Merge 6.6.51 into android15-6.6-lts
Changes in 6.6.51
sch/netem: fix use after free in netem_dequeue
net: microchip: vcap: Fix use-after-free error in kunit test
ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE
KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing
ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices
ALSA: hda/realtek: add patch for internal mic in Lenovo V145
ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
powerpc/qspinlock: Fix deadlock in MCS queue
smb: client: fix double put of @cfile in smb2_set_path_size()
ksmbd: unset the binding mark of a reused connection
ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
ata: libata: Fix memory leak for error path in ata_host_alloc()
x86/tdx: Fix data leak in mmio_read()
perf/x86/intel: Limit the period on Haswell
irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
x86/kaslr: Expose and use the end of the physical memory address space
rtmutex: Drop rt_mutex::wait_lock before scheduling
nvme-pci: Add sleep quirk for Samsung 990 Evo
rust: types: Make Opaque::get const
rust: macros: provide correct provenance when constructing THIS_MODULE
Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE"
Bluetooth: MGMT: Ignore keys being loaded with invalid type
mmc: core: apply SD quirks earlier during probe
mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
mmc: sdhci-of-aspeed: fix module autoloading
mmc: cqhci: Fix checking of CQHCI_HALT state
fuse: update stats for pages in dropped aux writeback list
fuse: use unsigned type for getxattr/listxattr size truncation
fuse: fix memory leak in fuse_create_open
clk: starfive: jh7110-sys: Add notifier for PLL0 clock
clk: qcom: clk-alpha-pll: Fix the pll post div mask
clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y
mm: vmalloc: ensure vmap_block is initialised before adding to queue
spi: rockchip: Resolve unbalanced runtime PM / system PM handling
tracing/osnoise: Use a cpumask to know what threads are kthreads
tracing/timerlat: Only clear timer if a kthread exists
tracing: Avoid possible softlockup in tracing_iter_reset()
tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread()
userfaultfd: don't BUG_ON() if khugepaged yanks our page table
userfaultfd: fix checks for huge PMDs
fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF
eventfs: Use list_del_rcu() for SRCU protected list variable
net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
net: mctp-serial: Fix missing escapes on transmit
x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported
x86/apic: Make x2apic_disable() work correctly
Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs"
tcp_bpf: fix return value of tcp_bpf_sendmsg()
ila: call nf_unregister_net_hooks() sooner
sched: sch_cake: fix bulk flow accounting logic for host fairness
nilfs2: fix missing cleanup on rollforward recovery error
nilfs2: protect references to superblock parameters exposed in sysfs
nilfs2: fix state management in error path of log writing function
drm/i915: Do not attempt to load the GSC multiple times
ALSA: control: Apply sanity check of input values for user elements
ALSA: hda: Add input value sanity checks to HDMI channel map controls
wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he()
wifi: ath12k: fix firmware crash due to invalid peer nss
smack: unix sockets: fix accept()ed socket label
bpf, verifier: Correct tail_call_reachable for bpf prog
ELF: fix kernel.randomize_va_space double read
accel/habanalabs/gaudi2: unsecure edma max outstanding register
irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
af_unix: Remove put_pid()/put_cred() in copy_peercred().
x86/kmsan: Fix hook for unaligned accesses
iommu: sun50i: clear bypass register
netfilter: nf_conncount: fix wrong variable type
wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check
udf: Avoid excessive partition lengths
fs/ntfs3: One more reason to mark inode bad
riscv: kprobes: Use patch_text_nosync() for insn slots
media: vivid: fix wrong sizeimage value for mplane
leds: spi-byte: Call of_node_put() on error path
wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
usb: uas: set host status byte on data completion error
usb: gadget: aspeed_udc: validate endpoint index for ast udc
drm/amd/display: Run DC_LOG_DC after checking link->link_enc
drm/amd/display: Check HDCP returned status
drm/amdgpu: Fix smatch static checker warning
drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
media: vivid: don't set HDMI TX controls if there are no HDMI outputs
vfio/spapr: Always clear TCEs before unsetting the window
ice: Check all ice_vsi_rebuild() errors in function
PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
Input: ili210x - use kvmalloc() to allocate buffer for firmware update
media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
pcmcia: Use resource_size function on resource object
drm/amd/display: Check denominator pbn_div before used
drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6
can: bcm: Remove proc entry when dev is unregistered.
can: m_can: Release irq on error in m_can_open
can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode
rust: Use awk instead of recent xargs
rust: kbuild: fix export of bss symbols
cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region
igb: Fix not clearing TimeSync interrupts for 82580
ice: Add netif_device_attach/detach into PF reset flow
platform/x86: dell-smbios: Fix error path in dell_smbios_init()
regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR
can: kvaser_pciefd: Skip redundant NULL pointer check in ISR
can: kvaser_pciefd: Remove unnecessary comment
can: kvaser_pciefd: Rename board_irq to pci_irq
can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR
can: kvaser_pciefd: Use a single write when releasing RX buffers
Bluetooth: qca: If memdump doesn't work, re-enable IBS
Bluetooth: hci_event: Use HCI error defines instead of magic values
Bluetooth: hci_conn: Only do ACL connections sequentially
Bluetooth: Remove pending ACL connection attempts
Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync
Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue
Bluetooth: hci_sync: Attempt to dequeue connection attempt
Bluetooth: hci_sync: Introduce hci_cmd_sync_run/hci_cmd_sync_run_once
Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT
igc: Unlock on error in igc_io_resume()
hwmon: (hp-wmi-sensors) Check if WMI event data exists
net: phy: Fix missing of_node_put() for leds
ice: protect XDP configuration with a mutex
ice: do not bring the VSI up, if it was down before the XDP setup
usbnet: modern method to get random MAC
bpf: Add sockptr support for getsockopt
bpf: Add sockptr support for setsockopt
net/socket: Break down __sys_setsockopt
net/socket: Break down __sys_getsockopt
bpf, net: Fix a potential race in do_sock_getsockopt()
bareudp: Fix device stats updates.
fou: Fix null-ptr-deref in GRO.
r8152: fix the firmware doesn't work
net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
net: dsa: vsc73xx: fix possible subblocks range of CAPT block
selftests: net: enable bind tests
xen: privcmd: Fix possible access to a freed kirqfd instance
firmware: cs_dsp: Don't allow writes to read-only controls
phy: zynqmp: Take the phy mutex in xlate
ASoC: topology: Properly initialize soc_enum values
dm init: Handle minors larger than 255
iommu/vt-d: Handle volatile descriptor status read
cgroup: Protect css->cgroup write under css_set_lock
um: line: always fill *error_out in setup_one_line()
devres: Initialize an uninitialized struct member
pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
virtio_ring: fix KMSAN error for premapped mode
wifi: rtw88: usb: schedule rx work after everything is set up
scsi: ufs: core: Remove SCSI host only if added
scsi: pm80xx: Set phy->enable_completion only when we wait for it
crypto: qat - fix unintentional re-enabling of error interrupts
hwmon: (adc128d818) Fix underflows seen when writing limit attributes
hwmon: (lm95234) Fix underflows seen when writing limit attributes
hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment
libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
drm/amdgpu: Set no_hw_access when VF request full GPU fails
ext4: fix possible tid_t sequence overflows
jbd2: avoid mount failed when commit block is partial submitted
dma-mapping: benchmark: Don't starve others when doing the test
wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
drm/amdgpu: reject gang submit on reserved VMIDs
smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
fs/ntfs3: Check more cases when directory is corrupted
btrfs: replace BUG_ON with ASSERT in walk_down_proc()
btrfs: clean up our handling of refs == 0 in snapshot delete
btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
cxl/region: Verify target positions using the ordered target list
riscv: set trap vector earlier
PCI: Add missing bridge lock to pci_bus_lock()
tcp: Don't drop SYN+ACK for simultaneous connect().
Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()
net: dpaa: avoid on-stack arrays of NR_CPUS elements
LoongArch: Use correct API to map cmdline in relocate_kernel()
regmap: maple: work around gcc-14.1 false-positive warning
vfs: Fix potential circular locking through setxattr() and removexattr()
i3c: master: svc: resend target address when get NACK
i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
kselftests: dmabuf-heaps: Ensure the driver name is null-terminated
spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware
btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry()
s390/vmlinux.lds.S: Move ro_after_init section behind rodata section
HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
HID: amd_sfh: free driver_data after destroying hid device
Input: uinput - reject requests with unreasonable number of slots
usbnet: ipheth: race between ipheth_close and error handling
Squashfs: sanity check symbolic link size
of/irq: Prevent device address out-of-bounds read in interrupt map walk
lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
spi: spi-fsl-lpspi: limit PRESCALE bit in TCR register
ata: pata_macio: Use WARN instead of BUG
smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations
riscv: Use WRITE_ONCE() when setting page table entries
mm: Introduce pudp/p4dp/pgdp_get() functions
riscv: mm: Only compile pgtable.c if MMU
riscv: Use accessors to page table entries instead of direct dereference
ACPI: CPPC: Add helper to get the highest performance value
cpufreq: amd-pstate: Enable amd-pstate preferred core support
cpufreq: amd-pstate: fix the highest frequency issue which limits performance
tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
intel: legacy: Partial revert of field get conversion
staging: iio: frequency: ad9834: Validate frequency parameter value
iio: buffer-dmaengine: fix releasing dma channel on error
iio: fix scale application in iio_convert_raw_to_processed_unlocked
iio: adc: ad7124: fix config comparison
iio: adc: ad7606: remove frstdata check for serial mode
iio: adc: ad7124: fix chip ID mismatch
usb: dwc3: core: update LC timer as per USB Spec V3.2
usb: cdns2: Fix controller reset issue
usb: dwc3: Avoid waking up gadget during startxfer
misc: fastrpc: Fix double free of 'buf' in error path
binder: fix UAF caused by offsets overwrite
nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX
clocksource/drivers/imx-tpm: Fix next event not taking effect sometime
clocksource/drivers/timer-of: Remove percpu irq related code
uprobes: Use kzalloc to allocate xol area
perf/aux: Fix AUX buffer serialization
mm/vmscan: use folio_migratetype() instead of get_pageblock_migratetype()
Revert "mm: skip CMA pages when they are not available"
workqueue: wq_watchdog_touch is always called with valid CPU
workqueue: Improve scalability of workqueue watchdog touch
ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add()
ACPI: processor: Fix memory leaks in error paths of processor_add()
arm64: acpi: Move get_cpu_for_acpi_id() to a header
arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function
can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum
can: mcp251xfd: clarify the meaning of timestamp
can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd
drm/amd: Add gfx12 swizzle mode defs
drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
ata: libata-scsi: Remove redundant sense_buffer memsets
ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf
crypto: starfive - Align rsa input data to 32-bit
crypto: starfive - Fix nent assignment in rsa dec
clk: qcom: ipq9574: Update the alpha PLL type for GPLLs
powerpc/64e: remove unused IBM HTW code
powerpc/64e: split out nohash Book3E 64-bit code
powerpc/64e: Define mmu_pte_psize static
powerpc/vdso: Don't discard rela sections
ASoC: tegra: Fix CBB error during probe()
nvmet-tcp: fix kernel crash if commands allocation fails
nvme-pci: allocate tagset on reset if necessary
ASoc: SOF: topology: Clear SOF link platform name upon unload
ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
clk: qcom: gcc-sm8550: Don't use parking clk_ops for QUPs
clk: qcom: gcc-sm8550: Don't park the USB RCG at registration time
drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
drm/i915/fence: Mark debug_fence_free() with __maybe_unused
gpio: rockchip: fix OF node leak in probe()
gpio: modepin: Enable module autoloading
smb: client: fix double put of @cfile in smb2_rename_path()
riscv: Fix toolchain vector detection
riscv: Do not restrict memory size because of linear mapping on nommu
ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()
membarrier: riscv: Add full memory barrier in switch_mm()
x86/mm: Fix PTI for i386 some more
btrfs: fix race between direct IO write and fsync when using same fd
spi: spi-fsl-lpspi: Fix off-by-one in prescale max
Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync
Bluetooth: hci_sync: Fix UAF on create_le_conn_complete
Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
Linux 6.6.51
Change-Id: I4d9ef7a63380e5875e611ee548b4cc87ccea2936
Signed-off-by: 
Greg Kroah-Hartman <gregkh@google.com>
Loading
Please sign in to comment