use correct compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix old compat_sys_select() Daniil Dulov <d.dulov(a)aladdin.ru> xdp: Remove WARN() from __xdp_reg_mem_model() Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: Allow registering memory model without rxq reference Jakub Kicinski <kuba(a)kernel.org> xdp: Move the rxq_info.mem clearing to unreg_mem_model() Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: phy: micrel: add Microchip KSZ 9477 to the device table Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix initial port flush problem Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> ASoC: fsl-asoc-card: set priv->pdev before using it Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix svcxdr_init_encode's buflen calculation Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency() Yunjian Wang <wangyunjian(a)huawei.com> SUNRPC: Fix null pointer dereference in svc_rqst_free() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate family when identifying table via handle Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix UBSAN warning in kv_dpm.c Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: use dedicated pinctrl type for RK3328 Jianqun Xu <jay.xu(a)rock-chips.com> pinctrl/rockchip: separate struct rockchip_pin_bank to a head file Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins Hagar Hemdan <hagarhem(a)amazon.com> pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER John Keeping <jkeeping(a)inmusicbrands.com> Input: ili210x - fix ili251x_read_touch_data() return value Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Force StorageD3Enable on more products Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Add another system to quirk list for forcing StorageD3Enable Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable Mario Limonciello <mario.limonciello(a)amd.com> ACPI: Add quirks for AMD Renoir/Lucienne CPUs to force the D3 hint Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix deadlock in smb2_find_smb_tcon() Shyam Prasad N <sprasad(a)microsoft.com> cifs: missed ref-counting smb session in find Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Check for invalid SMN reads Naveen Naidu <naveennaidu479(a)gmail.com> PCI: Add PCI_ERROR_RESPONSE and related definitions Haifeng Xu <haifeng.xu(a)shopee.com> perf/core: Fix missing wakeup when waiting for context reference Matthias Maennich <maennich(a)google.com> kheaders: explicitly define file modes for archived headers Masahiro Yamada <masahiroy(a)kernel.org> Revert "kheaders: substituting --sort in archive creation" Ken Milmore <ken.milmore(a)gmail.com> r8169: Fix possible ring buffer corruption on fragmented Tx packets. Heiner Kallweit <hkallweit1(a)gmail.com> r8169: remove not needed check in rtl8169_start_xmit Heiner Kallweit <hkallweit1(a)gmail.com> r8169: remove nr_frags argument from rtl_tx_slots_avail Heiner Kallweit <hkallweit1(a)gmail.com> r8169: improve rtl8169_start_xmit Heiner Kallweit <hkallweit1(a)gmail.com> r8169: improve rtl_tx Heiner Kallweit <hkallweit1(a)gmail.com> r8169: remove unneeded memory barrier in rtl_tx Tony Luck <tony.luck(a)intel.com> x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL Tony Luck <tony.luck(a)intel.com> x86/cpu/vfm: Add new macros to work with (vendor/family/model) values Jeff Johnson <quic_jjohnson(a)quicinc.com> tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test Matthew Mirvish <matthew(a)mm12.xyz> bcache: fix variable length array abuse in btree_iter Vamshi Gajjela <vamshigajjela(a)google.com> spmi: hisi-spmi-controller: Do not override device identifier Trond Myklebust <trond.myklebust(a)hammerspace.com> knfsd: LOOKUP can return an illegal error value Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> pmdomain: ti-sci: Fix duplicate PD referrals Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power Kees Cook <keescook(a)chromium.org> rtlwifi: rtl8192de: Style clean-ups Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdkv310: fix keypad no-autorepeat Martin Leung <martin.leung(a)amd.com> drm/amd/display: revert Exit idle optimizations before HDCP execution Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema Grygorii Tertychnyi <grembeter(a)gmail.com> i2c: ocores: set IACK bit after core is enabled Aleksandr Nogikh <nogikh(a)google.com> kcov: don't lose track of remote references during softirqs Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 14 Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: fix UBSAN warning in kv_dpm.c Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on N14AP7 Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Add check for srq max_sge attribute Raju Rangoju <Raju.Rangoju(a)amd.com> ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix missing kmem_cache_destroy() Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix error path in ioat3_dma_probe() Bjorn Helgaas <bhelgaas(a)google.com> dmaengine: ioat: use PCI core macros for PCIe Capability Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix leaking on version mismatch Bjorn Helgaas <bhelgaas(a)google.com> dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() Qing Wang <wangqing(a)vivo.com> dmaengine: ioat: switch from 'pci_' to 'dma_' API Biju Das <biju.das.jz(a)bp.renesas.com> regulator: core: Fix modpost error "regulator_get_regmap" undefined Oliver Neukum <oneukum(a)suse.com> net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix suspicious rcu_dereference_protected() Heng Qi <hengqi(a)linux.alibaba.com> virtio_net: checksum offloading handling fix Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: No need to calculate speed divider when offload is disabled Xin Long <lucien.xin(a)gmail.com> sched: act_ct: add netns into the key of tcf_ct_flow_table Vlad Buslov <vladbu(a)nvidia.com> net/sched: act_ct: set 'net' pointer when creating new nf_flow_table Xin Long <lucien.xin(a)gmail.com> tipc: force a dst refcount before doing decryption David Ruth <druth(a)chromium.org> net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_api: rely on rcu in tcf_idr_check_alloc Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Make interrupt remembering atomic Yue Haibing <yuehaibing(a)huawei.com> netns: Make get_net_ns() handle zero refcount net Eric Dumazet <edumazet(a)google.com> xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL dereference in rt6_probe() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL deref in fib6_nh_init() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> netrom: Fix a memory leak in nr_heartbeat_expiry() Ondrej Mosnacek <omosnace(a)redhat.com> cipso: fix total option length computation Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: Build event generation tests only as modules Christian Marangi <ansuelsmth(a)gmail.com> mips: bmips: BCM6358: make sure CBR is correctly set Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> MIPS: Routerboard 532: Fix vendor retry check code Parker Newman <pnewman(a)connecttech.com> serial: exar: adding missing CTI and Exar PCI ids Songyang Li <leesongyang(a)outlook.com> MIPS: Octeon: Add PCIe link status check Mario Limonciello <mario.limonciello(a)amd.com> PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports Roman Smirnov <r.smirnov(a)omp.ru> udf: udftime: prevent overflow in udf_disk_stamp_to_time() Alex Henrie <alexhenrie24(a)gmail.com> usb: misc: uss720: check for incompatible versions of the Belkin F5U002 Yunlei He <heyunlei(a)oppo.com> f2fs: remove clear SB_INLINECRYPT flag in default_options Aleksandr Aprelkov <aaprelkov(a)usergate.com> iommu/arm-smmu-v3: Free MSIs in case of ENOMEM Tzung-Bi Shih <tzungbi(a)kernel.org> power: supply: cros_usbpd: provide ID table for avoiding fallback match Michael Ellerman <mpe(a)ellerman.id.au> powerpc/io: Avoid clang null pointer arithmetic warnings Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries: Enforce hcall result buffer validity and size Erico Nunes <nunes.erico(a)gmail.com> drm/lima: mask irqs in timeout path before hard reset Erico Nunes <nunes.erico(a)gmail.com> drm/lima: add mask irq callback to gp and pp Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14 Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Exit idle optimizations before HDCP execution Uri Arev <me(a)wantyapps.xyz> Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl Takashi Iwai <tiwai(a)suse.de> ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 Sean O'Brien <seobrien(a)chromium.org> HID: Add quirk for Logitech Casa touchpad Breno Leitao <leitao(a)debian.org> netpoll: Fix race condition in netpoll_owner_active Kunwu Chan <chentao(a)kylinos.cn> kselftest: arm64: Add a null pointer check Manish Rangankar <mrangankar(a)marvell.com> scsi: qedi: Fix crash while reading debugfs attribute Wander Lairson Costa <wander(a)redhat.com> drop_monitor: replace spin_lock by raw_spin_lock Eric Dumazet <edumazet(a)google.com> af_packet: avoid a false positive warning in packet_setsockopt() Arnd Bergmann <arnd(a)arndb.de> wifi: ath9k: work around memset overflow warning Eric Dumazet <edumazet(a)google.com> batman-adv: bypass empty buckets in batadv_purge_orig_ref() Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix flaky test btf_map_in_map/lookup_update Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh Justin Stitt <justinstitt(a)google.com> block/ioctl: prefer different overflow check Zqiang <qiang.zhang1211(a)gmail.com> rcutorture: Fix invalid context warning when enable srcu barrier testing Paul E. McKenney <paulmck(a)kernel.org> rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment Herbert Xu <herbert(a)gondor.apana.org.au> padata: Disable BH when taking works lock on MT path Oleg Nesterov <oleg(a)redhat.com> zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING Jean Delvare <jdelvare(a)suse.de> i2c: designware: Fix the functionality flags of the slave-only interface Jean Delvare <jdelvare(a)suse.de> i2c: at91: Fix the functionality flags of the slave-only interface Shichao Lai <shichaorai(a)gmail.com> usb-storage: alauda: Check whether the media is initialized Sicong Huang <congei42(a)163.com> greybus: Fix use-after-free bug in gb_interface_release due to race condition. Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Jump to error handling labels in start/stop errors YonglongLi <liyonglong(a)chinatelecom.cn> mptcp: pm: update add_addr counters after connect YonglongLi <liyonglong(a)chinatelecom.cn> mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_una is properly initialized on connect Matthias Goergens <matthias.goergens(a)gmail.com> hugetlb_encode.h: fix undefined behaviour (34 << 26) Doug Brown <doug(a)schmorgal.com> serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level Oleg Nesterov <oleg(a)redhat.com> tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential kernel bug due to lack of writeback flag waiting Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Lunar Lake support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Sapphire Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids support Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs Nuno Sa <nuno.sa(a)analog.com> dmaengine: axi-dmac: fix possible race in remove() Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Su Yue <glass.su(a)suse.com> ocfs2: fix races between hole punching and AIO+DIO Su Yue <glass.su(a)suse.com> ocfs2: use coarse time for new created files Rik van Riel <riel(a)surriel.com> fs/proc: fix softlockup in __read_vmcore Hagar Gamal Halim Hemdan <hagarhem(a)amazon.com> vmci: prevent speculation leaks by sanitizing event in event_deliver() Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found Jani Nikula <jani.nikula(a)intel.com> drm/exynos/vidi: fix memory leak in .get_modes() Dirk Behme <dirk.behme(a)de.bosch.com> drivers: core: synchronize really_probe() and dev_uevent() Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: delete unneeded update watermark call Marc Ferland <marc.ferland(a)sonatest.com> iio: dac: ad5592r: fix temperature channel scaling value David Lechner <dlechner(a)baylibre.com> iio: adc: ad9467: fix scan type sign Taehee Yoo <ap420073(a)gmail.com> ionic: fix use after netif_napi_del() Petr Pavlu <petr.pavlu(a)suse.com> net/ipv6: Fix the RT cache flush via sysctl using a previous delay Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_v6_syn_recv_sock() Adam Miotk <adam.miotk(a)arm.com> drm/bridge/panel: Fix runtime warning on panel bridge release Amjad Ouled-Ameur <amjad.ouled-ameur(a)arm.com> drm/komeda: check for error-valued pointer Aleksandr Mishin <amishin(a)t-argos.ru> liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet Jie Wang <wangjie125(a)huawei.com> net: hns3: add cond_resched() to hns3 ring buffer init process Csókás, Bence <csokas.bence(a)prolan.hu> net: sfp: Always call `sfp_sm_mod_remove()` on remove Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: 3D disabled should not effect STDU memory limits José Expósito <jose.exposito89(a)gmail.com> HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Return right value in iommu_sva_bind_device() Kun(llfl) <llfl(a)linux.alibaba.com> iommu/amd: Fix sysfs leak in iommu init Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Introduce pci segment structure Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> gpio: tqmx86: store IRQ trigger type and unmask status separately Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> HID: core: remove unnecessary WARN_ON() in implement() Gregor Herburger <gregor.herburger(a)tq-group.com> gpio: tqmx86: fix typo in Kconfig label Chen Hanxiao <chenhx.fnst(a)fujitsu.com> SUNRPC: return proper error from gss_wrap_req_priv Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: try trimming too long modalias strings Michael Ellerman <mpe(a)ellerman.id.au> powerpc/uaccess: Fix build errors seen with GCC 13/14 Breno Leitao <leitao(a)debian.org> scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply broken streams quirk to Etron EJ188 xHCI host Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply reset resume quirk to Etron EJ188 xHCI host Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Set correct transferred length for cancelled bulk transfers Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> jfs: xattr: fix buffer overflow for invalid xattr Tomas Winkler <tomas.winkler(a)intel.com> mei: me: release irq in mei_me_pci_resume error path Alan Stern <stern(a)rowland.harvard.edu> USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: return the mapped address from nilfs_get_page() Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: Remove check for PageError Filipe Manana <fdmanana(a)suse.com> btrfs: fix leak of qgroup extent records after transaction abort Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix bogus test success on Aarch64 Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: conform test to TAP format output Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mmc: davinci: Don't strip remove function when driver is builtin Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: replace hardcoded divisor value with BIT() macro George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Eric Dumazet <edumazet(a)google.com> ipv6: fix possible race in __fib6_drop_pcpu_from() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). Karol Kolacinski <karol.kolacinski(a)intel.com> ptp: Fix error message on failed pin verification Eric Dumazet <edumazet(a)google.com> net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP Jason Xing <kernelxing(a)tencent.com> tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Hangyu Hua <hbh25y(a)gmail.com> net: sched: sch_multiq: fix possible OOB write in multiq_tune() Eric Dumazet <edumazet(a)google.com> ipv6: sr: block BH in seg6_output_core() and seg6_input_core() DelphineCCChiu <delphine_cc_chiu(a)wiwynn.com> net/ncsi: Fix the multi thread manner of NCSI driver Peter Delevoryas <peter(a)pjd.dev> net/ncsi: Simplify Kconfig/dts control flow Ivan Mikhaylov <i.mikhaylov(a)yadro.com> net/ncsi: add NCSI Intel OEM command to keep PHY up Lingbo Kong <quic_lingbok(a)quicinc.com> wifi: mac80211: correctly parse Spatial Reuse Parameter Set element Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't read past the mfuart notifcation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: check n_ssids before accessing the ssids Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 Lin Ma <linma(a)zju.edu.cn> wifi: cfg80211: pmsr: use correct nla_get_uX functions Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects Damien Le Moal <dlemoal(a)kernel.org> null_blk: Print correct max open zones limit in null_init_zoned_dev() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing/selftests: Fix kprobe event name test for .isra. functions ------------- Diffstat: .../bindings/i2c/google,cros-ec-i2c-tunnel.yaml | 2 +- Makefile | 4 +- arch/arm/boot/dts/exynos4210-smdkv310.dts | 2 +- arch/arm/boot/dts/exynos4412-origen.dts | 2 +- arch/arm/boot/dts/exynos4412-smdk4412.dts | 2 +- arch/arm/boot/dts/rk3066a.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 + arch/arm64/include/asm/kvm_host.h | 1 + arch/arm64/include/asm/unistd32.h | 2 +- arch/arm64/kvm/arm.c | 6 +- arch/arm64/kvm/vgic/vgic-v3.c | 2 +- arch/arm64/kvm/vgic/vgic-v4.c | 8 +- arch/csky/include/uapi/asm/unistd.h | 1 + arch/hexagon/include/asm/syscalls.h | 6 + arch/hexagon/include/uapi/asm/unistd.h | 1 + arch/hexagon/kernel/syscalltab.c | 7 + arch/mips/bmips/setup.c | 3 +- arch/mips/kernel/syscalls/syscall_n32.tbl | 2 +- arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/mips/pci/ops-rc32434.c | 4 +- arch/mips/pci/pcie-octeon.c | 6 + arch/parisc/kernel/syscalls/syscall.tbl | 4 +- arch/powerpc/include/asm/hvcall.h | 8 +- arch/powerpc/include/asm/io.h | 24 +- arch/powerpc/include/asm/uaccess.h | 15 +- arch/powerpc/kernel/syscalls/syscall.tbl | 2 +- arch/s390/kernel/syscalls/syscall.tbl | 2 +- arch/sparc/kernel/sys32.S | 221 ---------------- arch/sparc/kernel/syscalls/syscall.tbl | 8 +- arch/x86/entry/syscalls/syscall_32.tbl | 2 +- arch/x86/include/asm/cpu_device_id.h | 98 +++++++ arch/x86/include/asm/efi.h | 11 + arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/cpu/match.c | 4 +- arch/x86/kernel/time.c | 20 +- arch/x86/platform/efi/Makefile | 3 +- arch/x86/platform/efi/efi.c | 8 +- arch/x86/platform/efi/memmap.c | 249 +++++++++++++++++ block/ioctl.c | 2 +- drivers/acpi/acpica/exregion.c | 23 +- drivers/acpi/device_pm.c | 3 + drivers/acpi/internal.h | 9 + drivers/acpi/video_detect.c | 8 + drivers/acpi/x86/utils.c | 34 +++ drivers/ata/ahci.c | 17 +- drivers/ata/libata-core.c | 8 +- drivers/base/core.c | 3 + drivers/block/null_blk/zoned.c | 2 +- drivers/bluetooth/ath3k.c | 25 +- drivers/counter/ti-eqep.c | 6 + drivers/dma/dma-axi-dmac.c | 2 +- drivers/dma/ioat/init.c | 73 +++-- drivers/dma/ioat/registers.h | 7 - drivers/firmware/efi/fdtparams.c | 4 + drivers/firmware/efi/memmap.c | 239 +---------------- drivers/gpio/Kconfig | 2 +- drivers/gpio/gpio-davinci.c | 5 + drivers/gpio/gpio-tqmx86.c | 46 ++-- drivers/gpio/gpiolib-cdev.c | 16 +- .../amd/display/dc/dcn10/dcn10_stream_encoder.c | 6 + drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c | 2 + .../drm/arm/display/komeda/komeda_pipeline_state.c | 2 +- drivers/gpu/drm/bridge/panel.c | 7 +- drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 7 +- drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 + drivers/gpu/drm/lima/lima_bcast.c | 12 + drivers/gpu/drm/lima/lima_bcast.h | 3 + drivers/gpu/drm/lima/lima_gp.c | 8 + drivers/gpu/drm/lima/lima_pp.c | 18 ++ drivers/gpu/drm/lima/lima_sched.c | 7 + drivers/gpu/drm/lima/lima_sched.h | 1 + drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 + drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 +- drivers/gpu/drm/panel/panel-simple.c | 1 + drivers/gpu/drm/radeon/radeon.h | 1 - drivers/gpu/drm/radeon/radeon_display.c | 8 +- drivers/gpu/drm/radeon/sumo_dpm.c | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 7 - drivers/greybus/interface.c | 1 + drivers/hid/hid-core.c | 1 - drivers/hid/hid-ids.h | 1 + drivers/hid/hid-logitech-dj.c | 4 +- drivers/hid/hid-multitouch.c | 6 + drivers/hwtracing/intel_th/pci.c | 25 ++ drivers/i2c/busses/i2c-at91-slave.c | 3 +- drivers/i2c/busses/i2c-designware-slave.c | 2 +- drivers/i2c/busses/i2c-ocores.c | 2 +- drivers/iio/adc/ad7266.c | 2 + drivers/iio/adc/ad9467.c | 4 +- drivers/iio/chemical/bme680.h | 2 + drivers/iio/chemical/bme680_core.c | 62 ++++- drivers/iio/dac/ad5592r-base.c | 2 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 4 - drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 4 - drivers/infiniband/hw/mlx5/srq.c | 13 +- drivers/input/input.c | 105 ++++++-- drivers/input/touchscreen/ili210x.c | 4 +- drivers/iommu/amd/amd_iommu_types.h | 24 +- drivers/iommu/amd/init.c | 55 +++- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +- drivers/md/bcache/bset.c | 44 +-- drivers/md/bcache/bset.h | 28 +- drivers/md/bcache/btree.c | 40 +-- drivers/md/bcache/super.c | 5 +- drivers/md/bcache/sysfs.c | 2 +- drivers/md/bcache/writeback.c | 10 +- drivers/media/dvb-core/dvbdev.c | 2 +- drivers/misc/mei/pci-me.c | 4 +- drivers/misc/vmw_vmci/vmci_event.c | 6 +- drivers/mmc/host/davinci_mmc.c | 4 +- drivers/mmc/host/sdhci-pci-core.c | 11 +- drivers/mmc/host/sdhci.c | 25 +- drivers/mtd/nand/spi/macronix.c | 112 ++++++++ drivers/mtd/parsers/redboot.c | 2 +- drivers/net/dsa/microchip/ksz9477.c | 6 +- drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 +- drivers/net/ethernet/qualcomm/qca_debug.c | 6 +- drivers/net/ethernet/qualcomm/qca_spi.c | 16 +- drivers/net/ethernet/qualcomm/qca_spi.h | 3 +- drivers/net/ethernet/realtek/r8169_main.c | 48 ++-- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 55 ++-- drivers/net/phy/micrel.c | 1 + drivers/net/phy/sfp.c | 3 +- drivers/net/usb/ax88179_178a.c | 6 +- drivers/net/usb/rtl8150.c | 3 +- drivers/net/virtio_net.c | 12 +- drivers/net/vxlan/vxlan_core.c | 4 + drivers/net/wireless/ath/ath.h | 6 +- drivers/net/wireless/ath/ath9k/main.c | 3 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 - drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 4 +- .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 19 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 1 - drivers/pci/controller/pcie-rockchip-ep.c | 6 +- drivers/pci/pci.c | 12 + drivers/pinctrl/core.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 294 +++++---------------- drivers/pinctrl/pinctrl-rockchip.h | 246 +++++++++++++++++ drivers/power/supply/cros_usbpd-charger.c | 11 +- drivers/ptp/ptp_chardev.c | 3 +- drivers/pwm/pwm-stm32.c | 3 + drivers/regulator/core.c | 1 + drivers/remoteproc/ti_k3_r5_remoteproc.c | 25 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 19 ++ drivers/scsi/qedi/qedi_debugfs.c | 12 +- drivers/soc/ti/ti_sci_pm_domains.c | 20 +- drivers/soc/ti/wkup_m3_ipc.c | 7 +- drivers/staging/hikey9xx/hisi-spmi-controller.c | 1 - drivers/tty/serial/8250/8250_exar.c | 42 +++ drivers/tty/serial/8250/8250_omap.c | 22 +- drivers/tty/serial/8250/8250_pxa.c | 1 + drivers/tty/serial/mcf.c | 2 +- drivers/tty/serial/sc16is7xx.c | 25 +- drivers/usb/atm/cxacru.c | 14 + drivers/usb/class/cdc-wdm.c | 4 +- drivers/usb/gadget/function/f_fs.c | 4 + drivers/usb/gadget/function/f_printer.c | 40 ++- drivers/usb/host/xhci-pci.c | 7 + drivers/usb/host/xhci-ring.c | 5 +- drivers/usb/misc/uss720.c | 22 +- drivers/usb/musb/da8xx.c | 8 +- drivers/usb/storage/alauda.c | 9 +- fs/btrfs/disk-io.c | 10 +- fs/cifs/smb2transport.c | 12 +- fs/f2fs/super.c | 2 - fs/jfs/xattr.c | 4 +- fs/nfs/read.c | 4 - fs/nfsd/nfs4state.c | 7 +- fs/nfsd/nfsfh.c | 4 +- fs/nilfs2/dir.c | 59 ++--- fs/nilfs2/segment.c | 3 + fs/ocfs2/aops.c | 5 + fs/ocfs2/file.c | 2 + fs/ocfs2/journal.c | 17 ++ fs/ocfs2/journal.h | 2 + fs/ocfs2/namei.c | 2 +- fs/ocfs2/ocfs2_trace.h | 2 + fs/open.c | 4 +- fs/proc/vmcore.c | 2 + fs/udf/udftime.c | 11 +- include/kvm/arm_vgic.h | 2 +- include/linux/compat.h | 2 +- include/linux/efi.h | 10 +- include/linux/iommu.h | 2 +- include/linux/kcov.h | 2 + include/linux/mod_devicetable.h | 2 + include/linux/nvme.h | 4 +- include/linux/pci.h | 9 + include/linux/sunrpc/svc.h | 20 +- include/linux/syscalls.h | 2 +- include/net/bluetooth/hci_core.h | 36 ++- include/net/netfilter/nf_tables.h | 5 + include/net/xdp.h | 3 + include/trace/events/qdisc.h | 4 +- include/trace/events/sunrpc.h | 8 +- include/uapi/asm-generic/hugetlb_encode.h | 26 +- include/uapi/asm-generic/unistd.h | 2 +- kernel/events/core.c | 13 + kernel/gcov/gcc_4_7.c | 4 +- kernel/gen_kheaders.sh | 9 +- kernel/kcov.c | 1 + kernel/padata.c | 8 +- kernel/pid_namespace.c | 1 + kernel/rcu/rcutorture.c | 12 +- kernel/sys_ni.c | 2 +- kernel/time/tick-common.c | 42 +-- kernel/trace/Kconfig | 4 +- kernel/trace/preemptirq_delay_test.c | 1 + net/batman-adv/originator.c | 29 ++ net/bluetooth/l2cap_core.c | 8 +- net/can/j1939/main.c | 6 +- net/can/j1939/transport.c | 21 +- net/core/drop_monitor.c | 20 +- net/core/filter.c | 3 + net/core/net_namespace.c | 9 +- net/core/netpoll.c | 2 +- net/core/sock.c | 6 +- net/core/xdp.c | 100 ++++--- net/ipv4/af_inet.c | 23 +- net/ipv4/cipso_ipv4.c | 12 +- net/ipv4/tcp.c | 16 +- net/ipv6/af_inet6.c | 24 +- net/ipv6/ip6_fib.c | 6 +- net/ipv6/ipv6_sockglue.c | 9 +- net/ipv6/route.c | 9 +- net/ipv6/seg6_iptunnel.c | 14 +- net/ipv6/tcp_ipv6.c | 9 +- net/ipv6/xfrm6_policy.c | 8 +- net/iucv/iucv.c | 26 +- net/mac80211/he.c | 10 +- net/mac80211/mesh_pathtbl.c | 13 + net/mac80211/sta_info.c | 4 +- net/mptcp/pm_netlink.c | 18 +- net/mptcp/protocol.c | 1 + net/ncsi/Kconfig | 6 + net/ncsi/internal.h | 7 + net/ncsi/ncsi-manage.c | 112 +++++--- net/ncsi/ncsi-rsp.c | 4 +- net/netfilter/ipset/ip_set_core.c | 104 ++++---- net/netfilter/ipset/ip_set_list_set.c | 30 +-- net/netfilter/nf_tables_api.c | 13 +- net/netfilter/nft_lookup.c | 3 +- net/netrom/nr_timer.c | 3 +- net/packet/af_packet.c | 26 +- net/sched/act_api.c | 66 +++-- net/sched/act_ct.c | 21 +- net/sched/sch_multiq.c | 2 +- net/sched/sch_taprio.c | 15 +- net/sunrpc/auth_gss/auth_gss.c | 4 +- net/sunrpc/svc.c | 18 +- net/tipc/node.c | 1 + net/unix/af_unix.c | 47 ++-- net/unix/diag.c | 12 +- net/wireless/pmsr.c | 8 +- scripts/Makefile.dtbinst | 2 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/fsl/fsl-asoc-card.c | 3 +- sound/soc/intel/boards/sof_sdw.c | 9 + sound/synth/emux/soundfont.c | 17 +- tools/include/asm-generic/hugetlb_encode.h | 20 +- tools/testing/selftests/arm64/tags/tags_test.c | 4 + .../selftests/bpf/prog_tests/btf_map_in_map.c | 26 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 +- .../ftrace/test.d/kprobe/kprobe_eventname.tc | 3 +- tools/testing/selftests/vm/compaction_test.c | 103 ++++---- 273 files changed, 2839 insertions(+), 1804 deletions(-)

9 months, 1 week

8
10
0 0

[PATCH 6.1] cifs: use origin fullpath for automounts

by Andrew Paniakin

From: Paulo Alcantara <pc(a)cjr.nz> commit 7ad54b98fc1f141cfb70cfe2a3d6def5a85169ff upstream. Use TCP_Server_Info::origin_fullpath instead of cifs_tcon::tree_name when building source paths for automounts as it will be useful for domain-based DFS referrals where the connections and referrals would get either re-used from the cache or re-created when chasing the dfs link. Signed-off-by: Paulo Alcantara (SUSE) <pc(a)cjr.nz> Signed-off-by: Steve French <stfrench(a)microsoft.com> [apanyaki: backport to v6.1-stable] Signed-off-by: Andrew Paniakin <apanyaki(a)amazon.com> --- This patch fixes issue reported in https://lore.kernel.org/regressions/ZnMkNzmitQdP9OIC@3c06303d853a.ant.amazo… 1. The set_dest_addr function gets ip address differntly. In kernel 6.1 the dns_resolve_server_name_to_ip function returns string instead of struct sockaddr, this string needs to be converted with cifs_convert_address then. 2. There's no tmp.leaf_fullpath field in kernel 6.1, it was introduced later in a1c0d00572fc ("cifs: share dfs connections and supers") 3. __build_path_from_dentry_optional_prefix and dfs_get_automount_devname were added to fs/smb/client/cifsproto.h instead of fs/cifs/dfs.h which doesn't exist in 6.1 --- fs/smb/client/cifs_dfs_ref.c | 34 ++++++++++++++++++++++++++++++++-- fs/smb/client/cifsproto.h | 18 ++++++++++++++++++ fs/smb/client/dir.c | 21 +++++++++++++++------ 3 files changed, 65 insertions(+), 8 deletions(-) diff --git a/fs/smb/client/cifs_dfs_ref.c b/fs/smb/client/cifs_dfs_ref.c index 020e71fe1454..876f9a43a99d 100644 --- a/fs/smb/client/cifs_dfs_ref.c +++ b/fs/smb/client/cifs_dfs_ref.c @@ -258,6 +258,31 @@ char *cifs_compose_mount_options(const char *sb_mountdata, goto compose_mount_options_out; } +static int set_dest_addr(struct smb3_fs_context *ctx, const char *full_path) +{ + struct sockaddr *addr = (struct sockaddr *)&ctx->dstaddr; + char *str_addr = NULL; + int rc; + + rc = dns_resolve_server_name_to_ip(full_path, &str_addr, NULL); + if (rc < 0) + goto out; + + rc = cifs_convert_address(addr, str_addr, strlen(str_addr)); + if (!rc) { + cifs_dbg(FYI, "%s: failed to convert ip address\n", __func__); + rc = -EINVAL; + goto out; + } + + cifs_set_port(addr, ctx->port); + rc = 0; + +out: + kfree(str_addr); + return rc; +} + /* * Create a vfsmount that we can automount */ @@ -295,8 +320,7 @@ static struct vfsmount *cifs_dfs_do_automount(struct path *path) ctx = smb3_fc2context(fc); page = alloc_dentry_path(); - /* always use tree name prefix */ - full_path = build_path_from_dentry_optional_prefix(mntpt, page, true); + full_path = dfs_get_automount_devname(mntpt, page); if (IS_ERR(full_path)) { mnt = ERR_CAST(full_path); goto out; @@ -315,6 +339,12 @@ static struct vfsmount *cifs_dfs_do_automount(struct path *path) goto out; } + rc = set_dest_addr(ctx, full_path); + if (rc) { + mnt = ERR_PTR(rc); + goto out; + } + rc = smb3_parse_devname(full_path, ctx); if (!rc) mnt = fc_mount(fc); diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h index f37e4da0fe40..6dbc9afd6728 100644 --- a/fs/smb/client/cifsproto.h +++ b/fs/smb/client/cifsproto.h @@ -57,8 +57,26 @@ extern void exit_cifs_idmap(void); extern int init_cifs_spnego(void); extern void exit_cifs_spnego(void); extern const char *build_path_from_dentry(struct dentry *, void *); +char *__build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, + const char *tree, int tree_len, + bool prefix); extern char *build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, bool prefix); +static inline char *dfs_get_automount_devname(struct dentry *dentry, void *page) +{ + struct cifs_sb_info *cifs_sb = CIFS_SB(dentry->d_sb); + struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb); + struct TCP_Server_Info *server = tcon->ses->server; + + if (unlikely(!server->origin_fullpath)) + return ERR_PTR(-EREMOTE); + + return __build_path_from_dentry_optional_prefix(dentry, page, + server->origin_fullpath, + strlen(server->origin_fullpath), + true); +} + static inline void *alloc_dentry_path(void) { return __getname(); diff --git a/fs/smb/client/dir.c b/fs/smb/client/dir.c index 863c7bc3db86..477302157ab3 100644 --- a/fs/smb/client/dir.c +++ b/fs/smb/client/dir.c @@ -78,14 +78,13 @@ build_path_from_dentry(struct dentry *direntry, void *page) prefix); } -char * -build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, - bool prefix) +char *__build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, + const char *tree, int tree_len, + bool prefix) { int dfsplen; int pplen = 0; struct cifs_sb_info *cifs_sb = CIFS_SB(direntry->d_sb); - struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb); char dirsep = CIFS_DIR_SEP(cifs_sb); char *s; @@ -93,7 +92,7 @@ build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, return ERR_PTR(-ENOMEM); if (prefix) - dfsplen = strnlen(tcon->tree_name, MAX_TREE_SIZE + 1); + dfsplen = strnlen(tree, tree_len + 1); else dfsplen = 0; @@ -123,7 +122,7 @@ build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, } if (dfsplen) { s -= dfsplen; - memcpy(s, tcon->tree_name, dfsplen); + memcpy(s, tree, dfsplen); if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) { int i; for (i = 0; i < dfsplen; i++) { @@ -135,6 +134,16 @@ build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, return s; } +char *build_path_from_dentry_optional_prefix(struct dentry *direntry, void *page, + bool prefix) +{ + struct cifs_sb_info *cifs_sb = CIFS_SB(direntry->d_sb); + struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb); + + return __build_path_from_dentry_optional_prefix(direntry, page, tcon->tree_name, + MAX_TREE_SIZE, prefix); +} + /* * Don't allow path components longer than the server max. * Don't allow the separator character in a path component. -- 2.40.1

9 months, 1 week

3
2
0 0

[PATCH 5.10 000/108] 5.10.222-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.222 release. There are 108 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 18 Jul 2024 15:27:21 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.222-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.222-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> i2c: rcar: fix error code in probe() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: clear NO_RXDMA flag after resetting Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: ensure Gen3+ reset does not disturb local targets Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: introduce Gen4 devices Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: reset controller is mandatory for Gen3+ Geert Uytterhoeven <geert+renesas(a)glider.be> i2c: rcar: Add R-Car Gen4 support Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: mark HostNotify target address as used Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Russell King <russell.king(a)oracle.com> arm64/bpf: Remove 128MB limit for BPF JIT programs Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory Eduard Zingerman <eddyz87(a)gmail.com> bpf: Allow reads from uninit stack Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Ard Biesheuvel <ardb(a)kernel.org> efi: ia64: move IA64-only declarations to new asm/efi.h header Jim Mattson <jmattson(a)google.com> x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: queueing: annotate intentional data race in cpu round robin Helge Deller <deller(a)kernel.org> wireguard: allowedips: avoid unaligned 64-bit memory accesses Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Joy Chakraborty <joychakr(a)google.com> nvmem: meson-efuse: Fix return value of nvmem callbacks He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Dmitry Smirnov <d.smirnov(a)inbox.lv> USB: serial: mos7840: fix crash on resume Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix potential TX stall after interface reopen Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Michal Mazur <mmazur2(a)marvell.com> octeontx2-af: fix detection of IP layer Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Chengen Du <chengen.du(a)canonical.com> net/sched: Fix UAF when resolving a clash Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Oleksij Rempel <linux(a)rempel-privat.de> ethtool: netlink: do not return SQI value if link is down Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Aleksander Jan Bajkowski <olek2(a)wp.pl> net: lantiq_etop: add blank line after declaration Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Brian Foster <bfoster(a)redhat.com> vfs: don't mod negative dentry count when on shrinker list linke li <lilinke99(a)qq.com> fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Jeff Layton <jlayton(a)kernel.org> filelock: fix potential use-after-free in posix_lock_inode Waiman Long <longman(a)redhat.com> mm: prevent derefencing NULL ptr in pfn_section_valid() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Masahiro Yamada <masahiroy(a)kernel.org> kbuild: fix short log for AS in link-vmlinux.sh Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a possible leak when destroy a ctrl during qp establishment hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet Kundan Kumar <kundan.kumar(a)samsung.com> nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Nilay Shroff <nilay(a)linux.ibm.com> nvme-multipath: find NUMA path only for online numa-node Jian-Hong Pan <jhp(a)endlessos.org> ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow GUO Zihua <guozihua(a)huawei.com> ima: Avoid blocking in RCU read-side critical section Wang Yufen <wangyufen(a)huawei.com> bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Bypass a couple of sanity checks during NAND identification Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Jan Kara <jack(a)suse.cz> mm: avoid overflows in dirty throttling logic Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Jozef Hopko <jozef.hopko(a)altana.com> wifi: wilc1000: fix ies_len type in connect path Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Jose E. Marchesi <jose.marchesi(a)oracle.com> bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mickaël Salaün <mic(a)digikod.net> kunit: Fix timeout message Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check pipe offset before setting vblank Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index msg_id before read or write Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Initialize timestamp for some legacy SOCs Hailey Mothershead <hailmo(a)amazon.com> crypto: aead,cipher - zeroize key buffer after use John Meneghini <jmeneghi(a)redhat.com> scsi: qedf: Make qedf_execute_tmf() non-preemptible Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing Erico Nunes <nunes.erico(a)gmail.com> drm/lima: fix shared irq handling on driver remove ------------- Diffstat: Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/arm64/include/asm/extable.h | 9 - arch/arm64/include/asm/memory.h | 5 +- arch/arm64/kernel/traps.c | 2 +- arch/arm64/mm/extable.c | 3 +- arch/arm64/mm/ptdump.c | 2 - arch/arm64/net/bpf_jit_comp.c | 7 +- arch/ia64/include/asm/efi.h | 13 ++ arch/ia64/kernel/efi.c | 1 + arch/ia64/kernel/machine_kexec.c | 1 + arch/ia64/kernel/mca.c | 1 + arch/ia64/kernel/smpboot.c | 1 + arch/ia64/kernel/time.c | 1 + arch/ia64/kernel/uncached.c | 4 +- arch/ia64/mm/contig.c | 1 + arch/ia64/mm/discontig.c | 1 + arch/ia64/mm/init.c | 1 + arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/xmon/xmon.c | 6 +- arch/s390/include/asm/processor.h | 2 +- arch/x86/lib/retpoline.S | 2 +- crypto/aead.c | 3 +- crypto/cipher.c | 3 +- drivers/bluetooth/hci_qca.c | 18 +- drivers/char/hpet.c | 34 +++- drivers/firmware/dmi_scan.c | 11 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + .../amd/display/dc/irq/dce110/irq_service_dce110.c | 8 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 + drivers/gpu/drm/amd/include/atomfirmware.h | 2 +- drivers/gpu/drm/lima/lima_gp.c | 2 + drivers/gpu/drm/lima/lima_mmu.c | 5 + drivers/gpu/drm/lima/lima_pp.c | 4 + drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 +---- drivers/i2c/busses/i2c-rcar.c | 66 ++++--- drivers/i2c/i2c-core-base.c | 1 + drivers/infiniband/core/user_mad.c | 21 +- drivers/input/ff-core.c | 7 +- drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 +- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++----- drivers/media/usb/s2255/s2255drv.c | 20 +- drivers/mtd/nand/raw/nand_base.c | 57 +++--- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/lantiq_etop.c | 5 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- drivers/net/ethernet/micrel/ks8851_common.c | 2 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/net/wireguard/allowedips.c | 4 +- drivers/net/wireguard/queueing.h | 4 +- drivers/net/wireguard/send.c | 2 +- drivers/net/wireless/microchip/wilc1000/hif.c | 3 +- drivers/nvme/host/multipath.c | 2 +- drivers/nvme/host/pci.c | 3 +- drivers/nvme/target/core.c | 9 + drivers/nvmem/meson-efuse.c | 14 +- drivers/platform/x86/touchscreen_dmi.c | 36 ++++ drivers/s390/crypto/pkey_api.c | 4 +- drivers/scsi/qedf/qedf_io.c | 6 +- drivers/usb/core/config.c | 18 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/serial/mos7840.c | 45 +++++ drivers/usb/serial/option.c | 38 ++++ fs/dcache.c | 12 +- fs/jffs2/super.c | 1 + fs/locks.c | 2 +- fs/nilfs2/alloc.c | 18 +- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 38 +++- fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 + fs/nilfs2/the_nilfs.h | 2 +- fs/orangefs/super.c | 3 +- include/linux/bpf.h | 1 + include/linux/efi.h | 6 - include/linux/fsnotify.h | 8 +- include/linux/lsm_hook_defs.h | 2 +- include/linux/mmzone.h | 3 +- include/linux/security.h | 5 +- include/linux/skmsg.h | 1 + kernel/auditfilter.c | 5 +- kernel/bpf/verifier.c | 11 +- kernel/exit.c | 2 + lib/kunit/try-catch.c | 3 +- mm/page-writeback.c | 32 +++- net/ceph/mon_client.c | 14 +- net/core/skmsg.c | 1 + net/core/sock_map.c | 22 +++ net/ethtool/linkstate.c | 41 ++-- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp_bpf.c | 1 + net/ipv4/tcp_input.c | 13 +- net/ipv4/tcp_metrics.c | 1 + net/ipv4/tcp_timer.c | 31 ++- net/ipv4/udp.c | 4 +- net/ipv6/addrconf.c | 9 +- net/ipv6/ip6_input.c | 2 +- net/ipv6/ip6_output.c | 2 +- net/sched/act_ct.c | 8 + net/sctp/socket.c | 7 +- scripts/link-vmlinux.sh | 2 +- security/apparmor/audit.c | 6 +- security/apparmor/include/audit.h | 2 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_policy.c | 15 +- security/security.c | 6 +- security/selinux/include/audit.h | 4 +- security/selinux/ss/services.c | 5 +- security/smack/smack_lsm.c | 4 +- sound/pci/hda/patch_realtek.c | 12 ++ tools/lib/bpf/bpf_core_read.h | 1 + .../selftests/bpf/progs/test_global_func10.c | 31 +++ tools/testing/selftests/bpf/verifier/calls.c | 13 +- .../selftests/bpf/verifier/helper_access_var_len.c | 104 ++++++---- tools/testing/selftests/bpf/verifier/int_ptr.c | 9 +- .../selftests/bpf/verifier/search_pruning.c | 13 +- tools/testing/selftests/bpf/verifier/sock.c | 27 --- tools/testing/selftests/bpf/verifier/spill_fill.c | 211 +++++++++++++++++++++ tools/testing/selftests/bpf/verifier/var_off.c | 52 ----- tools/testing/selftests/net/msg_zerocopy.c | 14 +- 133 files changed, 1203 insertions(+), 469 deletions(-)

9 months, 1 week

6
114
0 0

[PATCH] serial: core: check uartclk for zero to avoid divide by zero

by George Kennedy

Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor(). The check for uartclk being zero in uart_set_info() needs to be done before other settings are made as subsequent calls to ioctl TIOCSSERIAL for the same port would be impacted if the uartclk check was done where uartclk gets set. Oops: divide error: 0000 PREEMPT SMP KASAN PTI RIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580) Call Trace: <TASK> serial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576 drivers/tty/serial/8250/8250_port.c:2589) serial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502 drivers/tty/serial/8250/8250_port.c:2741) serial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862) uart_change_line_settings (./include/linux/spinlock.h:376 ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222) uart_port_startup (drivers/tty/serial/serial_core.c:342) uart_startup (drivers/tty/serial/serial_core.c:368) uart_set_info (drivers/tty/serial/serial_core.c:1034) uart_set_info_user (drivers/tty/serial/serial_core.c:1059) tty_set_serial (drivers/tty/tty_io.c:2637) tty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791) __x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907 fs/ioctl.c:893 fs/ioctl.c:893) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Reported-by: syzkaller <syzkaller(a)googlegroups.com> Signed-off-by: George Kennedy <george.kennedy(a)oracle.com> --- serial_struct baud_base=0x30000000 will cause the crash. drivers/tty/serial/serial_core.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 2a8006e3d687..9967444eae10 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -881,6 +881,14 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port, new_flags = (__force upf_t)new_info->flags; old_custom_divisor = uport->custom_divisor; + if (!(uport->flags & UPF_FIXED_PORT)) { + unsigned int uartclk = new_info->baud_base * 16; + /* check needs to be done here before other settings made */ + if (uartclk == 0) { + retval = -EINVAL; + goto exit; + } + } if (!capable(CAP_SYS_ADMIN)) { retval = -EPERM; if (change_irq || change_port || -- 2.39.3

9 months, 1 week

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror July 2024