September 2019 - Linux-stable-mirror

[PATCH] HID: sony: Fix memory corruption issue on cleanup.

by Roderick Colenbrander

From: Roderick Colenbrander <roderick.colenbrander(a)sony.com> The sony driver is not properly cleaning up from potential failures in sony_input_configured. Currently it calls hid_hw_stop, while hid_connect is still running. This is not a good idea, instead hid_hw_stop should be moved to sony_probe. Similar changes were recently made to Logitech drivers, which were also doing improper cleanup. Signed-off-by: Roderick Colenbrander <roderick.colenbrander(a)sony.com> CC: stable(a)vger.kernel.org --- drivers/hid/hid-sony.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hid/hid-sony.c b/drivers/hid/hid-sony.c index 31f1023214d3..09f2c617b09f 100644 --- a/drivers/hid/hid-sony.c +++ b/drivers/hid/hid-sony.c @@ -2806,7 +2806,6 @@ static int sony_input_configured(struct hid_device *hdev, sony_cancel_work_sync(sc); sony_remove_dev_list(sc); sony_release_device_id(sc); - hid_hw_stop(hdev); return ret; } @@ -2868,6 +2867,7 @@ static int sony_probe(struct hid_device *hdev, const struct hid_device_id *id) */ if (!(hdev->claimed & HID_CLAIMED_INPUT)) { hid_err(hdev, "failed to claim input\n"); + hid_hw_stop(hdev); return -ENODEV; } -- 2.21.0

5 years, 3 months

2
1
0 0

patch "serial: sprd: correct the wrong sequence of arguments" added to tty-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: sprd: correct the wrong sequence of arguments to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 9c801e313195addaf11c16e155f50789d6ebfd19 Mon Sep 17 00:00:00 2001 From: Chunyan Zhang <chunyan.zhang(a)unisoc.com> Date: Thu, 5 Sep 2019 15:41:51 +0800 Subject: serial: sprd: correct the wrong sequence of arguments The sequence of arguments which was passed to handle_lsr_errors() didn't match the parameters defined in that function, &lsr was passed to flag and &flag was passed to lsr, this patch fixed that. Fixes: b7396a38fb28 ("tty/serial: Add Spreadtrum sc9836-uart driver support") Signed-off-by: Chunyan Zhang <chunyan.zhang(a)unisoc.com> Signed-off-by: Chunyan Zhang <zhang.lyra(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20190905074151.5268-1-zhang.lyra@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/sprd_serial.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/sprd_serial.c b/drivers/tty/serial/sprd_serial.c index f8db5c8e4e39..771d11196523 100644 --- a/drivers/tty/serial/sprd_serial.c +++ b/drivers/tty/serial/sprd_serial.c @@ -617,7 +617,7 @@ static inline void sprd_rx(struct uart_port *port) if (lsr & (SPRD_LSR_BI | SPRD_LSR_PE | SPRD_LSR_FE | SPRD_LSR_OE)) - if (handle_lsr_errors(port, &lsr, &flag)) + if (handle_lsr_errors(port, &flag, &lsr)) continue; if (uart_handle_sysrq_char(port, ch)) continue; -- 2.23.0

5 years, 3 months

1
0
0 0

[git:media_tree/master] media: videobuf-core.c: poll_wait needs a non-NULL buf pointer

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: videobuf-core.c: poll_wait needs a non-NULL buf pointer Author: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Date: Wed Sep 4 06:04:07 2019 -0300 poll_wait uses &buf->done, but buf is NULL. Move the poll_wait to later in the function once buf is correctly set and only call it if it is non-NULL. Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com> Fixes: bb436cbeb918 ("media: videobuf: fix epoll() by calling poll_wait first") Cc: <stable(a)vger.kernel.org> # for v5.1 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/v4l2-core/videobuf-core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- diff --git a/drivers/media/v4l2-core/videobuf-core.c b/drivers/media/v4l2-core/videobuf-core.c index 7ef3e4d22bf6..939fc11cf080 100644 --- a/drivers/media/v4l2-core/videobuf-core.c +++ b/drivers/media/v4l2-core/videobuf-core.c @@ -1123,7 +1123,6 @@ __poll_t videobuf_poll_stream(struct file *file, struct videobuf_buffer *buf = NULL; __poll_t rc = 0; - poll_wait(file, &buf->done, wait); videobuf_queue_lock(q); if (q->streaming) { if (!list_empty(&q->stream)) @@ -1143,7 +1142,9 @@ __poll_t videobuf_poll_stream(struct file *file, } buf = q->read_buf; } - if (!buf) + if (buf) + poll_wait(file, &buf->done, wait); + else rc = EPOLLERR; if (0 == rc) {

5 years, 3 months

1
0
0 0

[PATCH 0/8] x86/platform/UV: Update UV Hubless System Support

by Mike Travis

These patches support upcoming UV systems that do not have a UV HUB. * Save OEM_ID from ACPI MADT probe * Return UV Hubless System Type * Add return code to UV BIOS Init function * Setup UV functions for Hubless UV Systems * Add UV Hubbed/Hubless Proc FS Files * Decode UVsystab Info * Account for UV Hubless in is_uvX_hub Ops --

5 years, 3 months

4
23
0 0

patch "serial: sprd: correct the wrong sequence of arguments" added to tty-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: sprd: correct the wrong sequence of arguments to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the tty-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 9c801e313195addaf11c16e155f50789d6ebfd19 Mon Sep 17 00:00:00 2001 From: Chunyan Zhang <chunyan.zhang(a)unisoc.com> Date: Thu, 5 Sep 2019 15:41:51 +0800 Subject: serial: sprd: correct the wrong sequence of arguments The sequence of arguments which was passed to handle_lsr_errors() didn't match the parameters defined in that function, &lsr was passed to flag and &flag was passed to lsr, this patch fixed that. Fixes: b7396a38fb28 ("tty/serial: Add Spreadtrum sc9836-uart driver support") Signed-off-by: Chunyan Zhang <chunyan.zhang(a)unisoc.com> Signed-off-by: Chunyan Zhang <zhang.lyra(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20190905074151.5268-1-zhang.lyra@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/sprd_serial.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/serial/sprd_serial.c b/drivers/tty/serial/sprd_serial.c index f8db5c8e4e39..771d11196523 100644 --- a/drivers/tty/serial/sprd_serial.c +++ b/drivers/tty/serial/sprd_serial.c @@ -617,7 +617,7 @@ static inline void sprd_rx(struct uart_port *port) if (lsr & (SPRD_LSR_BI | SPRD_LSR_PE | SPRD_LSR_FE | SPRD_LSR_OE)) - if (handle_lsr_errors(port, &lsr, &flag)) + if (handle_lsr_errors(port, &flag, &lsr)) continue; if (uart_handle_sysrq_char(port, ch)) continue; -- 2.23.0

5 years, 3 months

1
0
0 0

patch "firmware: google: check if size is valid when decoding VPD data" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled firmware: google: check if size is valid when decoding VPD data to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 4b708b7b1a2c09fbdfff6b942ebe3a160213aacd Mon Sep 17 00:00:00 2001 From: Hung-Te Lin <hungte(a)chromium.org> Date: Fri, 30 Aug 2019 10:23:58 +0800 Subject: firmware: google: check if size is valid when decoding VPD data The VPD implementation from Chromium Vital Product Data project used to parse data from untrusted input without checking if the meta data is invalid or corrupted. For example, the size from decoded content may be negative value, or larger than whole input buffer. Such invalid data may cause buffer overflow. To fix that, the size parameters passed to vpd_decode functions should be changed to unsigned integer (u32) type, and the parsing of entry header should be refactored so every size field is correctly verified before starting to decode. Fixes: ad2ac9d5c5e0 ("firmware: Google VPD: import lib_vpd source files") Signed-off-by: Hung-Te Lin <hungte(a)chromium.org> Cc: stable <stable(a)vger.kernel.org> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Reviewed-by: Stephen Boyd <swboyd(a)chromium.org> Link: https://lore.kernel.org/r/20190830022402.214442-1-hungte@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/firmware/google/vpd.c | 4 +- drivers/firmware/google/vpd_decode.c | 55 ++++++++++++++++------------ drivers/firmware/google/vpd_decode.h | 6 +-- 3 files changed, 37 insertions(+), 28 deletions(-) diff --git a/drivers/firmware/google/vpd.c b/drivers/firmware/google/vpd.c index 0739f3b70347..db0812263d46 100644 --- a/drivers/firmware/google/vpd.c +++ b/drivers/firmware/google/vpd.c @@ -92,8 +92,8 @@ static int vpd_section_check_key_name(const u8 *key, s32 key_len) return VPD_OK; } -static int vpd_section_attrib_add(const u8 *key, s32 key_len, - const u8 *value, s32 value_len, +static int vpd_section_attrib_add(const u8 *key, u32 key_len, + const u8 *value, u32 value_len, void *arg) { int ret; diff --git a/drivers/firmware/google/vpd_decode.c b/drivers/firmware/google/vpd_decode.c index 92e3258552fc..dda525c0f968 100644 --- a/drivers/firmware/google/vpd_decode.c +++ b/drivers/firmware/google/vpd_decode.c @@ -9,8 +9,8 @@ #include "vpd_decode.h" -static int vpd_decode_len(const s32 max_len, const u8 *in, - s32 *length, s32 *decoded_len) +static int vpd_decode_len(const u32 max_len, const u8 *in, + u32 *length, u32 *decoded_len) { u8 more; int i = 0; @@ -30,18 +30,39 @@ static int vpd_decode_len(const s32 max_len, const u8 *in, } while (more); *decoded_len = i; + return VPD_OK; +} + +static int vpd_decode_entry(const u32 max_len, const u8 *input_buf, + u32 *_consumed, const u8 **entry, u32 *entry_len) +{ + u32 decoded_len; + u32 consumed = *_consumed; + + if (vpd_decode_len(max_len - consumed, &input_buf[consumed], + entry_len, &decoded_len) != VPD_OK) + return VPD_FAIL; + if (max_len - consumed < decoded_len) + return VPD_FAIL; + + consumed += decoded_len; + *entry = input_buf + consumed; + + /* entry_len is untrusted data and must be checked again. */ + if (max_len - consumed < *entry_len) + return VPD_FAIL; + consumed += decoded_len; + *_consumed = consumed; return VPD_OK; } -int vpd_decode_string(const s32 max_len, const u8 *input_buf, s32 *consumed, +int vpd_decode_string(const u32 max_len, const u8 *input_buf, u32 *consumed, vpd_decode_callback callback, void *callback_arg) { int type; - int res; - s32 key_len; - s32 value_len; - s32 decoded_len; + u32 key_len; + u32 value_len; const u8 *key; const u8 *value; @@ -56,26 +77,14 @@ int vpd_decode_string(const s32 max_len, const u8 *input_buf, s32 *consumed, case VPD_TYPE_STRING: (*consumed)++; - /* key */ - res = vpd_decode_len(max_len - *consumed, &input_buf[*consumed], - &key_len, &decoded_len); - if (res != VPD_OK || *consumed + decoded_len >= max_len) + if (vpd_decode_entry(max_len, input_buf, consumed, &key, + &key_len) != VPD_OK) return VPD_FAIL; - *consumed += decoded_len; - key = &input_buf[*consumed]; - *consumed += key_len; - - /* value */ - res = vpd_decode_len(max_len - *consumed, &input_buf[*consumed], - &value_len, &decoded_len); - if (res != VPD_OK || *consumed + decoded_len > max_len) + if (vpd_decode_entry(max_len, input_buf, consumed, &value, + &value_len) != VPD_OK) return VPD_FAIL; - *consumed += decoded_len; - value = &input_buf[*consumed]; - *consumed += value_len; - if (type == VPD_TYPE_STRING) return callback(key, key_len, value, value_len, callback_arg); diff --git a/drivers/firmware/google/vpd_decode.h b/drivers/firmware/google/vpd_decode.h index cf8c2ace155a..8dbe41cac599 100644 --- a/drivers/firmware/google/vpd_decode.h +++ b/drivers/firmware/google/vpd_decode.h @@ -25,8 +25,8 @@ enum { }; /* Callback for vpd_decode_string to invoke. */ -typedef int vpd_decode_callback(const u8 *key, s32 key_len, - const u8 *value, s32 value_len, +typedef int vpd_decode_callback(const u8 *key, u32 key_len, + const u8 *value, u32 value_len, void *arg); /* @@ -44,7 +44,7 @@ typedef int vpd_decode_callback(const u8 *key, s32 key_len, * If one entry is successfully decoded, sends it to callback and returns the * result. */ -int vpd_decode_string(const s32 max_len, const u8 *input_buf, s32 *consumed, +int vpd_decode_string(const u32 max_len, const u8 *input_buf, u32 *consumed, vpd_decode_callback callback, void *callback_arg); #endif /* __VPD_DECODE_H */ -- 2.23.0

5 years, 3 months

1
0
0 0

patch "/dev/mem: Bail out upon SIGKILL." added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled /dev/mem: Bail out upon SIGKILL. to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 8619e5bdeee8b2c685d686281f2d2a6017c4bc15 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Mon, 26 Aug 2019 22:13:25 +0900 Subject: /dev/mem: Bail out upon SIGKILL. syzbot found that a thread can stall for minutes inside read_mem() or write_mem() after that thread was killed by SIGKILL [1]. Reading from iomem areas of /dev/mem can be slow, depending on the hardware. While reading 2GB at one read() is legal, delaying termination of killed thread for minutes is bad. Thus, allow reading/writing /dev/mem and /dev/kmem to be preemptible and killable. [ 1335.912419][T20577] read_mem: sz=4096 count=2134565632 [ 1335.943194][T20577] read_mem: sz=4096 count=2134561536 [ 1335.978280][T20577] read_mem: sz=4096 count=2134557440 [ 1336.011147][T20577] read_mem: sz=4096 count=2134553344 [ 1336.041897][T20577] read_mem: sz=4096 count=2134549248 Theoretically, reading/writing /dev/mem and /dev/kmem can become "interruptible". But this patch chose "killable". Future patch will make them "interruptible" so that we can revert to "killable" if some program regressed. [1] https://syzkaller.appspot.com/bug?id=a0e3436829698d5824231251fad9d8e998f94f… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: stable <stable(a)vger.kernel.org> Reported-by: syzbot <syzbot+8ab2d0f39fb79fe6ca40(a)syzkaller.appspotmail.com> Link: https://lore.kernel.org/r/1566825205-10703-1-git-send-email-penguin-kernel@… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/char/mem.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/drivers/char/mem.c b/drivers/char/mem.c index b08dc50f9f26..9eb564c002f6 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -97,6 +97,13 @@ void __weak unxlate_dev_mem_ptr(phys_addr_t phys, void *addr) } #endif +static inline bool should_stop_iteration(void) +{ + if (need_resched()) + cond_resched(); + return fatal_signal_pending(current); +} + /* * This funcion reads the *physical* memory. The f_pos points directly to the * memory location. @@ -175,6 +182,8 @@ static ssize_t read_mem(struct file *file, char __user *buf, p += sz; count -= sz; read += sz; + if (should_stop_iteration()) + break; } kfree(bounce); @@ -251,6 +260,8 @@ static ssize_t write_mem(struct file *file, const char __user *buf, p += sz; count -= sz; written += sz; + if (should_stop_iteration()) + break; } *ppos += written; @@ -468,6 +479,10 @@ static ssize_t read_kmem(struct file *file, char __user *buf, read += sz; low_count -= sz; count -= sz; + if (should_stop_iteration()) { + count = 0; + break; + } } } @@ -492,6 +507,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, buf += sz; read += sz; p += sz; + if (should_stop_iteration()) + break; } free_page((unsigned long)kbuf); } @@ -544,6 +561,8 @@ static ssize_t do_write_kmem(unsigned long p, const char __user *buf, p += sz; count -= sz; written += sz; + if (should_stop_iteration()) + break; } *ppos += written; @@ -595,6 +614,8 @@ static ssize_t write_kmem(struct file *file, const char __user *buf, buf += sz; virtr += sz; p += sz; + if (should_stop_iteration()) + break; } free_page((unsigned long)kbuf); } -- 2.23.0

5 years, 3 months

1
0
0 0

patch "USB: usbcore: Fix slab-out-of-bounds bug during device reset" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: usbcore: Fix slab-out-of-bounds bug during device reset to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 3dd550a2d36596a1b0ee7955da3b611c031d3873 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Wed, 4 Sep 2019 11:56:27 -0400 Subject: USB: usbcore: Fix slab-out-of-bounds bug during device reset The syzbot fuzzer provoked a slab-out-of-bounds error in the USB core: BUG: KASAN: slab-out-of-bounds in memcmp+0xa6/0xb0 lib/string.c:904 Read of size 1 at addr ffff8881d175bed6 by task kworker/0:3/2746 CPU: 0 PID: 2746 Comm: kworker/0:3 Not tainted 5.3.0-rc5+ #28 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xca/0x13e lib/dump_stack.c:113 print_address_description+0x6a/0x32c mm/kasan/report.c:351 __kasan_report.cold+0x1a/0x33 mm/kasan/report.c:482 kasan_report+0xe/0x12 mm/kasan/common.c:612 memcmp+0xa6/0xb0 lib/string.c:904 memcmp include/linux/string.h:400 [inline] descriptors_changed drivers/usb/core/hub.c:5579 [inline] usb_reset_and_verify_device+0x564/0x1300 drivers/usb/core/hub.c:5729 usb_reset_device+0x4c1/0x920 drivers/usb/core/hub.c:5898 rt2x00usb_probe+0x53/0x7af drivers/net/wireless/ralink/rt2x00/rt2x00usb.c:806 The error occurs when the descriptors_changed() routine (called during a device reset) attempts to compare the old and new BOS and capability descriptors. The length it uses for the comparison is the wTotalLength value stored in BOS descriptor, but this value is not necessarily the same as the length actually allocated for the descriptors. If it is larger the routine will call memcmp() with a length that is too big, thus reading beyond the end of the allocated region and leading to this fault. The kernel reads the BOS descriptor twice: first to get the total length of all the capability descriptors, and second to read it along with all those other descriptors. A malicious (or very faulty) device may send different values for the BOS descriptor fields each time. The memory area will be allocated using the wTotalLength value read the first time, but stored within it will be the value read the second time. To prevent this possibility from causing any errors, this patch modifies the BOS descriptor after it has been read the second time: It sets the wTotalLength field to the actual length of the descriptors that were read in and validated. Then the memcpy() call, or any other code using these descriptors, will be able to rely on wTotalLength being valid. Reported-and-tested-by: syzbot+35f4d916c623118d576e(a)syzkaller.appspotmail.com Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> CC: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.1909041154260.1722-100000@iolanth… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/config.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c index 9d6cb709ca7b..151a74a54386 100644 --- a/drivers/usb/core/config.c +++ b/drivers/usb/core/config.c @@ -921,7 +921,7 @@ int usb_get_bos_descriptor(struct usb_device *dev) struct usb_bos_descriptor *bos; struct usb_dev_cap_header *cap; struct usb_ssp_cap_descriptor *ssp_cap; - unsigned char *buffer; + unsigned char *buffer, *buffer0; int length, total_len, num, i, ssac; __u8 cap_type; int ret; @@ -966,10 +966,12 @@ int usb_get_bos_descriptor(struct usb_device *dev) ret = -ENOMSG; goto err; } + + buffer0 = buffer; total_len -= length; + buffer += length; for (i = 0; i < num; i++) { - buffer += length; cap = (struct usb_dev_cap_header *)buffer; if (total_len < sizeof(*cap) || total_len < cap->bLength) { @@ -983,8 +985,6 @@ int usb_get_bos_descriptor(struct usb_device *dev) break; } - total_len -= length; - if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) { dev_warn(ddev, "descriptor type invalid, skip\n"); continue; @@ -1019,7 +1019,11 @@ int usb_get_bos_descriptor(struct usb_device *dev) default: break; } + + total_len -= length; + buffer += length; } + dev->bos->desc->wTotalLength = cpu_to_le16(buffer - buffer0); return 0; -- 2.23.0

5 years, 3 months

1
0
0 0

stable-rc/linux-4.9.y boot: 129 boots: 6 failed, 114 passed with 8 offline, 1 untried/unknown (v4.9.190-84-ga232f5b3e312)

by kernelci.org bot

stable-rc/linux-4.9.y boot: 129 boots: 6 failed, 114 passed with 8 offline, 1 untried/unknown (v4.9.190-84-ga232f5b3e312) Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.9.y/kernel/v4.9.… Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.9.y/kernel/v4.9.190-84-… Tree: stable-rc Branch: linux-4.9.y Git Describe: v4.9.190-84-ga232f5b3e312 Git Commit: a232f5b3e31224799f7506f9e9d4257d3d357d1b Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Tested: 57 unique boards, 22 SoC families, 15 builds out of 197 Boot Failures Detected: arm: multi_v7_defconfig: gcc-8: stih410-b2120: 1 failed lab vexpress_defconfig: gcc-8: qemu_arm-virt-gicv3: 5 failed labs Offline Platforms: arm64: defconfig: gcc-8 apq8016-sbc: 1 offline lab arm: multi_v7_defconfig: gcc-8 qcom-apq8064-cm-qs600: 1 offline lab qcom-apq8064-ifc6410: 1 offline lab sun5i-r8-chip: 1 offline lab davinci_all_defconfig: gcc-8 dm365evm,legacy: 1 offline lab qcom_defconfig: gcc-8 qcom-apq8064-cm-qs600: 1 offline lab qcom-apq8064-ifc6410: 1 offline lab sunxi_defconfig: gcc-8 sun5i-r8-chip: 1 offline lab --- For more info write to <info(a)kernelci.org>

5 years, 3 months

1
0
0 0

✅ PASS: Stable queue: queue-5.2

by CKI Project

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: c3915fe1bf12 - Linux 5.2.11 The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK All kernel binaries, config files, and logs are available for download here: https://artifacts.cki-project.org/pipelines/144281 Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out the following commit: Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: c3915fe1bf12 - Linux 5.2.11 We grabbed the 865ab84c192e commit of the stable queue repository. We then merged the patchset with `git am`: dmaengine-ste_dma40-fix-unneeded-variable-warning.patch nvme-multipath-revalidate-nvme_ns_head-gendisk-in-nv.patch afs-fix-the-cb.probeuuid-service-handler-to-reply-co.patch afs-fix-loop-index-mixup-in-afs_deliver_vl_get_entry.patch fs-afs-fix-a-possible-null-pointer-dereference-in-af.patch afs-fix-off-by-one-in-afs_rename-expected-data-versi.patch afs-only-update-d_fsdata-if-different-in-afs_d_reval.patch afs-fix-missing-dentry-data-version-updating.patch nvmet-fix-use-after-free-bug-when-a-port-is-removed.patch nvmet-loop-flush-nvme_delete_wq-when-removing-the-po.patch nvmet-file-fix-nvmet_file_flush-always-returning-an-.patch nvme-core-fix-extra-device_put-call-on-error-path.patch nvme-fix-a-possible-deadlock-when-passthru-commands-.patch nvme-rdma-fix-possible-use-after-free-in-connect-err.patch nvme-fix-controller-removal-race-with-scan-work.patch nvme-pci-fix-async-probe-remove-race.patch soundwire-cadence_master-fix-register-definition-for.patch soundwire-cadence_master-fix-definitions-for-intstat.patch auxdisplay-panel-need-to-delete-scan_timer-when-misc.patch btrfs-trim-check-the-range-passed-into-to-prevent-ov.patch ib-mlx5-fix-implicit-mr-release-flow.patch dmaengine-stm32-mdma-fix-a-possible-null-pointer-der.patch omap-dma-omap_vout_vrfb-fix-off-by-one-fi-value.patch iommu-dma-handle-sg-length-overflow-better.patch dma-direct-don-t-truncate-dma_required_mask-to-bus-a.patch usb-gadget-composite-clear-suspended-on-reset-discon.patch usb-gadget-mass_storage-fix-races-between-fsg_disabl.patch habanalabs-fix-dram-usage-accounting-on-context-tear.patch habanalabs-fix-endianness-handling-for-packets-from-.patch habanalabs-fix-completion-queue-handling-when-host-i.patch habanalabs-fix-endianness-handling-for-internal-qman.patch habanalabs-fix-device-irq-unmasking-for-be-host.patch xen-blkback-fix-memory-leaks.patch arm64-cpufeature-don-t-treat-granule-sizes-as-strict.patch riscv-fix-flush_tlb_range-end-address-for-flush_tlb_.patch i2c-rcar-avoid-race-when-unregistering-slave-client.patch i2c-emev2-avoid-race-when-unregistering-slave-client.patch drm-scheduler-use-job-count-instead-of-peek.patch drm-ast-fixed-reboot-test-may-cause-system-hanged.patch usb-host-fotg2-restart-hcd-after-port-reset.patch tools-hv-fixed-python-pep8-flake8-warnings-for-lsvmb.patch tools-hv-fix-kvp-and-vss-daemons-exit-code.patch locking-rwsem-add-missing-acquire-to-read_slowpath-e.patch lcoking-rwsem-add-missing-acquire-to-read_slowpath-s.patch watchdog-bcm2835_wdt-fix-module-autoload.patch selftests-bpf-install-files-test_xdp_vlan.sh.patch drm-bridge-tfp410-fix-memleak-in-get_modes.patch mt76-usb-fix-rx-a-msdu-support.patch ipv6-addrconf-allow-adding-multicast-addr-if-ifa_f_mcautojoin-is-set.patch ipv6-fix-return-value-of-ipv6_mc_may_pull-for-malformed-packets.patch net-cpsw-fix-null-pointer-exception-in-the-probe-error-path.patch net-fix-__ip_mc_inc_group-usage.patch net-smc-make-sure-epollout-is-raised.patch tcp-make-sure-epollout-wont-be-missed.patch ipv4-mpls-fix-mpls_xmit-for-iptunnel.patch openvswitch-fix-conntrack-cache-with-timeout.patch ipv4-icmp-fix-rt-dst-dev-null-pointer-dereference.patch xfrm-xfrm_policy-fix-dst-dev-null-pointer-dereference-in-collect_md-mode.patch mm-zsmalloc.c-fix-build-when-config_compaction-n.patch alsa-usb-audio-check-mixer-unit-bitmap-yet-more-strictly.patch alsa-hda-ca0132-add-new-sbz-quirk.patch alsa-line6-fix-memory-leak-at-line6_init_pcm-error-path.patch alsa-hda-fixes-inverted-conexant-gpio-mic-mute-led.patch alsa-seq-fix-potential-concurrent-access-to-the-deleted-pool.patch alsa-usb-audio-fix-invalid-null-check-in-snd_emuusb_set_samplerate.patch alsa-usb-audio-add-implicit-fb-quirk-for-behringer-ufx1604.patch kvm-x86-skip-populating-logical-dest-map-if-apic-is-not-sw-enabled.patch kvm-x86-hyper-v-don-t-crash-on-kvm_get_supported_hv_cpuid-when-kvm_intel.nested-is-disabled.patch kvm-x86-don-t-update-rip-or-do-single-step-on-faulting-emulation.patch uprobes-x86-fix-detection-of-32-bit-user-mode.patch x86-mm-cpa-prevent-large-page-split-when-ftrace-flips-rw-on-kernel-text.patch x86-apic-do-not-initialize-ldr-and-dfr-for-bigsmp.patch x86-apic-include-the-ldr-when-clearing-out-apic-registers.patch hid-logitech-hidpp-remove-support-for-the-g700-over-.patch ftrace-fix-null-pointer-dereference-in-t_probe_next.patch ftrace-check-for-successful-allocation-of-hash.patch ftrace-check-for-empty-hash-and-comment-the-race-with-registering-probes.patch usbtmc-more-sanity-checking-for-packet-size.patch usb-storage-add-new-jms567-revision-to-unusual_devs.patch usb-cdc-wdm-fix-race-between-write-and-disconnect-due-to-flag-abuse.patch usb-hcd-use-managed-device-resources.patch usb-chipidea-udc-don-t-do-hardware-access-if-gadget-has-stopped.patch usb-host-ohci-fix-a-race-condition-between-shutdown-and-irq.patch usb-host-xhci-rcar-fix-typo-in-compatible-string-matching.patch usb-storage-ums-realtek-update-module-parameter-description-for-auto_delink_en.patch usb-storage-ums-realtek-whitelist-auto-delink-support.patch tools-power-turbostat-fix-caller-parameter-of-get_tdp_amd.patch kvm-ppc-book3s-fix-incorrect-guest-to-user-translation-error-handling.patch kvm-arm-arm64-vgic-fix-potential-deadlock-when-ap_list-is-long.patch kvm-arm-arm64-vgic-v2-handle-sgi-bits-in-gicd_i-s-c-pendr0-as-wi.patch mei-me-add-tiger-lake-point-lp-device-id.patch revert-mmc-sdhci-tegra-drop-get_ro-implementation.patch mmc-sdhci-of-at91-add-quirk-for-broken-hs200.patch mmc-sdhci-cadence-enable-v4_mode-to-fix-adma-64-bit-addressing.patch mmc-core-fix-init-of-sd-cards-reporting-an-invalid-vdd-range.patch mmc-sdhci-sprd-fixed-incorrect-clock-divider.patch mmc-sdhci-sprd-add-sdhci_quirk2_preset_value_broken.patch stm-class-fix-a-double-free-of-stm_source_device.patch intel_th-pci-add-support-for-another-lewisburg-pch.patch intel_th-pci-add-tiger-lake-support.patch typec-tcpm-fix-a-typo-in-the-comparison-of-pdo_max_voltage.patch fsi-scom-don-t-abort-operations-for-minor-errors.patch lkdtm-bugs-fix-build-error-in-lkdtm_exhaust_stack.patch nfsv4-pnfs-fix-a-page-lock-leak-in-nfs_pageio_resend.patch nfs-ensure-o_direct-reports-an-error-if-the-bytes-read-written-is-0.patch revert-nfsv4-flexfiles-abort-i-o-early-if-the-layout-segment-was-invalidated.patch lib-logic_pio-fix-rcu-usage.patch lib-logic_pio-avoid-possible-overlap-for-unregistering-regions.patch lib-logic_pio-add-logic_pio_unregister_range.patch drm-amdgpu-add-aptx-quirk-for-dell-latitude-5495.patch drm-amdgpu-fix-gfxoff-on-picasso-and-raven2.patch drm-i915-don-t-deballoon-unused-ggtt-drm_mm_node-in-linux-guest.patch drm-i915-call-dma_set_max_seg_size-in-i915_driver_hw_probe.patch i2c-piix4-fix-port-selection-for-amd-family-16h-model-30h.patch bus-hisi_lpc-unregister-logical-pio-range-to-avoid-potential-use-after-free.patch bus-hisi_lpc-add-.remove-method-to-avoid-driver-unbind-crash.patch vmci-release-resource-if-the-work-is-already-queued.patch crypto-ccp-ignore-unconfigured-ccp-device-on-suspend-resume.patch sunrpc-don-t-handle-errors-if-the-bind-connect-succeeded.patch mt76-mt76x0u-do-not-reset-radio-on-resume.patch mms-sdhci-sprd-add-sdhci_quirk_broken_card_detection.patch mm-memcg-partially-revert-mm-memcontrol.c-keep-local-vm-counters-in-sync-with-the-hierarchical-ones.patch mm-memcontrol-fix-percpu-vmstats-and-vmevents-flush.patch revert-cfg80211-fix-processing-world-regdomain-when-non-modular.patch mac80211-fix-possible-sta-leak.patch cfg80211-fix-extended-key-id-key-install-checks.patch mac80211-don-t-memset-rxcb-prior-to-pae-intercept.patch mac80211-correctly-set-noencrypt-for-pae-frames.patch mmc-sdhci-sprd-clear-the-uhs-i-modes-read-from-regis.patch mmc-sdhci-sprd-implement-the-get_max_timeout_count-i.patch mmc-sdhci-sprd-add-get_ro-hook-function.patch iwlwifi-add-new-cards-for-22000-and-fix-struct-name.patch iwlwifi-add-new-cards-for-22000-and-change-wrong-str.patch iwlwifi-add-new-cards-for-9000-and-20000-series.patch iwlwifi-change-0x02f0-fw-from-qu-to-quz.patch iwlwifi-pcie-add-support-for-qu-c-step-devices.patch iwlwifi-pcie-don-t-switch-fw-to-qnj-when-ax201-is-de.patch iwlwifi-pcie-handle-switching-killer-qu-b0-nics-to-c.patch drm-i915-do-not-create-a-new-max_bpc-prop-for-mst-co.patch drm-i915-dp-fix-dsc-enable-code-to-use-cpu_transcode.patch x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch bpf-fix-use-after-free-in-prog-symbol-exposure.patch hsr-implement-dellink-to-clean-up-resources.patch Compile testing --------------- We compiled the kernel for 3 architectures: aarch64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg ppc64le: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg x86_64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: Host 1: ✅ Boot test [0] ✅ Podman system integration test (as root) [1] ✅ Podman system integration test (as user) [1] ✅ Loopdev Sanity [2] ✅ jvm test suite [3] ✅ AMTU (Abstract Machine Test Utility) [4] ✅ LTP: openposix test suite [5] ✅ Ethernet drivers sanity [6] ✅ Networking socket: fuzz [7] ✅ Networking: igmp conformance test [8] ✅ audit: audit testsuite test [9] ✅ httpd: mod_ssl smoke sanity [10] ✅ iotop: sanity [11] ✅ tuned: tune-processes-through-perf [12] ✅ Usex - version 1.9-29 [13] ✅ stress: stress-ng [14] 🚧 ✅ LTP lite [15] 🚧 ✅ Memory function: kaslr [16] 🚧 ✅ Networking ipsec: basic netns transport [17] 🚧 ✅ Networking ipsec: basic netns tunnel [17] 🚧 ✅ trace: ftrace/tracer [18] Host 2: ✅ Boot test [0] ✅ selinux-policy: serge-testsuite [19] 🚧 ✅ Storage blktests [20] ppc64le: Host 1: ✅ Boot test [0] ✅ selinux-policy: serge-testsuite [19] 🚧 ❌ Storage blktests [20] Host 2: ✅ Boot test [0] ✅ Podman system integration test (as root) [1] ✅ Podman system integration test (as user) [1] ✅ Loopdev Sanity [2] ✅ jvm test suite [3] ✅ AMTU (Abstract Machine Test Utility) [4] ✅ LTP: openposix test suite [5] ✅ Ethernet drivers sanity [6] ✅ Networking socket: fuzz [7] ✅ audit: audit testsuite test [9] ✅ httpd: mod_ssl smoke sanity [10] ✅ iotop: sanity [11] ✅ tuned: tune-processes-through-perf [12] ✅ Usex - version 1.9-29 [13] 🚧 ✅ LTP lite [15] 🚧 ✅ Memory function: kaslr [16] 🚧 ✅ Networking ipsec: basic netns tunnel [17] 🚧 ✅ trace: ftrace/tracer [18] x86_64: Host 1: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test [0] ✅ Podman system integration test (as root) [1] ✅ Podman system integration test (as user) [1] ✅ Loopdev Sanity [2] ✅ jvm test suite [3] ✅ AMTU (Abstract Machine Test Utility) [4] ✅ LTP: openposix test suite [5] ✅ Ethernet drivers sanity [6] ✅ Networking socket: fuzz [7] ✅ Networking: igmp conformance test [8] ✅ audit: audit testsuite test [9] ✅ httpd: mod_ssl smoke sanity [10] ✅ iotop: sanity [11] ✅ tuned: tune-processes-through-perf [12] ✅ pciutils: sanity smoke test [21] ✅ Usex - version 1.9-29 [13] ✅ stress: stress-ng [14] 🚧 ⚡⚡⚡ LTP lite [15] 🚧 ✅ Memory function: kaslr [16] 🚧 ✅ Networking ipsec: basic netns transport [17] 🚧 ✅ Networking ipsec: basic netns tunnel [17] 🚧 ✅ trace: ftrace/tracer [18] Host 2: ✅ Boot test [0] ✅ selinux-policy: serge-testsuite [19] 🚧 ✅ Storage blktests [20] 🚧 ✅ IOMMU boot test [22] Test source: 💚 Pull requests are welcome for new tests or improvements to existing tests! [0]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [1]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/container/p… [2]: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… [3]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/jvm [4]: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu [5]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [6]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [7]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [8]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/i… [9]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/aud… [10]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/htt… [11]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/iot… [12]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/tun… [13]: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… [14]: https://github.com/CKI-project/tests-beaker/archive/master.zip#stress/stres… [15]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [16]: https://github.com/CKI-project/tests-beaker/archive/master.zip#memory/funct… [17]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [18]: https://github.com/CKI-project/tests-beaker/archive/master.zip#trace/ftrace… [19]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/packages/se… [20]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/blk [21]: https://github.com/CKI-project/tests-beaker/archive/master.zip#pciutils/san… [22]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/iommu/boot Waived tests ------------ If the test run included waived tests, they are marked with 🚧. Such tests are executed but their results are not taken into account. Tests are waived when their results are not reliable enough, e.g. when they're just introduced or are being fixed.

5 years, 3 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2019