September 2022 - Linux-stable-mirror

[PATCH] seccomp: fix refcounter leak if fork/clone is terminated

by Oleksandr Tymoshenko

release_task, where the seccomp's filter refcounter is released, is not called for the case when the fork/clone is terminated midway by a signal. This leaves an extra reference that prevents filter from being destroyed even after all processes using it exit leading to a BPF JIT memory leak. Dereference the refcounter in the failure path of the copy_process function. Fixes: 3a15fb6ed92c ("seccomp: release filter after task is fully dead") Cc: Christian Brauner <brauner(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Oleksandr Tymoshenko <ovt(a)google.com> --- kernel/fork.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/kernel/fork.c b/kernel/fork.c index 90c85b17bf69..20f7a3e91354 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1763,6 +1763,21 @@ static void copy_seccomp(struct task_struct *p) #endif } +static void release_seccomp(struct task_struct *p) +{ +#ifdef CONFIG_SECCOMP + /* + * Must be called with sighand->lock held, which is common to + * all threads in the group. Holding cred_guard_mutex is not + * needed because this new task is not yet running and cannot + * be racing exec. + */ + assert_spin_locked(&current->sighand->siglock); + + seccomp_filter_release(p); +#endif +} + SYSCALL_DEFINE1(set_tid_address, int __user *, tidptr) { current->clear_child_tid = tidptr; @@ -2495,6 +2510,7 @@ static __latent_entropy struct task_struct *copy_process( return p; bad_fork_cancel_cgroup: + release_seccomp(p); sched_core_free(p); spin_unlock(&current->sighand->siglock); write_unlock_irq(&tasklist_lock); -- 2.37.2.789.g6183377224-goog

1 year, 8 months

2
1
0 0

[PATCH 5.10 00/37] 5.10.141-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.141 release. There are 37 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 04 Sep 2022 12:13:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.141-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.141-rc1 Yang Yingliang <yangyingliang(a)huawei.com> net: neigh: don't call kfree_skb() under spin_lock_irqsave() Zhengchao Shao <shaozhengchao(a)huawei.com> net/af_packet: check len when min_header_len equals to 0 Eric Sandeen <sandeen(a)redhat.com> xfs: revert "xfs: actually bump warning counts when we send warnings" Brian Foster <bfoster(a)redhat.com> xfs: fix soft lockup via spinning in filestream ag selection loop Darrick J. Wong <djwong(a)kernel.org> xfs: fix overfilling of reserve pool Darrick J. Wong <djwong(a)kernel.org> xfs: always succeed at setting the reserve pool size Darrick J. Wong <djwong(a)kernel.org> xfs: remove infinite loop when reserving free block pool Pavel Begunkov <asml.silence(a)gmail.com> io_uring: disable polling pollfree files Kuniyuki Iwashima <kuniyu(a)amazon.com> kprobes: don't call disarm_kprobe() for disabled kprobes Christophe Leroy <christophe.leroy(a)csgroup.eu> lib/vdso: Mark do_hres_timens() and do_coarse_timens() __always_inline() Geert Uytterhoeven <geert(a)linux-m68k.org> netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y Dusica Milinkovic <Dusica.Milinkovic(a)amd.com> drm/amdgpu: Increase tlb flush timeout for sriov Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Fix pixel clock programming Evan Quan <evan.quan(a)amd.com> drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid Juergen Gross <jgross(a)suse.com> s390/hypfs: avoid error message under KVM Denis V. Lunev <den(a)openvz.org> neigh: fix possible DoS due to net iface start/stop loop Fudong Wang <Fudong.Wang(a)amd.com> drm/amd/display: clear optc underflow before turn off odm clock Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: For stereo keep "FLIP_ANY_FRAME" Josip Pavic <Josip.Pavic(a)amd.com> drm/amd/display: Avoid MPC infinite loop Wenbin Mei <wenbin.mei(a)mediatek.com> mmc: mtk-sd: Clear interrupts when cqe off/disable Jann Horn <jannh(a)google.com> mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse Zhengchao Shao <shaozhengchao(a)huawei.com> bpf: Don't redirect packets with invalid pkt_len Yang Jihong <yangjihong1(a)huawei.com> ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead Letu Ren <fantasquex(a)gmail.com> fbdev: fb_pm2fb: Avoid potential divide by zero error Hawkins Jiawei <yin31149(a)gmail.com> net: fix refcount bug in sk_psock_get (2) Karthik Alapati <mail(a)karthek.com> HID: hidraw: fix memory leak in hidraw_release() Dongliang Mu <mudongliangabcd(a)gmail.com> media: pvrusb2: fix memory leak in pvr_probe Vivek Kasireddy <vivek.kasireddy(a)intel.com> udmabuf: Set the DMA mask for the udmabuf device (v2) Lee Jones <lee.jones(a)linaro.org> HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()" Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix build errors in some archs Jing Leng <jleng(a)ambarella.com> kbuild: Fix include path in scripts/Makefile.modpost Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: do not trigger write fault when vma does not allow VM_WRITE Eric Biggers <ebiggers(a)google.com> crypto: lib - remove unneeded selection of XOR_BLOCKS Peter Zijlstra <peterz(a)infradead.org> x86/nospec: Fix i386 RSB stuffing Peter Zijlstra <peterz(a)infradead.org> x86/nospec: Unwreck the RSB stuffing Jann Horn <jannh(a)google.com> mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() ------------- Diffstat: Makefile | 4 +- arch/s390/hypfs/hypfs_diag.c | 2 +- arch/s390/hypfs/inode.c | 2 +- arch/s390/mm/fault.c | 4 +- arch/x86/include/asm/nospec-branch.h | 92 ++++++++++++---------- drivers/android/binder.c | 1 + drivers/dma-buf/udmabuf.c | 18 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 +- drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 3 +- drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 3 +- .../gpu/drm/amd/display/dc/dce/dce_clock_source.c | 2 + drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c | 6 ++ drivers/gpu/drm/amd/display/dc/dcn10/dcn10_optc.c | 5 ++ drivers/gpu/drm/amd/display/dc/dcn20/dcn20_mpc.c | 6 ++ drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hubp.c | 2 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 1 + drivers/hid/hid-steam.c | 10 +++ drivers/hid/hidraw.c | 3 + drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 1 + drivers/mmc/host/mtk-sd.c | 6 ++ drivers/pci/pcie/portdrv_core.c | 9 ++- drivers/video/fbdev/pm2fb.c | 5 ++ fs/io_uring.c | 5 ++ fs/signalfd.c | 1 + fs/xfs/xfs_filestream.c | 7 +- fs/xfs/xfs_fsops.c | 52 +++++------- fs/xfs/xfs_mount.h | 8 ++ fs/xfs/xfs_trans_dquot.c | 1 - include/linux/fs.h | 1 + include/linux/rmap.h | 7 +- include/linux/skbuff.h | 8 ++ include/linux/skmsg.h | 3 +- include/net/sock.h | 68 +++++++++++----- kernel/kprobes.c | 9 ++- kernel/trace/ftrace.c | 10 +++ lib/crypto/Kconfig | 1 - lib/vdso/gettimeofday.c | 16 ++-- mm/mmap.c | 12 +++ mm/rmap.c | 29 ++++--- net/bluetooth/l2cap_core.c | 10 +-- net/bpf/test_run.c | 3 + net/core/dev.c | 1 + net/core/neighbour.c | 27 +++++-- net/core/skmsg.c | 4 +- net/netfilter/Kconfig | 1 - net/packet/af_packet.c | 4 +- scripts/Makefile.modpost | 3 +- 47 files changed, 325 insertions(+), 153 deletions(-)

1 year, 8 months

9
45
0 0

[PATCH 4.19 00/56] 4.19.257-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.257 release. There are 56 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 04 Sep 2022 12:13:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.257-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.257-rc1 Yang Yingliang <yangyingliang(a)huawei.com> net: neigh: don't call kfree_skb() under spin_lock_irqsave() Kuniyuki Iwashima <kuniyu(a)amazon.com> kprobes: don't call disarm_kprobe() for disabled kprobes Geert Uytterhoeven <geert(a)linux-m68k.org> netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y Juergen Gross <jgross(a)suse.com> s390/hypfs: avoid error message under KVM Denis V. Lunev <den(a)openvz.org> neigh: fix possible DoS due to net iface start/stop loop Fudong Wang <Fudong.Wang(a)amd.com> drm/amd/display: clear optc underflow before turn off odm clock Jann Horn <jannh(a)google.com> mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse Yang Jihong <yangjihong1(a)huawei.com> ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead Letu Ren <fantasquex(a)gmail.com> fbdev: fb_pm2fb: Avoid potential divide by zero error Karthik Alapati <mail(a)karthek.com> HID: hidraw: fix memory leak in hidraw_release() Dongliang Mu <mudongliangabcd(a)gmail.com> media: pvrusb2: fix memory leak in pvr_probe Lee Jones <lee.jones(a)linaro.org> HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix build errors in some archs Jing Leng <jleng(a)ambarella.com> kbuild: Fix include path in scripts/Makefile.modpost Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add "unknown" reporting for MMIO Stale Data Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: do not trigger write fault when vma does not allow VM_WRITE Stanislav Fomichev <sdf(a)google.com> selftests/bpf: Fix test_align verifier log patterns Maxim Mikityanskiy <maximmi(a)nvidia.com> bpf: Fix the off-by-two error in range markings Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: map FDT as RW for early_init_dt_scan() Jann Horn <jannh(a)google.com> mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() Saurabh Sengar <ssengar(a)linux.microsoft.com> scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq Guoqing Jiang <guoqing.jiang(a)linux.dev> md: call __md_stop_writes in md_stop David Hildenbrand <david(a)redhat.com> mm/hugetlb: fix hugetlb not supporting softdirty tracking Brian Foster <bfoster(a)redhat.com> s390: fix double free of GS and RI CBs on fork() failure Quanyang Wang <quanyang.wang(a)windriver.com> asm-generic: sections: refactor memory_intersects Siddh Raman Pant <code(a)siddh.me> loop: Check for overflow while configuring loop Chen Zhongjin <chenzhongjin(a)huawei.com> x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry Goldwyn Rodrigues <rgoldwyn(a)suse.de> btrfs: check if root is readonly while setting security xattr Jacob Keller <jacob.e.keller(a)intel.com> ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around sysctl_somaxconn. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around netdev_budget_usecs. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around netdev_budget. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around sysctl_net_busy_read. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around sysctl_net_busy_poll. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around sysctl_tstamp_allow_data. Kuniyuki Iwashima <kuniyu(a)amazon.com> ratelimit: Fix data-races in ___ratelimit(). Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix data-races around netdev_tstamp_prequeue. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix data-races around weight_p and dev_weight_[rt]x_bias. Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_tunnel: restrict it to netdev family Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: do not truncate csum_offset and csum_type Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: report ERANGE for too long offset and length Florian Westphal <fw(a)strlen.de> netfilter: ebtables: reject blobs that don't provide all entry points Maciej Żenczykowski <maze(a)google.com> net: ipvtap - add __init/__exit annotations to module init/exit funcs Jonathan Toppins <jtoppins(a)redhat.com> bonding: 802.3ad: fix no transmission of LACPDUs Bernard Pidoux <f6bvp(a)free.fr> rose: check NULL rose_loopback_neigh->loopback Herbert Xu <herbert(a)gondor.apana.org.au> af_key: Do not call xfrm_probe_algs in parallel Xin Xiong <xiongx18(a)fudan.edu.cn> xfrm: fix refcount leak in __xfrm_policy_check() Hui Su <suhui_kernel(a)163.com> kernel/sched: Remove dl_boosted flag comment Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix priority inheritance with multiple scheduling classes Lucas Stach <l.stach(a)pengutronix.de> sched/deadline: Fix stale throttling on de-/boosted tasks Daniel Bristot de Oliveira <bristot(a)redhat.com> sched/deadline: Unthrottle PI boosted threads while enqueuing Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> pinctrl: amd: Don't save/restore interrupt status and wake status bits Randy Dunlap <rdunlap(a)infradead.org> kernel/sys_ni: add compat entry for fadvise64_64 Helge Deller <deller(a)gmx.de> parisc: Fix exception handler for fldw and fstw instructions Gaosheng Cui <cuigaosheng1(a)huawei.com> audit: fix potential double free on error path from fsnotify_add_inode_mark ------------- Diffstat: .../hw-vuln/processor_mmio_stale_data.rst | 14 +++ Makefile | 4 +- arch/arm64/include/asm/mmu.h | 2 +- arch/arm64/kernel/kaslr.c | 5 +- arch/arm64/kernel/setup.c | 9 +- arch/arm64/mm/mmu.c | 15 +-- arch/parisc/kernel/unaligned.c | 2 +- arch/s390/hypfs/hypfs_diag.c | 2 +- arch/s390/hypfs/inode.c | 2 +- arch/s390/kernel/process.c | 22 +++- arch/s390/mm/fault.c | 4 +- arch/x86/include/asm/cpufeatures.h | 3 +- arch/x86/kernel/cpu/bugs.c | 14 ++- arch/x86/kernel/cpu/common.c | 34 ++++-- arch/x86/kernel/unwind_orc.c | 15 ++- drivers/block/loop.c | 5 + drivers/gpu/drm/amd/display/dc/dcn10/dcn10_optc.c | 5 + drivers/hid/hid-steam.c | 10 ++ drivers/hid/hidraw.c | 3 + drivers/md/md.c | 1 + drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 1 + drivers/net/bonding/bond_3ad.c | 38 +++--- drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 59 ++++++++-- drivers/net/ipvlan/ipvtap.c | 4 +- drivers/pinctrl/pinctrl-amd.c | 11 +- drivers/scsi/storvsc_drv.c | 2 +- drivers/video/fbdev/pm2fb.c | 5 + fs/btrfs/xattr.c | 3 + include/asm-generic/sections.h | 7 +- include/linux/netfilter_bridge/ebtables.h | 4 - include/linux/rmap.h | 7 +- include/linux/sched.h | 14 ++- include/net/busy_poll.h | 2 +- kernel/audit_fsnotify.c | 1 + kernel/kprobes.c | 9 +- kernel/sched/core.c | 11 +- kernel/sched/deadline.c | 131 +++++++++++++-------- kernel/sys_ni.c | 1 + kernel/trace/ftrace.c | 10 ++ lib/ratelimit.c | 12 +- mm/mmap.c | 20 +++- mm/rmap.c | 31 ++--- net/bluetooth/l2cap_core.c | 10 +- net/bridge/netfilter/ebtable_broute.c | 8 -- net/bridge/netfilter/ebtable_filter.c | 8 -- net/bridge/netfilter/ebtable_nat.c | 8 -- net/bridge/netfilter/ebtables.c | 8 +- net/core/dev.c | 14 +-- net/core/neighbour.c | 27 ++++- net/core/skbuff.c | 2 +- net/core/sock.c | 2 +- net/core/sysctl_net_core.c | 15 ++- net/key/af_key.c | 3 + net/netfilter/Kconfig | 1 - net/netfilter/nft_osf.c | 18 ++- net/netfilter/nft_payload.c | 29 +++-- net/netfilter/nft_tunnel.c | 1 + net/rose/rose_loopback.c | 3 +- net/sched/sch_generic.c | 2 +- net/socket.c | 2 +- net/xfrm/xfrm_policy.c | 1 + scripts/Makefile.modpost | 3 +- tools/testing/selftests/bpf/test_align.c | 27 +++-- tools/testing/selftests/bpf/test_verifier.c | 32 ++--- 64 files changed, 493 insertions(+), 285 deletions(-)

1 year, 8 months

7
62
0 0

[PATCH 4.9 00/31] 4.9.327-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.327 release. There are 31 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 04 Sep 2022 12:13:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.327-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.327-rc1 Kuniyuki Iwashima <kuniyu(a)amazon.com> kprobes: don't call disarm_kprobe() for disabled kprobes Jann Horn <jannh(a)google.com> mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse Geert Uytterhoeven <geert(a)linux-m68k.org> netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y Juergen Gross <jgross(a)suse.com> s390/hypfs: avoid error message under KVM Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: map FDT as RW for early_init_dt_scan() Yang Jihong <yangjihong1(a)huawei.com> ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead Letu Ren <fantasquex(a)gmail.com> fbdev: fb_pm2fb: Avoid potential divide by zero error Karthik Alapati <mail(a)karthek.com> HID: hidraw: fix memory leak in hidraw_release() Dongliang Mu <mudongliangabcd(a)gmail.com> media: pvrusb2: fix memory leak in pvr_probe Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix build errors in some archs Jing Leng <jleng(a)ambarella.com> kbuild: Fix include path in scripts/Makefile.modpost Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add "unknown" reporting for MMIO Stale Data Gayatri Kammela <gayatri.kammela(a)intel.com> x86/cpu: Add Tiger Lake to Intel family Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: do not trigger write fault when vma does not allow VM_WRITE Jann Horn <jannh(a)google.com> mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() David Hildenbrand <david(a)redhat.com> mm/hugetlb: fix hugetlb not supporting softdirty tracking Quanyang Wang <quanyang.wang(a)windriver.com> asm-generic: sections: refactor memory_intersects Siddh Raman Pant <code(a)siddh.me> loop: Check for overflow while configuring loop Goldwyn Rodrigues <rgoldwyn(a)suse.de> btrfs: check if root is readonly while setting security xattr Jacob Keller <jacob.e.keller(a)intel.com> ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around sysctl_somaxconn. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around sysctl_net_busy_read. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around sysctl_net_busy_poll. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around sysctl_tstamp_allow_data. Kuniyuki Iwashima <kuniyu(a)amazon.com> ratelimit: Fix data-races in ___ratelimit(). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: report ERANGE for too long offset and length Jonathan Toppins <jtoppins(a)redhat.com> bonding: 802.3ad: fix no transmission of LACPDUs Bernard Pidoux <f6bvp(a)free.fr> rose: check NULL rose_loopback_neigh->loopback Herbert Xu <herbert(a)gondor.apana.org.au> af_key: Do not call xfrm_probe_algs in parallel Xin Xiong <xiongx18(a)fudan.edu.cn> xfrm: fix refcount leak in __xfrm_policy_check() Helge Deller <deller(a)gmx.de> parisc: Fix exception handler for fldw and fstw instructions ------------- Diffstat: .../hw-vuln/processor_mmio_stale_data.rst | 14 +++++ Makefile | 4 +- arch/arm64/include/asm/mmu.h | 2 +- arch/arm64/kernel/kaslr.c | 5 +- arch/arm64/kernel/setup.c | 9 +++- arch/arm64/mm/mmu.c | 15 +----- arch/parisc/kernel/unaligned.c | 2 +- arch/s390/hypfs/hypfs_diag.c | 2 +- arch/s390/hypfs/inode.c | 2 +- arch/s390/mm/fault.c | 4 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/intel-family.h | 3 ++ arch/x86/kernel/cpu/bugs.c | 14 ++++- arch/x86/kernel/cpu/common.c | 34 +++++++++---- drivers/block/loop.c | 5 ++ drivers/hid/hidraw.c | 3 ++ drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 1 + drivers/net/bonding/bond_3ad.c | 38 ++++++-------- drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 59 +++++++++++++++++----- drivers/video/fbdev/pm2fb.c | 5 ++ fs/btrfs/xattr.c | 3 ++ include/asm-generic/sections.h | 7 ++- include/linux/rmap.h | 7 ++- include/net/busy_poll.h | 2 +- kernel/kprobes.c | 10 ++-- kernel/trace/ftrace.c | 10 ++++ lib/ratelimit.c | 12 +++-- mm/mmap.c | 20 +++++++- mm/rmap.c | 31 +++++++----- net/bluetooth/l2cap_core.c | 10 ++-- net/core/skbuff.c | 2 +- net/core/sock.c | 2 +- net/key/af_key.c | 3 ++ net/netfilter/Kconfig | 1 - net/netfilter/nft_payload.c | 10 +++- net/rose/rose_loopback.c | 3 +- net/socket.c | 2 +- net/xfrm/xfrm_policy.c | 1 + scripts/Makefile.modpost | 3 +- 39 files changed, 245 insertions(+), 116 deletions(-)

1 year, 8 months

7
37
0 0

Request to cherry-pick 20401d1058f3f841f35a594ac2fc1293710e55b9 to v5.10 and v5.4

by Varsha Teratipally

Hi all, Commit 20401d1058f3f841f35a594ac2fc1293710e55b9("ipc: replace costly bailout check in sysvipc_find_ipc()" fixes a high cve and optimizes the costly loop by adding a checkpoint, which I think might be a good candidate for the stable branches Let me know what you think

1 year, 8 months

4
5
0 0

[PATCH -next] sched/cputime: Fix the bug of reading time backward from /proc/stat

by Li Hua

The problem that the statistical time goes backward, the value read first is 319, and the value read again is 318. As follows： first： cat /proc/stat | grep cpu1 cpu1 319 0 496 41665 0 0 0 0 0 0 then： cat /proc/stat | grep cpu1 cpu1 318 0 497 41674 0 0 0 0 0 0 Time goes back, which is counterintuitive. After debug this, The problem is caused by the implementation of kcpustat_cpu_fetch_vtime. As follows： CPU0 CPU1 First: show_stat(): ->kcpustat_cpu_fetch() ->kcpustat_cpu_fetch_vtime() ->cpustat[CPUTIME_USER] = kcpustat_cpu(cpu) + vtime->utime + delta; rq->curr is in user mod ---> When CPU1 rq->curr running on userspace, need add utime and delta ---> rq->curr->vtime->utime is less than 1 tick Then: show_stat(): ->kcpustat_cpu_fetch() ->kcpustat_cpu_fetch_vtime() ->cpustat[CPUTIME_USER] = kcpustat_cpu(cpu); rq->curr is in kernel mod ---> When CPU1 rq->curr running on kernel space, just got kcpustat Fixes: 74722bb223d0 ("sched/vtime: Bring up complete kcpustat accessor") Signed-off-by: Li Hua <hucool.lihua(a)huawei.com> --- kernel/sched/core.c | 1 + kernel/sched/cputime.c | 33 ++++++++++++++++++++++++++++++++- kernel/sched/sched.h | 6 ++++++ 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 189999007f32..c542b61cab54 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -9753,6 +9753,7 @@ void __init sched_init(void) rq->core_cookie = 0UL; #endif + cputime_cpu_init(i); } set_load_weight(&init_task, false); diff --git a/kernel/sched/cputime.c b/kernel/sched/cputime.c index 95fc77853743..ba3bcb40795e 100644 --- a/kernel/sched/cputime.c +++ b/kernel/sched/cputime.c @@ -1060,6 +1060,19 @@ static int kcpustat_cpu_fetch_vtime(struct kernel_cpustat *dst, return 0; } +/* + * Stores the time of the last acquisition, which is used to handle the case of + * time backwards. + */ +static DEFINE_PER_CPU(struct kernel_cpustat, cpustat_prev); +static DEFINE_PER_CPU(raw_spinlock_t, cpustat_prev_lock); + +void cputime_cpu_init(int cpu) +{ + raw_spin_lock_init(per_cpu_ptr(&cpustat_prev_lock, cpu)); +} + + void kcpustat_cpu_fetch(struct kernel_cpustat *dst, int cpu) { const struct kernel_cpustat *src = &kcpustat_cpu(cpu); @@ -1087,8 +1100,26 @@ void kcpustat_cpu_fetch(struct kernel_cpustat *dst, int cpu) err = kcpustat_cpu_fetch_vtime(dst, src, curr, cpu); rcu_read_unlock(); - if (!err) + if (!err) { + int i; + int map[5] = {CPUTIME_USER, CPUTIME_SYSTEM, CPUTIME_NICE, + CPUTIME_GUEST, CPUTIME_GUEST_NICE}; + struct kernel_cpustat *prev = &per_cpu(cpustat_prev, cpu); + raw_spinlock_t *cpustat_lock = &per_cpu(cpustat_prev_lock, cpu); + u64 *dst_stat = dst->cpustat; + u64 *prev_stat = prev->cpustat; + + raw_spin_lock(cpustat_lock); + for (i = 0; i < 5; i++) { + int idx = map[i]; + + if (dst_stat[idx] < prev_stat[idx]) + dst_stat[idx] = prev_stat[idx]; + } + *prev = *dst; + raw_spin_unlock(cpustat_lock); return; + } cpu_relax(); } diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index a6f071b2acac..cbe09795a394 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -3156,4 +3156,10 @@ extern int sched_dynamic_mode(const char *str); extern void sched_dynamic_update(int mode); #endif +#ifdef CONFIG_VIRT_CPU_ACCOUNTING_GEN +extern void cputime_cpu_init(int cpu); +#else +static inline void cputime_cpu_init(int cpu) {} +#endif + #endif /* _KERNEL_SCHED_SCHED_H */ -- 2.17.1

1 year, 8 months

4
5
0 0

+ mm-fix-dereferencing-possible-err_ptr.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix dereferencing possible ERR_PTR has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-dereferencing-possible-err_ptr.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Binyi Han <dantengknight(a)gmail.com> Subject: mm: fix dereferencing possible ERR_PTR Date: Sun, 4 Sep 2022 00:46:47 -0700 Smatch checker complains that 'secretmem_mnt' dereferencing possible ERR_PTR(). Let the function return if 'secretmem_mnt' is ERR_PTR, to avoid deferencing it. Link: https://lkml.kernel.org/r/20220904074647.GA64291@cloud-MacBookPro Fixes: 1507f51255c9f ("mm: introduce memfd_secret system call to create "secret" memory areas") Signed-off-by: Binyi Han <dantengknight(a)gmail.com> Reviewed-by: Andrew Morton <akpm(a)linux-foudation.org> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Ammar Faizi <ammarfaizi2(a)gnuweeb.org> Cc: Hagen Paul Pfeifer <hagen(a)jauu.net> Cc: James Bottomley <James.Bottomley(a)HansenPartnership.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/secretmem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/secretmem.c~mm-fix-dereferencing-possible-err_ptr +++ a/mm/secretmem.c @@ -285,7 +285,7 @@ static int secretmem_init(void) secretmem_mnt = kern_mount(&secretmem_fs); if (IS_ERR(secretmem_mnt)) - ret = PTR_ERR(secretmem_mnt); + return PTR_ERR(secretmem_mnt); /* prevent secretmem mappings from ever getting PROT_EXEC */ secretmem_mnt->mnt_flags |= MNT_NOEXEC; _ Patches currently in -mm which might be from dantengknight(a)gmail.com are mm-fix-dereferencing-possible-err_ptr.patch

1 year, 8 months

1
0
0 0

Potřebuji vaši odpověď, prosím, přijďte

by Julius Proctor

Dobrý den Jsem Julius Proctor, právní zástupce z advokátní kanceláře Proctor. Kontaktoval jsem vás ohledně pozdního majetku Dr. Edwin Fond o 8,5 milionu dolarů, abyste byli repatriováni na váš účet. Kromě toho v této transakci chci, abyste odpověděli důvěrně. Julius Proctor

1 year, 8 months

1
0
0 0

////////////////////////////Hello dear,

by Abraham Amesse

I am contacting you again further to my previous email which you never responded to. Please confirm to me if you are still using this email address. However, I apologize for any inconvenience.

1 year, 8 months

1
0
0 0

Re: [PATCH bpf v2] bpf: Add config for skipping BTF enum64s

by Jiri Olsa

On Sun, Aug 28, 2022 at 08:33:17PM -0300, Martin Rodriguez Reboredo wrote: > After the release of pahole 1.24 some people in the dwarves mailing list > notified issues related to building the kernel with the BTF_DEBUG_INFO > option toggled. They seem to be happenning due to the kernel and > resolve_btfids interpreting btf types erroneously. In the dwarves list > I've proposed a change to the scripts that I've written while testing > the Rust kernel, it simply passes the --skip_encoding_btf_enum64 to > pahole if it has version 1.24. > > v1 -> v2: > - Switch to off by default and remove the config option. > - Send it to stable instead. hi, we have change that needs to go to stable kernels but does not have the equivalent fix in Linus tree what would be the best way to submit it? the issue is that new 'pahole' will generate BTF data that are not supported by older kernels, so we need to add --skip_encoding_btf_enum64 option to stable kernel's scripts/pahole-flags.sh to generate proper BTF data we got complains that after upgrading to latest pahole the stable kernel compilation fails thanks, jirka > > Signed-off-by: Martin Rodriguez Reboredo <yakoyoku(a)gmail.com> > --- > scripts/pahole-flags.sh | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/scripts/pahole-flags.sh b/scripts/pahole-flags.sh > index 0d99ef17e4a5..0a48fd86bc68 100755 > --- a/scripts/pahole-flags.sh > +++ b/scripts/pahole-flags.sh > @@ -19,5 +19,8 @@ fi > if [ "${pahole_ver}" -ge "122" ]; then > extra_paholeopt="${extra_paholeopt} -j" > fi > +if [ "${pahole_ver}" -ge "124" ]; then > + extra_paholeopt="${extra_paholeopt} --skip_encoding_btf_enum64" > +fi > > echo ${extra_paholeopt} > -- > 2.37.2 >

1 year, 8 months

3
3
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2022