Skip to content
Blame History Permalink
  • Greg Kroah-Hartman's avatar
    Merge 6.6.51 into android15-6.6-lts · 18bea82a
    Greg Kroah-Hartman authored 
    

Changes in 6.6.51
	sch/netem: fix use after free in netem_dequeue
	net: microchip: vcap: Fix use-after-free error in kunit test
	ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
	KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
	KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE
	KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing
	ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices
	ALSA: hda/realtek: add patch for internal mic in Lenovo V145
	ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
	powerpc/qspinlock: Fix deadlock in MCS queue
	smb: client: fix double put of @cfile in smb2_set_path_size()
	ksmbd: unset the binding mark of a reused connection
	ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
	ata: libata: Fix memory leak for error path in ata_host_alloc()
	x86/tdx: Fix data leak in mmio_read()
	perf/x86/intel: Limit the period on Haswell
	irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
	x86/kaslr: Expose and use the end of the physical memory address space
	rtmutex: Drop rt_mutex::wait_lock before scheduling
	nvme-pci: Add sleep quirk for Samsung 990 Evo
	rust: types: Make Opaque::get const
	rust: macros: provide correct provenance when constructing THIS_MODULE
	Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE"
	Bluetooth: MGMT: Ignore keys being loaded with invalid type
	mmc: core: apply SD quirks earlier during probe
	mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
	mmc: sdhci-of-aspeed: fix module autoloading
	mmc: cqhci: Fix checking of CQHCI_HALT state
	fuse: update stats for pages in dropped aux writeback list
	fuse: use unsigned type for getxattr/listxattr size truncation
	fuse: fix memory leak in fuse_create_open
	clk: starfive: jh7110-sys: Add notifier for PLL0 clock
	clk: qcom: clk-alpha-pll: Fix the pll post div mask
	clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
	can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
	kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y
	mm: vmalloc: ensure vmap_block is initialised before adding to queue
	spi: rockchip: Resolve unbalanced runtime PM / system PM handling
	tracing/osnoise: Use a cpumask to know what threads are kthreads
	tracing/timerlat: Only clear timer if a kthread exists
	tracing: Avoid possible softlockup in tracing_iter_reset()
	tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread()
	userfaultfd: don't BUG_ON() if khugepaged yanks our page table
	userfaultfd: fix checks for huge PMDs
	fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF
	eventfs: Use list_del_rcu() for SRCU protected list variable
	net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
	net: mctp-serial: Fix missing escapes on transmit
	x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported
	x86/apic: Make x2apic_disable() work correctly
	Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs"
	tcp_bpf: fix return value of tcp_bpf_sendmsg()
	ila: call nf_unregister_net_hooks() sooner
	sched: sch_cake: fix bulk flow accounting logic for host fairness
	nilfs2: fix missing cleanup on rollforward recovery error
	nilfs2: protect references to superblock parameters exposed in sysfs
	nilfs2: fix state management in error path of log writing function
	drm/i915: Do not attempt to load the GSC multiple times
	ALSA: control: Apply sanity check of input values for user elements
	ALSA: hda: Add input value sanity checks to HDMI channel map controls
	wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he()
	wifi: ath12k: fix firmware crash due to invalid peer nss
	smack: unix sockets: fix accept()ed socket label
	bpf, verifier: Correct tail_call_reachable for bpf prog
	ELF: fix kernel.randomize_va_space double read
	accel/habanalabs/gaudi2: unsecure edma max outstanding register
	irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
	af_unix: Remove put_pid()/put_cred() in copy_peercred().
	x86/kmsan: Fix hook for unaligned accesses
	iommu: sun50i: clear bypass register
	netfilter: nf_conncount: fix wrong variable type
	wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check
	udf: Avoid excessive partition lengths
	fs/ntfs3: One more reason to mark inode bad
	riscv: kprobes: Use patch_text_nosync() for insn slots
	media: vivid: fix wrong sizeimage value for mplane
	leds: spi-byte: Call of_node_put() on error path
	wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
	usb: uas: set host status byte on data completion error
	usb: gadget: aspeed_udc: validate endpoint index for ast udc
	drm/amd/display: Run DC_LOG_DC after checking link->link_enc
	drm/amd/display: Check HDCP returned status
	drm/amdgpu: Fix smatch static checker warning
	drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
	media: vivid: don't set HDMI TX controls if there are no HDMI outputs
	vfio/spapr: Always clear TCEs before unsetting the window
	ice: Check all ice_vsi_rebuild() errors in function
	PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
	Input: ili210x - use kvmalloc() to allocate buffer for firmware update
	media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
	pcmcia: Use resource_size function on resource object
	drm/amd/display: Check denominator pbn_div before used
	drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6
	can: bcm: Remove proc entry when dev is unregistered.
	can: m_can: Release irq on error in m_can_open
	can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode
	rust: Use awk instead of recent xargs
	rust: kbuild: fix export of bss symbols
	cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region
	igb: Fix not clearing TimeSync interrupts for 82580
	ice: Add netif_device_attach/detach into PF reset flow
	platform/x86: dell-smbios: Fix error path in dell_smbios_init()
	regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR
	can: kvaser_pciefd: Skip redundant NULL pointer check in ISR
	can: kvaser_pciefd: Remove unnecessary comment
	can: kvaser_pciefd: Rename board_irq to pci_irq
	can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR
	can: kvaser_pciefd: Use a single write when releasing RX buffers
	Bluetooth: qca: If memdump doesn't work, re-enable IBS
	Bluetooth: hci_event: Use HCI error defines instead of magic values
	Bluetooth: hci_conn: Only do ACL connections sequentially
	Bluetooth: Remove pending ACL connection attempts
	Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync
	Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue
	Bluetooth: hci_sync: Attempt to dequeue connection attempt
	Bluetooth: hci_sync: Introduce hci_cmd_sync_run/hci_cmd_sync_run_once
	Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT
	igc: Unlock on error in igc_io_resume()
	hwmon: (hp-wmi-sensors) Check if WMI event data exists
	net: phy: Fix missing of_node_put() for leds
	ice: protect XDP configuration with a mutex
	ice: do not bring the VSI up, if it was down before the XDP setup
	usbnet: modern method to get random MAC
	bpf: Add sockptr support for getsockopt
	bpf: Add sockptr support for setsockopt
	net/socket: Break down __sys_setsockopt
	net/socket: Break down __sys_getsockopt
	bpf, net: Fix a potential race in do_sock_getsockopt()
	bareudp: Fix device stats updates.
	fou: Fix null-ptr-deref in GRO.
	r8152: fix the firmware doesn't work
	net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
	net: dsa: vsc73xx: fix possible subblocks range of CAPT block
	selftests: net: enable bind tests
	xen: privcmd: Fix possible access to a freed kirqfd instance
	firmware: cs_dsp: Don't allow writes to read-only controls
	phy: zynqmp: Take the phy mutex in xlate
	ASoC: topology: Properly initialize soc_enum values
	dm init: Handle minors larger than 255
	iommu/vt-d: Handle volatile descriptor status read
	cgroup: Protect css->cgroup write under css_set_lock
	um: line: always fill *error_out in setup_one_line()
	devres: Initialize an uninitialized struct member
	pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
	virtio_ring: fix KMSAN error for premapped mode
	wifi: rtw88: usb: schedule rx work after everything is set up
	scsi: ufs: core: Remove SCSI host only if added
	scsi: pm80xx: Set phy->enable_completion only when we wait for it
	crypto: qat - fix unintentional re-enabling of error interrupts
	hwmon: (adc128d818) Fix underflows seen when writing limit attributes
	hwmon: (lm95234) Fix underflows seen when writing limit attributes
	hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
	hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
	ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment
	libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
	drm/amdgpu: Set no_hw_access when VF request full GPU fails
	ext4: fix possible tid_t sequence overflows
	jbd2: avoid mount failed when commit block is partial submitted
	dma-mapping: benchmark: Don't starve others when doing the test
	wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
	drm/amdgpu: reject gang submit on reserved VMIDs
	smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
	fs/ntfs3: Check more cases when directory is corrupted
	btrfs: replace BUG_ON with ASSERT in walk_down_proc()
	btrfs: clean up our handling of refs == 0 in snapshot delete
	btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
	cxl/region: Verify target positions using the ordered target list
	riscv: set trap vector earlier
	PCI: Add missing bridge lock to pci_bus_lock()
	tcp: Don't drop SYN+ACK for simultaneous connect().
	Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()
	net: dpaa: avoid on-stack arrays of NR_CPUS elements
	LoongArch: Use correct API to map cmdline in relocate_kernel()
	regmap: maple: work around gcc-14.1 false-positive warning
	vfs: Fix potential circular locking through setxattr() and removexattr()
	i3c: master: svc: resend target address when get NACK
	i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
	kselftests: dmabuf-heaps: Ensure the driver name is null-terminated
	spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware
	btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry()
	s390/vmlinux.lds.S: Move ro_after_init section behind rodata section
	HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
	HID: amd_sfh: free driver_data after destroying hid device
	Input: uinput - reject requests with unreasonable number of slots
	usbnet: ipheth: race between ipheth_close and error handling
	Squashfs: sanity check symbolic link size
	of/irq: Prevent device address out-of-bounds read in interrupt map walk
	lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
	MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
	spi: spi-fsl-lpspi: limit PRESCALE bit in TCR register
	ata: pata_macio: Use WARN instead of BUG
	smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
	NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations
	riscv: Use WRITE_ONCE() when setting page table entries
	mm: Introduce pudp/p4dp/pgdp_get() functions
	riscv: mm: Only compile pgtable.c if MMU
	riscv: Use accessors to page table entries instead of direct dereference
	ACPI: CPPC: Add helper to get the highest performance value
	cpufreq: amd-pstate: Enable amd-pstate preferred core support
	cpufreq: amd-pstate: fix the highest frequency issue which limits performance
	tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
	intel: legacy: Partial revert of field get conversion
	staging: iio: frequency: ad9834: Validate frequency parameter value
	iio: buffer-dmaengine: fix releasing dma channel on error
	iio: fix scale application in iio_convert_raw_to_processed_unlocked
	iio: adc: ad7124: fix config comparison
	iio: adc: ad7606: remove frstdata check for serial mode
	iio: adc: ad7124: fix chip ID mismatch
	usb: dwc3: core: update LC timer as per USB Spec V3.2
	usb: cdns2: Fix controller reset issue
	usb: dwc3: Avoid waking up gadget during startxfer
	misc: fastrpc: Fix double free of 'buf' in error path
	binder: fix UAF caused by offsets overwrite
	nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
	uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
	Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
	VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
	clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX
	clocksource/drivers/imx-tpm: Fix next event not taking effect sometime
	clocksource/drivers/timer-of: Remove percpu irq related code
	uprobes: Use kzalloc to allocate xol area
	perf/aux: Fix AUX buffer serialization
	mm/vmscan: use folio_migratetype() instead of get_pageblock_migratetype()
	Revert "mm: skip CMA pages when they are not available"
	workqueue: wq_watchdog_touch is always called with valid CPU
	workqueue: Improve scalability of workqueue watchdog touch
	ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add()
	ACPI: processor: Fix memory leaks in error paths of processor_add()
	arm64: acpi: Move get_cpu_for_acpi_id() to a header
	arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
	can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function
	can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum
	can: mcp251xfd: clarify the meaning of timestamp
	can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd
	drm/amd: Add gfx12 swizzle mode defs
	drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
	ata: libata-scsi: Remove redundant sense_buffer memsets
	ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf
	crypto: starfive - Align rsa input data to 32-bit
	crypto: starfive - Fix nent assignment in rsa dec
	clk: qcom: ipq9574: Update the alpha PLL type for GPLLs
	powerpc/64e: remove unused IBM HTW code
	powerpc/64e: split out nohash Book3E 64-bit code
	powerpc/64e: Define mmu_pte_psize static
	powerpc/vdso: Don't discard rela sections
	ASoC: tegra: Fix CBB error during probe()
	nvmet-tcp: fix kernel crash if commands allocation fails
	nvme-pci: allocate tagset on reset if necessary
	ASoc: SOF: topology: Clear SOF link platform name upon unload
	ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
	clk: qcom: gcc-sm8550: Don't use parking clk_ops for QUPs
	clk: qcom: gcc-sm8550: Don't park the USB RCG at registration time
	drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
	drm/i915/fence: Mark debug_fence_free() with __maybe_unused
	gpio: rockchip: fix OF node leak in probe()
	gpio: modepin: Enable module autoloading
	smb: client: fix double put of @cfile in smb2_rename_path()
	riscv: Fix toolchain vector detection
	riscv: Do not restrict memory size because of linear mapping on nommu
	ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()
	membarrier: riscv: Add full memory barrier in switch_mm()
	x86/mm: Fix PTI for i386 some more
	btrfs: fix race between direct IO write and fsync when using same fd
	spi: spi-fsl-lpspi: Fix off-by-one in prescale max
	Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync
	Bluetooth: hci_sync: Fix UAF on create_le_conn_complete
	Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
	Linux 6.6.51

Change-Id: I4d9ef7a63380e5875e611ee548b4cc87ccea2936
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
    18bea82a