release_task, where the seccomp's filter refcounter is released, is not
called for the case when the fork/clone is terminated midway by a
signal. This leaves an extra reference that prevents filter from being
destroyed even after all processes using it exit leading to a BPF JIT
memory leak. Dereference the refcounter in the failure path of the
copy_process function.
Fixes: 3a15fb6ed92c ("seccomp: release filter after task is fully dead")
Cc: Christian Brauner <brauner(a)kernel.org>
Cc: stable(a)vger.kernel.org
Signed-off-by: Oleksandr Tymoshenko <ovt(a)google.com>
---
kernel/fork.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/kernel/fork.c b/kernel/fork.c
index 90c85b17bf69..20f7a3e91354 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1763,6 +1763,21 @@ static void copy_seccomp(struct task_struct *p)
#endif
}
+static void release_seccomp(struct task_struct *p)
+{
+#ifdef CONFIG_SECCOMP
+ /*
+ * Must be called with sighand->lock held, which is common to
+ * all threads in the group. Holding cred_guard_mutex is not
+ * needed because this new task is not yet running and cannot
+ * be racing exec.
+ */
+ assert_spin_locked(¤t->sighand->siglock);
+
+ seccomp_filter_release(p);
+#endif
+}
+
SYSCALL_DEFINE1(set_tid_address, int __user *, tidptr)
{
current->clear_child_tid = tidptr;
@@ -2495,6 +2510,7 @@ static __latent_entropy struct task_struct *copy_process(
return p;
bad_fork_cancel_cgroup:
+ release_seccomp(p);
sched_core_free(p);
spin_unlock(¤t->sighand->siglock);
write_unlock_irq(&tasklist_lock);
--
2.37.2.789.g6183377224-goog
This is the start of the stable review cycle for the 5.10.141 release.
There are 37 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sun, 04 Sep 2022 12:13:47 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.141-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.10.141-rc1
Yang Yingliang <yangyingliang(a)huawei.com>
net: neigh: don't call kfree_skb() under spin_lock_irqsave()
Zhengchao Shao <shaozhengchao(a)huawei.com>
net/af_packet: check len when min_header_len equals to 0
Eric Sandeen <sandeen(a)redhat.com>
xfs: revert "xfs: actually bump warning counts when we send warnings"
Brian Foster <bfoster(a)redhat.com>
xfs: fix soft lockup via spinning in filestream ag selection loop
Darrick J. Wong <djwong(a)kernel.org>
xfs: fix overfilling of reserve pool
Darrick J. Wong <djwong(a)kernel.org>
xfs: always succeed at setting the reserve pool size
Darrick J. Wong <djwong(a)kernel.org>
xfs: remove infinite loop when reserving free block pool
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: disable polling pollfree files
Kuniyuki Iwashima <kuniyu(a)amazon.com>
kprobes: don't call disarm_kprobe() for disabled kprobes
Christophe Leroy <christophe.leroy(a)csgroup.eu>
lib/vdso: Mark do_hres_timens() and do_coarse_timens() __always_inline()
Geert Uytterhoeven <geert(a)linux-m68k.org>
netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
Dusica Milinkovic <Dusica.Milinkovic(a)amd.com>
drm/amdgpu: Increase tlb flush timeout for sriov
Ilya Bakoulin <Ilya.Bakoulin(a)amd.com>
drm/amd/display: Fix pixel clock programming
Evan Quan <evan.quan(a)amd.com>
drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid
Juergen Gross <jgross(a)suse.com>
s390/hypfs: avoid error message under KVM
Denis V. Lunev <den(a)openvz.org>
neigh: fix possible DoS due to net iface start/stop loop
Fudong Wang <Fudong.Wang(a)amd.com>
drm/amd/display: clear optc underflow before turn off odm clock
Alvin Lee <alvin.lee2(a)amd.com>
drm/amd/display: For stereo keep "FLIP_ANY_FRAME"
Josip Pavic <Josip.Pavic(a)amd.com>
drm/amd/display: Avoid MPC infinite loop
Wenbin Mei <wenbin.mei(a)mediatek.com>
mmc: mtk-sd: Clear interrupts when cqe off/disable
Jann Horn <jannh(a)google.com>
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
Zhengchao Shao <shaozhengchao(a)huawei.com>
bpf: Don't redirect packets with invalid pkt_len
Yang Jihong <yangjihong1(a)huawei.com>
ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
Letu Ren <fantasquex(a)gmail.com>
fbdev: fb_pm2fb: Avoid potential divide by zero error
Hawkins Jiawei <yin31149(a)gmail.com>
net: fix refcount bug in sk_psock_get (2)
Karthik Alapati <mail(a)karthek.com>
HID: hidraw: fix memory leak in hidraw_release()
Dongliang Mu <mudongliangabcd(a)gmail.com>
media: pvrusb2: fix memory leak in pvr_probe
Vivek Kasireddy <vivek.kasireddy(a)intel.com>
udmabuf: Set the DMA mask for the udmabuf device (v2)
Lee Jones <lee.jones(a)linaro.org>
HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()"
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: L2CAP: Fix build errors in some archs
Jing Leng <jleng(a)ambarella.com>
kbuild: Fix include path in scripts/Makefile.modpost
Gerald Schaefer <gerald.schaefer(a)linux.ibm.com>
s390/mm: do not trigger write fault when vma does not allow VM_WRITE
Eric Biggers <ebiggers(a)google.com>
crypto: lib - remove unneeded selection of XOR_BLOCKS
Peter Zijlstra <peterz(a)infradead.org>
x86/nospec: Fix i386 RSB stuffing
Peter Zijlstra <peterz(a)infradead.org>
x86/nospec: Unwreck the RSB stuffing
Jann Horn <jannh(a)google.com>
mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
-------------
Diffstat:
Makefile | 4 +-
arch/s390/hypfs/hypfs_diag.c | 2 +-
arch/s390/hypfs/inode.c | 2 +-
arch/s390/mm/fault.c | 4 +-
arch/x86/include/asm/nospec-branch.h | 92 ++++++++++++----------
drivers/android/binder.c | 1 +
drivers/dma-buf/udmabuf.c | 18 ++++-
drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 +-
drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 3 +-
drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 3 +-
.../gpu/drm/amd/display/dc/dce/dce_clock_source.c | 2 +
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c | 6 ++
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_optc.c | 5 ++
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_mpc.c | 6 ++
drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hubp.c | 2 +-
.../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 1 +
drivers/hid/hid-steam.c | 10 +++
drivers/hid/hidraw.c | 3 +
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 1 +
drivers/mmc/host/mtk-sd.c | 6 ++
drivers/pci/pcie/portdrv_core.c | 9 ++-
drivers/video/fbdev/pm2fb.c | 5 ++
fs/io_uring.c | 5 ++
fs/signalfd.c | 1 +
fs/xfs/xfs_filestream.c | 7 +-
fs/xfs/xfs_fsops.c | 52 +++++-------
fs/xfs/xfs_mount.h | 8 ++
fs/xfs/xfs_trans_dquot.c | 1 -
include/linux/fs.h | 1 +
include/linux/rmap.h | 7 +-
include/linux/skbuff.h | 8 ++
include/linux/skmsg.h | 3 +-
include/net/sock.h | 68 +++++++++++-----
kernel/kprobes.c | 9 ++-
kernel/trace/ftrace.c | 10 +++
lib/crypto/Kconfig | 1 -
lib/vdso/gettimeofday.c | 16 ++--
mm/mmap.c | 12 +++
mm/rmap.c | 29 ++++---
net/bluetooth/l2cap_core.c | 10 +--
net/bpf/test_run.c | 3 +
net/core/dev.c | 1 +
net/core/neighbour.c | 27 +++++--
net/core/skmsg.c | 4 +-
net/netfilter/Kconfig | 1 -
net/packet/af_packet.c | 4 +-
scripts/Makefile.modpost | 3 +-
47 files changed, 325 insertions(+), 153 deletions(-)
This is the start of the stable review cycle for the 4.19.257 release.
There are 56 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sun, 04 Sep 2022 12:13:47 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.257-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.19.257-rc1
Yang Yingliang <yangyingliang(a)huawei.com>
net: neigh: don't call kfree_skb() under spin_lock_irqsave()
Kuniyuki Iwashima <kuniyu(a)amazon.com>
kprobes: don't call disarm_kprobe() for disabled kprobes
Geert Uytterhoeven <geert(a)linux-m68k.org>
netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
Juergen Gross <jgross(a)suse.com>
s390/hypfs: avoid error message under KVM
Denis V. Lunev <den(a)openvz.org>
neigh: fix possible DoS due to net iface start/stop loop
Fudong Wang <Fudong.Wang(a)amd.com>
drm/amd/display: clear optc underflow before turn off odm clock
Jann Horn <jannh(a)google.com>
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
Yang Jihong <yangjihong1(a)huawei.com>
ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
Letu Ren <fantasquex(a)gmail.com>
fbdev: fb_pm2fb: Avoid potential divide by zero error
Karthik Alapati <mail(a)karthek.com>
HID: hidraw: fix memory leak in hidraw_release()
Dongliang Mu <mudongliangabcd(a)gmail.com>
media: pvrusb2: fix memory leak in pvr_probe
Lee Jones <lee.jones(a)linaro.org>
HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: L2CAP: Fix build errors in some archs
Jing Leng <jleng(a)ambarella.com>
kbuild: Fix include path in scripts/Makefile.modpost
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/bugs: Add "unknown" reporting for MMIO Stale Data
Gerald Schaefer <gerald.schaefer(a)linux.ibm.com>
s390/mm: do not trigger write fault when vma does not allow VM_WRITE
Stanislav Fomichev <sdf(a)google.com>
selftests/bpf: Fix test_align verifier log patterns
Maxim Mikityanskiy <maximmi(a)nvidia.com>
bpf: Fix the off-by-two error in range markings
Hsin-Yi Wang <hsinyi(a)chromium.org>
arm64: map FDT as RW for early_init_dt_scan()
Jann Horn <jannh(a)google.com>
mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
Saurabh Sengar <ssengar(a)linux.microsoft.com>
scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
Guoqing Jiang <guoqing.jiang(a)linux.dev>
md: call __md_stop_writes in md_stop
David Hildenbrand <david(a)redhat.com>
mm/hugetlb: fix hugetlb not supporting softdirty tracking
Brian Foster <bfoster(a)redhat.com>
s390: fix double free of GS and RI CBs on fork() failure
Quanyang Wang <quanyang.wang(a)windriver.com>
asm-generic: sections: refactor memory_intersects
Siddh Raman Pant <code(a)siddh.me>
loop: Check for overflow while configuring loop
Chen Zhongjin <chenzhongjin(a)huawei.com>
x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry
Goldwyn Rodrigues <rgoldwyn(a)suse.de>
btrfs: check if root is readonly while setting security xattr
Jacob Keller <jacob.e.keller(a)intel.com>
ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix a data-race around sysctl_somaxconn.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix a data-race around netdev_budget_usecs.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix a data-race around netdev_budget.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix a data-race around sysctl_net_busy_read.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix a data-race around sysctl_net_busy_poll.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix a data-race around sysctl_tstamp_allow_data.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
ratelimit: Fix data-races in ___ratelimit().
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix data-races around netdev_tstamp_prequeue.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix data-races around weight_p and dev_weight_[rt]x_bias.
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nft_tunnel: restrict it to netdev family
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nft_payload: do not truncate csum_offset and csum_type
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nft_payload: report ERANGE for too long offset and length
Florian Westphal <fw(a)strlen.de>
netfilter: ebtables: reject blobs that don't provide all entry points
Maciej Żenczykowski <maze(a)google.com>
net: ipvtap - add __init/__exit annotations to module init/exit funcs
Jonathan Toppins <jtoppins(a)redhat.com>
bonding: 802.3ad: fix no transmission of LACPDUs
Bernard Pidoux <f6bvp(a)free.fr>
rose: check NULL rose_loopback_neigh->loopback
Herbert Xu <herbert(a)gondor.apana.org.au>
af_key: Do not call xfrm_probe_algs in parallel
Xin Xiong <xiongx18(a)fudan.edu.cn>
xfrm: fix refcount leak in __xfrm_policy_check()
Hui Su <suhui_kernel(a)163.com>
kernel/sched: Remove dl_boosted flag comment
Juri Lelli <juri.lelli(a)redhat.com>
sched/deadline: Fix priority inheritance with multiple scheduling classes
Lucas Stach <l.stach(a)pengutronix.de>
sched/deadline: Fix stale throttling on de-/boosted tasks
Daniel Bristot de Oliveira <bristot(a)redhat.com>
sched/deadline: Unthrottle PI boosted threads while enqueuing
Basavaraj Natikar <Basavaraj.Natikar(a)amd.com>
pinctrl: amd: Don't save/restore interrupt status and wake status bits
Randy Dunlap <rdunlap(a)infradead.org>
kernel/sys_ni: add compat entry for fadvise64_64
Helge Deller <deller(a)gmx.de>
parisc: Fix exception handler for fldw and fstw instructions
Gaosheng Cui <cuigaosheng1(a)huawei.com>
audit: fix potential double free on error path from fsnotify_add_inode_mark
-------------
Diffstat:
.../hw-vuln/processor_mmio_stale_data.rst | 14 +++
Makefile | 4 +-
arch/arm64/include/asm/mmu.h | 2 +-
arch/arm64/kernel/kaslr.c | 5 +-
arch/arm64/kernel/setup.c | 9 +-
arch/arm64/mm/mmu.c | 15 +--
arch/parisc/kernel/unaligned.c | 2 +-
arch/s390/hypfs/hypfs_diag.c | 2 +-
arch/s390/hypfs/inode.c | 2 +-
arch/s390/kernel/process.c | 22 +++-
arch/s390/mm/fault.c | 4 +-
arch/x86/include/asm/cpufeatures.h | 3 +-
arch/x86/kernel/cpu/bugs.c | 14 ++-
arch/x86/kernel/cpu/common.c | 34 ++++--
arch/x86/kernel/unwind_orc.c | 15 ++-
drivers/block/loop.c | 5 +
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_optc.c | 5 +
drivers/hid/hid-steam.c | 10 ++
drivers/hid/hidraw.c | 3 +
drivers/md/md.c | 1 +
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 1 +
drivers/net/bonding/bond_3ad.c | 38 +++---
drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 59 ++++++++--
drivers/net/ipvlan/ipvtap.c | 4 +-
drivers/pinctrl/pinctrl-amd.c | 11 +-
drivers/scsi/storvsc_drv.c | 2 +-
drivers/video/fbdev/pm2fb.c | 5 +
fs/btrfs/xattr.c | 3 +
include/asm-generic/sections.h | 7 +-
include/linux/netfilter_bridge/ebtables.h | 4 -
include/linux/rmap.h | 7 +-
include/linux/sched.h | 14 ++-
include/net/busy_poll.h | 2 +-
kernel/audit_fsnotify.c | 1 +
kernel/kprobes.c | 9 +-
kernel/sched/core.c | 11 +-
kernel/sched/deadline.c | 131 +++++++++++++--------
kernel/sys_ni.c | 1 +
kernel/trace/ftrace.c | 10 ++
lib/ratelimit.c | 12 +-
mm/mmap.c | 20 +++-
mm/rmap.c | 31 ++---
net/bluetooth/l2cap_core.c | 10 +-
net/bridge/netfilter/ebtable_broute.c | 8 --
net/bridge/netfilter/ebtable_filter.c | 8 --
net/bridge/netfilter/ebtable_nat.c | 8 --
net/bridge/netfilter/ebtables.c | 8 +-
net/core/dev.c | 14 +--
net/core/neighbour.c | 27 ++++-
net/core/skbuff.c | 2 +-
net/core/sock.c | 2 +-
net/core/sysctl_net_core.c | 15 ++-
net/key/af_key.c | 3 +
net/netfilter/Kconfig | 1 -
net/netfilter/nft_osf.c | 18 ++-
net/netfilter/nft_payload.c | 29 +++--
net/netfilter/nft_tunnel.c | 1 +
net/rose/rose_loopback.c | 3 +-
net/sched/sch_generic.c | 2 +-
net/socket.c | 2 +-
net/xfrm/xfrm_policy.c | 1 +
scripts/Makefile.modpost | 3 +-
tools/testing/selftests/bpf/test_align.c | 27 +++--
tools/testing/selftests/bpf/test_verifier.c | 32 ++---
64 files changed, 493 insertions(+), 285 deletions(-)
This is the start of the stable review cycle for the 4.9.327 release.
There are 31 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sun, 04 Sep 2022 12:13:47 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.327-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.9.327-rc1
Kuniyuki Iwashima <kuniyu(a)amazon.com>
kprobes: don't call disarm_kprobe() for disabled kprobes
Jann Horn <jannh(a)google.com>
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
Geert Uytterhoeven <geert(a)linux-m68k.org>
netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
Juergen Gross <jgross(a)suse.com>
s390/hypfs: avoid error message under KVM
Hsin-Yi Wang <hsinyi(a)chromium.org>
arm64: map FDT as RW for early_init_dt_scan()
Yang Jihong <yangjihong1(a)huawei.com>
ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
Letu Ren <fantasquex(a)gmail.com>
fbdev: fb_pm2fb: Avoid potential divide by zero error
Karthik Alapati <mail(a)karthek.com>
HID: hidraw: fix memory leak in hidraw_release()
Dongliang Mu <mudongliangabcd(a)gmail.com>
media: pvrusb2: fix memory leak in pvr_probe
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: L2CAP: Fix build errors in some archs
Jing Leng <jleng(a)ambarella.com>
kbuild: Fix include path in scripts/Makefile.modpost
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/bugs: Add "unknown" reporting for MMIO Stale Data
Gayatri Kammela <gayatri.kammela(a)intel.com>
x86/cpu: Add Tiger Lake to Intel family
Gerald Schaefer <gerald.schaefer(a)linux.ibm.com>
s390/mm: do not trigger write fault when vma does not allow VM_WRITE
Jann Horn <jannh(a)google.com>
mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
David Hildenbrand <david(a)redhat.com>
mm/hugetlb: fix hugetlb not supporting softdirty tracking
Quanyang Wang <quanyang.wang(a)windriver.com>
asm-generic: sections: refactor memory_intersects
Siddh Raman Pant <code(a)siddh.me>
loop: Check for overflow while configuring loop
Goldwyn Rodrigues <rgoldwyn(a)suse.de>
btrfs: check if root is readonly while setting security xattr
Jacob Keller <jacob.e.keller(a)intel.com>
ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix a data-race around sysctl_somaxconn.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix a data-race around sysctl_net_busy_read.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix a data-race around sysctl_net_busy_poll.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix a data-race around sysctl_tstamp_allow_data.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
ratelimit: Fix data-races in ___ratelimit().
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nft_payload: report ERANGE for too long offset and length
Jonathan Toppins <jtoppins(a)redhat.com>
bonding: 802.3ad: fix no transmission of LACPDUs
Bernard Pidoux <f6bvp(a)free.fr>
rose: check NULL rose_loopback_neigh->loopback
Herbert Xu <herbert(a)gondor.apana.org.au>
af_key: Do not call xfrm_probe_algs in parallel
Xin Xiong <xiongx18(a)fudan.edu.cn>
xfrm: fix refcount leak in __xfrm_policy_check()
Helge Deller <deller(a)gmx.de>
parisc: Fix exception handler for fldw and fstw instructions
-------------
Diffstat:
.../hw-vuln/processor_mmio_stale_data.rst | 14 +++++
Makefile | 4 +-
arch/arm64/include/asm/mmu.h | 2 +-
arch/arm64/kernel/kaslr.c | 5 +-
arch/arm64/kernel/setup.c | 9 +++-
arch/arm64/mm/mmu.c | 15 +-----
arch/parisc/kernel/unaligned.c | 2 +-
arch/s390/hypfs/hypfs_diag.c | 2 +-
arch/s390/hypfs/inode.c | 2 +-
arch/s390/mm/fault.c | 4 +-
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/intel-family.h | 3 ++
arch/x86/kernel/cpu/bugs.c | 14 ++++-
arch/x86/kernel/cpu/common.c | 34 +++++++++----
drivers/block/loop.c | 5 ++
drivers/hid/hidraw.c | 3 ++
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 1 +
drivers/net/bonding/bond_3ad.c | 38 ++++++--------
drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 59 +++++++++++++++++-----
drivers/video/fbdev/pm2fb.c | 5 ++
fs/btrfs/xattr.c | 3 ++
include/asm-generic/sections.h | 7 ++-
include/linux/rmap.h | 7 ++-
include/net/busy_poll.h | 2 +-
kernel/kprobes.c | 10 ++--
kernel/trace/ftrace.c | 10 ++++
lib/ratelimit.c | 12 +++--
mm/mmap.c | 20 +++++++-
mm/rmap.c | 31 +++++++-----
net/bluetooth/l2cap_core.c | 10 ++--
net/core/skbuff.c | 2 +-
net/core/sock.c | 2 +-
net/key/af_key.c | 3 ++
net/netfilter/Kconfig | 1 -
net/netfilter/nft_payload.c | 10 +++-
net/rose/rose_loopback.c | 3 +-
net/socket.c | 2 +-
net/xfrm/xfrm_policy.c | 1 +
scripts/Makefile.modpost | 3 +-
39 files changed, 245 insertions(+), 116 deletions(-)
Hi all,
Commit 20401d1058f3f841f35a594ac2fc1293710e55b9("ipc: replace costly
bailout check in sysvipc_find_ipc()" fixes a high cve and optimizes the
costly loop by adding a checkpoint, which I think might be a good
candidate for the stable branches
Let me know what you think
The patch titled
Subject: mm: fix dereferencing possible ERR_PTR
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
mm-fix-dereferencing-possible-err_ptr.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Binyi Han <dantengknight(a)gmail.com>
Subject: mm: fix dereferencing possible ERR_PTR
Date: Sun, 4 Sep 2022 00:46:47 -0700
Smatch checker complains that 'secretmem_mnt' dereferencing possible
ERR_PTR(). Let the function return if 'secretmem_mnt' is ERR_PTR, to
avoid deferencing it.
Link: https://lkml.kernel.org/r/20220904074647.GA64291@cloud-MacBookPro
Fixes: 1507f51255c9f ("mm: introduce memfd_secret system call to create "secret" memory areas")
Signed-off-by: Binyi Han <dantengknight(a)gmail.com>
Reviewed-by: Andrew Morton <akpm(a)linux-foudation.org>
Cc: Mike Rapoport <rppt(a)kernel.org>
Cc: Ammar Faizi <ammarfaizi2(a)gnuweeb.org>
Cc: Hagen Paul Pfeifer <hagen(a)jauu.net>
Cc: James Bottomley <James.Bottomley(a)HansenPartnership.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/secretmem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/secretmem.c~mm-fix-dereferencing-possible-err_ptr
+++ a/mm/secretmem.c
@@ -285,7 +285,7 @@ static int secretmem_init(void)
secretmem_mnt = kern_mount(&secretmem_fs);
if (IS_ERR(secretmem_mnt))
- ret = PTR_ERR(secretmem_mnt);
+ return PTR_ERR(secretmem_mnt);
/* prevent secretmem mappings from ever getting PROT_EXEC */
secretmem_mnt->mnt_flags |= MNT_NOEXEC;
_
Patches currently in -mm which might be from dantengknight(a)gmail.com are
mm-fix-dereferencing-possible-err_ptr.patch
Dobrý den
Jsem Julius Proctor, právní zástupce z advokátní kanceláře Proctor.
Kontaktoval jsem vás ohledně pozdního majetku Dr. Edwin Fond o 8,5
milionu dolarů, abyste byli repatriováni na váš účet. Kromě toho v
této transakci chci, abyste odpověděli důvěrně.
Julius Proctor
I am contacting you again further to my previous email which you never
responded to. Please confirm to me if you are still using this email
address. However, I apologize for any inconvenience.
On Sun, Aug 28, 2022 at 08:33:17PM -0300, Martin Rodriguez Reboredo wrote:
> After the release of pahole 1.24 some people in the dwarves mailing list
> notified issues related to building the kernel with the BTF_DEBUG_INFO
> option toggled. They seem to be happenning due to the kernel and
> resolve_btfids interpreting btf types erroneously. In the dwarves list
> I've proposed a change to the scripts that I've written while testing
> the Rust kernel, it simply passes the --skip_encoding_btf_enum64 to
> pahole if it has version 1.24.
>
> v1 -> v2:
> - Switch to off by default and remove the config option.
> - Send it to stable instead.
hi,
we have change that needs to go to stable kernels but does not have the
equivalent fix in Linus tree
what would be the best way to submit it?
the issue is that new 'pahole' will generate BTF data that are not supported
by older kernels, so we need to add --skip_encoding_btf_enum64 option to
stable kernel's scripts/pahole-flags.sh to generate proper BTF data
we got complains that after upgrading to latest pahole the stable kernel
compilation fails
thanks,
jirka
>
> Signed-off-by: Martin Rodriguez Reboredo <yakoyoku(a)gmail.com>
> ---
> scripts/pahole-flags.sh | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/scripts/pahole-flags.sh b/scripts/pahole-flags.sh
> index 0d99ef17e4a5..0a48fd86bc68 100755
> --- a/scripts/pahole-flags.sh
> +++ b/scripts/pahole-flags.sh
> @@ -19,5 +19,8 @@ fi
> if [ "${pahole_ver}" -ge "122" ]; then
> extra_paholeopt="${extra_paholeopt} -j"
> fi
> +if [ "${pahole_ver}" -ge "124" ]; then
> + extra_paholeopt="${extra_paholeopt} --skip_encoding_btf_enum64"
> +fi
>
> echo ${extra_paholeopt}
> --
> 2.37.2
>