October 2018 - Linux-stable-mirror

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 7da07a3216a00aa3c523db4539fc6914497d0576: Linux 4.18.12 (2018-10-03 16:59:28 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-12102018 for you to fetch changes up to 6504d46ffb696d2b116606dbb44a16b06241cf49: mm: slowly shrink slabs with a relatively small number of objects (2018-10-03 22:24:11 -0400) - ---------------------------------------------------------------- for-greg-4.18-12102018 - ---------------------------------------------------------------- Akshu Agrawal (1): ASoC: AMD: Ensure reset bit is cleared before configuring Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Anders Roxell (2): selftests: android: move config up a level selftests: add headers_install to lib.mk Charles Keepax (1): ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs Corentin Labbe (1): net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Guenter Roeck (4): hwmon: (nct6775) Fix access to fan pulse registers hwmon: (nct6775) Fix virtual temperature sources for NCT6796D hwmon: (nct6775) Fix RPM output for fan7 on NCT6796D hwmon: (nct6775) Use different register to get fan RPM for fan7 Hans de Goede (2): clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hermes Zhang (1): Bluetooth: hci_ldisc: Free rw_semaphore on close Jay Kamat (2): Fix cg_read_strcmp() Add tests for memory.oom.group Johan Hedberg (1): Bluetooth: SMP: Fix trying to use non-existent local OOB data Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Kuninori Morimoto (2): ASoC: rsnd: adg: care clock-frequency size ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Martin KaFai Lau (1): bpf: btf: Fix end boundary calculation for type section Matias Karhumaa (1): Bluetooth: Use correct tfm to generate OOB data Nicholas Piggin (1): KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied again Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Roman Gushchin (1): mm: slowly shrink slabs with a relatively small number of objects Ryan Lee (2): ASoC: max98373: Added speaker FS gain cotnrol register to volatile. ASoC: max98373: Added 10ms sleep after amp software reset Simon Detheridge (1): pinctrl: cannonlake: Fix gpio base for GPP-E Srinivas Kandagatla (1): ASoC: q6routing: initialize data correctly Stephen Hemminger (2): PCI: hv: support reporting serial number as slot information hv_netvsc: pair VF based on serial number Thiago Jung Bauermann (1): selftests: kselftest: Remove outdated comment Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Tushar Dave (1): bpf: use __GFP_COMP while allocating page Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Yong Zhao (2): drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9 drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs Yu Zhao (2): sound: enable interrupt after dma buffer initialization sound: don't call skl_init_chip() to reset intel skl soc zhong jiang (1): drm/pl111: Make sure of_device_id tables are NULL terminated Documentation/devicetree/bindings/net/macb.txt | 1 + Makefile | 14 +- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/powerpc/kvm/book3s_64_mmu_radix.c | 91 ++++----- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 ++- drivers/bluetooth/hci_ldisc.c | 2 + drivers/clk/x86/clk-pmc-atom.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_iommu.c | 13 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 1 + drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 21 ++- drivers/gpu/drm/amd/include/kgd_kfd_interface.h | 2 +- drivers/gpu/drm/pl111/pl111_vexpress.c | 3 +- drivers/hwmon/nct6775.c | 70 ++++--- drivers/mfd/omap-usb-host.c | 11 +- drivers/net/ethernet/cadence/macb_main.c | 8 + .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 +- drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/hyperv/netvsc.c | 3 + drivers/net/hyperv/netvsc_drv.c | 58 +++--- drivers/pci/controller/pci-hyperv.c | 37 ++++ drivers/pinctrl/intel/pinctrl-cannonlake.c | 2 +- drivers/scsi/qla2xxx/qla_target.h | 4 +- drivers/target/iscsi/iscsi_target.c | 22 ++- fs/ubifs/super.c | 3 + include/sound/hdaudio.h | 1 + include/sound/soc-dapm.h | 1 + kernel/bpf/btf.c | 2 +- mm/vmscan.c | 11 ++ net/bluetooth/smp.c | 16 +- net/core/filter.c | 3 +- scripts/subarch.include | 13 ++ sound/hda/hdac_controller.c | 15 +- sound/soc/amd/acp-pcm-dma.c | 21 +++ sound/soc/codecs/max98373.c | 3 + sound/soc/codecs/rt5514.c | 8 +- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 +- sound/soc/intel/skylake/skl.c | 2 +- sound/soc/qcom/qdsp6/q6routing.c | 4 +- sound/soc/sh/rcar/adg.c | 5 + sound/soc/sh/rcar/core.c | 10 +- sound/soc/sh/rcar/dma.c | 4 + sound/soc/soc-core.c | 4 +- sound/soc/soc-dapm.c | 4 + tools/testing/selftests/android/Makefile | 2 +- tools/testing/selftests/android/{ion => }/config | 0 tools/testing/selftests/android/ion/Makefile | 2 + tools/testing/selftests/cgroup/cgroup_util.c | 38 +++- tools/testing/selftests/cgroup/cgroup_util.h | 1 + tools/testing/selftests/cgroup/test_memcontrol.c | 205 +++++++++++++++++++++ tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/futex/functional/Makefile | 1 + tools/testing/selftests/gpio/Makefile | 7 +- tools/testing/selftests/kselftest.h | 1 - tools/testing/selftests/kvm/Makefile | 7 +- tools/testing/selftests/lib.mk | 12 ++ tools/testing/selftests/memory-hotplug/config | 1 + tools/testing/selftests/net/Makefile | 1 + .../selftests/networking/timestamping/Makefile | 1 + tools/testing/selftests/vm/Makefile | 4 - 66 files changed, 661 insertions(+), 198 deletions(-) create mode 100644 scripts/subarch.include rename tools/testing/selftests/android/{ion => }/config (100%) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsVIACgkQ3qZv95d3 LNzS0A/+LZrhb4rh1ifRLjDSnBSMWN6vAhRvxHt1qzmU+aFjfyhYjAUmyYjt5mVC z+zO6rHsWbplvVdQnKK+/PJdyROsOwSxpTwlsCAC7AfneMpcBdxAs+fJUczkVxgz AI8e3/hbAfqGf+RaLTDnj6muuFK1RlQCjxCjX5iu5jkWaQj1OJ+BdXXMpkynaxiz OwRRUtV8jmpv3VhU/2ae0Posk96qJoogtj/sDfWQB9t1R/pnsU8udUwFft1NfB7x 2OSwfIGm84gMrzVhgbcvHaSKzj4SqC/tsZ3Q9+cdmtA2WDOlJcwI7E7kNYeeo+tD VhVJuqtGZRQUT81WIVPIK+bLBn8tF0kkTBQyKopsHvGfxRT/+k9/nGz+WNn8Zm7G r8Uhf4c/YkXprsxvbIc+2TRaJ3hmu71HigXakdowndu42ndZmqQSPJtLZPHBP27E LBI1gz/hFCiLv13cN7cvlGmy2SVM2LbYh10st8nw6buEY4S7CKRcXxuVDrBI7wtQ PlbjdM1FWW9BnfIv8yJuzQpBycB/R9Fz+++qWV3uAXqN52tiW/51ylh+9fvEKfid +gEuAyL1pVHh1RFcRzHbX2lEZ3kDAzrWS22IRBSmQSdkForiidNZbOHyCMCV6gLt o4OUAAHzu5XnjGHZ3+dRBEPBEjTvWQPLmbDEiEtHjXiKQsI8vW4= =DhcF -----END PGP SIGNATURE-----

6 years, 1 month

2
1
0 0

[PATCH 1/2] arm64: dts: meson: fix reserve memory regions

by Jerome Brunet

Since commit 50d7ba36b916 ("arm64: export memblock_reserve()d regions via /proc/iomem") was merged Amlogic's boards using mainline u-boot started showing the following warning: WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/setup.c:271 reserve_memblock_reserved_regions+0xd8/0x144 Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.0-rc7-00263-g385684b3eb27-dirty #254 pstate: 40000005 (nZcv daif -PAN -UAO) pc : reserve_memblock_reserved_regions+0xd8/0x144 lr : reserve_memblock_reserved_regions+0xd0/0x144 [...] This is due to u-boot setting some /reservedmem/ region while our dts declares reserved memory on the same region with no-map. The conflict produce the warning. This is fixed by using /reservedmem/ in our dts as well, which is probably something we should have done from the beginning. Cc: stable(a)vger.kernel.org Cc: Neil Armstrong <narmstrong(a)baylibre.com> Signed-off-by: Jerome Brunet <jbrunet(a)baylibre.com> --- Hi Kevin, I would have liked to put a Fixes tag above but I could not figure out which commit to pick, considering how much we changed those regions in the past. If you have suggestion, I'll be happy to repost this patch. If you prefer, feel free to amend this patch directly. Cheers Jerome arch/arm64/boot/dts/amlogic/meson-axg.dtsi | 24 +++++-------------- arch/arm64/boot/dts/amlogic/meson-gx.dtsi | 27 ++++++++-------------- 2 files changed, 15 insertions(+), 36 deletions(-) diff --git a/arch/arm64/boot/dts/amlogic/meson-axg.dtsi b/arch/arm64/boot/dts/amlogic/meson-axg.dtsi index 178d8e8c56b8..06a06f11f114 100644 --- a/arch/arm64/boot/dts/amlogic/meson-axg.dtsi +++ b/arch/arm64/boot/dts/amlogic/meson-axg.dtsi @@ -13,6 +13,12 @@ #include <dt-bindings/reset/amlogic,meson-axg-audio-arb.h> #include <dt-bindings/reset/amlogic,meson-axg-reset.h> +/* 16 MiB reserved for Hardware ROM Firmware */ +/memreserve/ 0x0 0x1000000; + +/* 3 MiB reserved for ARM Trusted Firmware (BL31) */ +/memreserve/ 0x05000000 0x300000; + / { compatible = "amlogic,meson-axg"; @@ -115,24 +121,6 @@ method = "smc"; }; - reserved-memory { - #address-cells = <2>; - #size-cells = <2>; - ranges; - - /* 16 MiB reserved for Hardware ROM Firmware */ - hwrom_reserved: hwrom@0 { - reg = <0x0 0x0 0x0 0x1000000>; - no-map; - }; - - /* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */ - secmon_reserved: secmon@5000000 { - reg = <0x0 0x05000000 0x0 0x300000>; - no-map; - }; - }; - soc { compatible = "simple-bus"; #address-cells = <2>; diff --git a/arch/arm64/boot/dts/amlogic/meson-gx.dtsi b/arch/arm64/boot/dts/amlogic/meson-gx.dtsi index 676a995fb912..23e879b29b1e 100644 --- a/arch/arm64/boot/dts/amlogic/meson-gx.dtsi +++ b/arch/arm64/boot/dts/amlogic/meson-gx.dtsi @@ -13,6 +13,15 @@ #include <dt-bindings/interrupt-controller/irq.h> #include <dt-bindings/interrupt-controller/arm-gic.h> +/* 16 MiB reserved for Hardware ROM Firmware */ +/memreserve/ 0x0 0x1000000; + +/* 2 MiB reserved for ARM Trusted Firmware (BL31) */ +/memreserve/ 0x10000000 0x200000; + +/* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */ +/memreserve/ 0x05000000 0x300000; + / { interrupt-parent = <&gic>; #address-cells = <2>; @@ -23,24 +32,6 @@ #size-cells = <2>; ranges; - /* 16 MiB reserved for Hardware ROM Firmware */ - hwrom_reserved: hwrom@0 { - reg = <0x0 0x0 0x0 0x1000000>; - no-map; - }; - - /* 2 MiB reserved for ARM Trusted Firmware (BL31) */ - secmon_reserved: secmon@10000000 { - reg = <0x0 0x10000000 0x0 0x200000>; - no-map; - }; - - /* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */ - secmon_reserved_alt: secmon@5000000 { - reg = <0x0 0x05000000 0x0 0x300000>; - no-map; - }; - linux,cma { compatible = "shared-dma-pool"; reusable; -- 2.17.2

6 years, 1 month

3
3
0 0

+ mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() has been added to the -mm tree. Its filename is mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-proc-pid-smaps_rollup-fix-null-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-proc-pid-smaps_rollup-fix-null-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() Leonardo reports an apparent regression in 4.19-rc7: BUG: unable to handle kernel NULL pointer dereference at 00000000000000f0 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 3 PID: 6032 Comm: python Not tainted 4.19.0-041900rc7-lowlatency #201810071631 Hardware name: LENOVO 80UG/Toronto 4A2, BIOS 0XCN45WW 08/09/2018 RIP: 0010:smaps_pte_range+0x32d/0x540 Code: 80 00 00 00 00 74 a9 48 89 de 41 f6 40 52 40 0f 85 04 02 00 00 49 2b 30 48 c1 ee 0c 49 03 b0 98 00 00 00 49 8b 80 a0 00 00 00 <48> 8b b8 f0 00 00 00 e8 b7 ef ec ff 48 85 c0 0f 84 71 ff ff ff a8 RSP: 0018:ffffb0cbc484fb88 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000560ddb9e9000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000560ddb9e9 RDI: 0000000000000001 RBP: ffffb0cbc484fbc0 R08: ffff94a5a227a578 R09: ffff94a5a227a578 R10: 0000000000000000 R11: 0000560ddbbe7000 R12: ffffe903098ba728 R13: ffffb0cbc484fc78 R14: ffffb0cbc484fcf8 R15: ffff94a5a2e9cf48 FS: 00007f6dfb683740(0000) GS:ffff94a5aaf80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000f0 CR3: 000000011c118001 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __walk_page_range+0x3c2/0x6f0 walk_page_vma+0x42/0x60 smap_gather_stats+0x79/0xe0 ? gather_pte_stats+0x320/0x320 ? gather_hugetlb_stats+0x70/0x70 show_smaps_rollup+0xcd/0x1c0 seq_read+0x157/0x400 __vfs_read+0x3a/0x180 ? security_file_permission+0x93/0xc0 ? security_file_permission+0x93/0xc0 vfs_read+0x8f/0x140 ksys_read+0x55/0xc0 __x64_sys_read+0x1a/0x20 do_syscall_64+0x5a/0x110 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Decoded code matched to local compilation+disassembly points to smaps_pte_entry(): } else if (unlikely(IS_ENABLED(CONFIG_SHMEM) && mss->check_shmem_swap && pte_none(*pte))) { page = find_get_entry(vma->vm_file->f_mapping, linear_page_index(vma, addr)); Here, vma->vm_file is NULL. mss->check_shmem_swap should be false in that case, however for smaps_rollup, smap_gather_stats() can set the flag true for one vma and leave it true for subsequent vma's where it should be false. To fix, reset the check_shmem_swap flag to false. There's also related bug which sets mss->swap to shmem_swapped, which in the context of smaps_rollup overwrites any value accumulated from previous vma's. Fix that as well. Note that the report suggests a regression between 4.17.19 and 4.19-rc7, which makes the 4.19 series ending with commit 258f669e7e88 ("mm: /proc/pid/smaps_rollup: convert to single value seq_file") suspicious. But the mss was reused for rollup since 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") so let's play it safe with the stable backport. Link: http://lkml.kernel.org/r/555fbd1f-4ac9-0b58-dcd4-5dc4380ff7ca@suse.cz Link: https://bugzilla.kernel.org/show_bug.cgi?id=201377 Fixes: 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Leonardo Soares Mller <leozinho29_eu(a)hotmail.com> Tested-by: Leonardo Soares Mller <leozinho29_eu(a)hotmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Daniel Colascione <dancol(a)google.com> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range +++ a/fs/proc/task_mmu.c @@ -713,6 +713,8 @@ static void smap_gather_stats(struct vm_ smaps_walk.private = mss; #ifdef CONFIG_SHMEM + /* In case of smaps_rollup, reset the value from previous vma */ + mss->check_shmem_swap = false; if (vma->vm_file && shmem_mapping(vma->vm_file->f_mapping)) { /* * For shared or readonly shmem mappings we know that all @@ -728,7 +730,7 @@ static void smap_gather_stats(struct vm_ if (!shmem_swapped || (vma->vm_flags & VM_SHARED) || !(vma->vm_flags & VM_WRITE)) { - mss->swap = shmem_swapped; + mss->swap += shmem_swapped; } else { mss->check_shmem_swap = true; smaps_walk.pte_hole = smaps_pte_hole; _ Patches currently in -mm which might be from vbabka(a)suse.cz are mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range.patch mm-slab-combine-kmalloc_caches-and-kmalloc_dma_caches.patch mm-slab-slub-introduce-kmalloc-reclaimable-caches.patch dcache-allocate-external-names-from-reclaimable-kmalloc-caches.patch mm-rename-and-change-semantics-of-nr_indirectly_reclaimable_bytes.patch mm-proc-add-kreclaimable-to-proc-meminfo.patch mm-slab-shorten-kmalloc-cache-names-for-large-sizes.patch

6 years, 1 month

2
1
0 0

[GIT] PATCHES

by David Miller

Please queue up the following networking bug fixes for v4.14 and v4.18 -stable, respectively. Thanks!

6 years, 1 month

2
1
0 0

[PATCH AUTOSEL 3.18 01/15] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 4fe43d80c153..ca99638b5d5a 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -150,10 +150,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1285,10 +1291,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 1 month

1
14
0 0

[PATCH AUTOSEL 4.9 01/38] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 6e768093d7c8..b7ac834a6091 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1316,10 +1322,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 1 month

1
37
0 0

[PATCH AUTOSEL 4.14 01/61] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 5554d28a32eb..4292347bf45e 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1353,10 +1359,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 1 month

1
60
0 0

[PATCH AUTOSEL 4.18 001/100] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 33878e6e0d0a..5151b3ebf068 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1359,10 +1365,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 1 month

1
99
0 0

Re: [PATCH] powerpc/traps: restore recoverability of machine_check interrupts

by Christophe LEROY

Cc: stable(a)vger.kernel.org <stable(a)vger.kernel.org> Le 13/10/2018 à 11:16, Christophe Leroy a écrit : > commit b96672dd840f ("powerpc: Machine check interrupt is a non- > maskable interrupt") added a call to nmi_enter() at the beginning of > machine check restart exception handler. Due to that, in_interrupt() > always returns true regardless of the state before entering the > exception, and die() panics even when the system was not already in > interrupt. > > This patch calls nmi_exit() before calling die() in order to restore > the interrupt state we had before calling nmi_enter() > > Fixes: b96672dd840f ("powerpc: Machine check interrupt is a non-maskable interrupt") > Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> > --- > arch/powerpc/kernel/traps.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c > index fd58749b4d6b..4f880c2a6e4c 100644 > --- a/arch/powerpc/kernel/traps.c > +++ b/arch/powerpc/kernel/traps.c > @@ -765,12 +765,17 @@ void machine_check_exception(struct pt_regs *regs) > if (check_io_access(regs)) > goto bail; > > - die("Machine check", regs, SIGBUS); > - > /* Must die if the interrupt is not recoverable */ > if (!(regs->msr & MSR_RI)) > nmi_panic(regs, "Unrecoverable Machine check"); > > + if (!nested) > + nmi_exit(); > + > + die("Machine check", regs, SIGBUS); > + > + return; > + > bail: > if (!nested) > nmi_exit(); >

6 years, 1 month

2
1
0 0

[PATCH] ext4: Fix error code in ext4_xattr_set_entry()

by Daniel Rosenberg

ext4_xattr_set_entry should return EFSCORRUPTED instead of EIO for corrupted xattr entries. Fixes b469713e0c0c ("ext4: add corruption check in ext4_xattr_set_entry()") Signed-off-by: Daniel Rosenberg <drosen(a)google.com> --- Apply to 4.9 fs/ext4/xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index c10180d0b0189..7d6da09e637b7 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -657,7 +657,7 @@ ext4_xattr_set_entry(struct ext4_xattr_info *i, struct ext4_xattr_search *s, next = EXT4_XATTR_NEXT(last); if ((void *)next >= s->end) { EXT4_ERROR_INODE(inode, "corrupted xattr entries"); - return -EIO; + return -EFSCORRUPTED; } if (last->e_value_size) { size_t offs = le16_to_cpu(last->e_value_offs); -- 2.19.1.331.ge82ca0e54c-goog

6 years, 1 month

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2018