September 2022 - Linux-stable-mirror

[PATCH] mtd: rawnand: atmel: Unmap streaming DMA mappings

by Tudor Ambarus

Every dma_map_single() call should have its dma_unmap_single() counterpart, because the DMA address space is a shared resource and one could render the machine unusable by consuming all DMA addresses. Cc: stable(a)vger.kernel.org Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver") Signed-off-by: Tudor Ambarus <tudor.ambarus(a)microchip.com> --- drivers/mtd/nand/raw/atmel/nand-controller.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/nand/raw/atmel/nand-controller.c b/drivers/mtd/nand/raw/atmel/nand-controller.c index 6ef14442c71a..330d2dafdd2d 100644 --- a/drivers/mtd/nand/raw/atmel/nand-controller.c +++ b/drivers/mtd/nand/raw/atmel/nand-controller.c @@ -405,6 +405,7 @@ static int atmel_nand_dma_transfer(struct atmel_nand_controller *nc, dma_async_issue_pending(nc->dmac); wait_for_completion(&finished); + dma_unmap_single(nc->dev, buf_dma, len, dir); return 0; -- 2.25.1

2 years, 1 month

7
9
0 0

[PATCH] gpio: mockup: fix NULL pointer dereference when removing debugfs

by Bartosz Golaszewski

We now remove the device's debugfs entries when unbinding the driver. This now causes a NULL-pointer dereference on module exit because the platform devices are unregistered *after* the global debugfs directory has been recursively removed. Fix it by unregistering the devices first. Fixes: 303e6da99429 ("gpio: mockup: remove gpio debugfs when remove device") Cc: Wei Yongjun <weiyongjun1(a)huawei.com> Cc: stable(a)vger.kernel.org Signed-off-by: Bartosz Golaszewski <brgl(a)bgdev.pl> --- drivers/gpio/gpio-mockup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-mockup.c b/drivers/gpio/gpio-mockup.c index a2e505a7545c..ab89cd8ddbd8 100644 --- a/drivers/gpio/gpio-mockup.c +++ b/drivers/gpio/gpio-mockup.c @@ -597,9 +597,9 @@ static int __init gpio_mockup_init(void) static void __exit gpio_mockup_exit(void) { + gpio_mockup_unregister_pdevs(); debugfs_remove_recursive(gpio_mockup_dbg_dir); platform_driver_unregister(&gpio_mockup_driver); - gpio_mockup_unregister_pdevs(); } module_init(gpio_mockup_init); -- 2.34.1

2 years, 1 month

1
0
0 0

[PATCH 5.10 00/24] 5.10.144-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.144 release. There are 24 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 18 Sep 2022 10:04:31 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.144-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.144-rc1 Jarrah Gosbell <kernel(a)undef.tools> Input: goodix - add compatible string for GT1158 Mathew McBride <matt(a)traverse.com.au> soc: fsl: select FSL_GUTS driver for DPIO Peter Zijlstra <peterz(a)infradead.org> x86/ftrace: Use alternative RET encoding Peter Zijlstra <peterz(a)infradead.org> x86/ibt,ftrace: Make function-graph play nice Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> Revert "x86/ftrace: Use alternative RET encoding" Jann Horn <jannh(a)google.com> mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() Hu Xiaoying <huxiaoying(a)kylinos.cn> usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes Yu Zhe <yuzhe(a)nfschina.com> perf/arm_pmu_platform: fix tests for platform_get_irq() failure Chengming Gui <Jack.Gui(a)amd.com> drm/amd/amdgpu: skip ucode loading if ucode_size == 0 Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() Greg Tulli <greg.iforce(a)gmail.com> Input: iforce - add support for Boeder Force Feedback Wheel Li Qiong <liqiong(a)nfschina.com> ieee802154: cc2520: add rc code in cc2520_tx() Wei Yongjun <weiyongjun1(a)huawei.com> gpio: mockup: remove gpio debugfs when remove device Kai-Heng Feng <kai.heng.feng(a)canonical.com> tg3: Disable tg3 device on system reboot to avoid triggering AER Even Xu <even.xu(a)intel.com> hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message Jason Wang <wangborong(a)cdjrlc.com> HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> hwmon: (pmbus) Use dev_err_probe() to filter -EPROBE_DEFER error messages Rob Clark <robdclark(a)chromium.org> drm/msm/rd: Fix FIFO-full deadlock Ondrej Jirman <megi(a)xff.cz> Input: goodix - add support for GT1158 Brian Norris <briannorris(a)chromium.org> tracefs: Only clobber mode/uid/gid on remount if asked Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Correctly calculate sagaw value of IOMMU Marco Felsch <m.felsch(a)pengutronix.de> ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: imx: align SPI NOR node name with dtschema ------------- Diffstat: Documentation/input/joydev/joystick.rst | 1 + Makefile | 4 +- arch/arm/boot/dts/imx28-evk.dts | 2 +- arch/arm/boot/dts/imx28-m28evk.dts | 2 +- arch/arm/boot/dts/imx28-sps1.dts | 2 +- arch/arm/boot/dts/imx6dl-rex-basic.dts | 2 +- arch/arm/boot/dts/imx6q-ba16.dtsi | 2 +- arch/arm/boot/dts/imx6q-bx50v3.dtsi | 2 +- arch/arm/boot/dts/imx6q-cm-fx6.dts | 2 +- arch/arm/boot/dts/imx6q-dmo-edmqmx6.dts | 2 +- arch/arm/boot/dts/imx6q-dms-ba16.dts | 2 +- arch/arm/boot/dts/imx6q-gw5400-a.dts | 2 +- arch/arm/boot/dts/imx6q-marsboard.dts | 2 +- arch/arm/boot/dts/imx6q-rex-pro.dts | 2 +- arch/arm/boot/dts/imx6qdl-aristainetos.dtsi | 2 +- arch/arm/boot/dts/imx6qdl-aristainetos2.dtsi | 2 +- arch/arm/boot/dts/imx6qdl-dfi-fs700-m60.dtsi | 2 +- arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi | 4 +- arch/arm/boot/dts/imx6qdl-nit6xlite.dtsi | 2 +- arch/arm/boot/dts/imx6qdl-nitrogen6_max.dtsi | 2 +- arch/arm/boot/dts/imx6qdl-nitrogen6_som2.dtsi | 2 +- arch/arm/boot/dts/imx6qdl-nitrogen6x.dtsi | 2 +- arch/arm/boot/dts/imx6qdl-sabreauto.dtsi | 2 +- arch/arm/boot/dts/imx6qdl-sabrelite.dtsi | 2 +- arch/arm/boot/dts/imx6qdl-sabresd.dtsi | 2 +- arch/arm/boot/dts/imx6sl-evk.dts | 2 +- arch/arm/boot/dts/imx6sx-nitrogen6sx.dts | 2 +- arch/arm/boot/dts/imx6sx-sdb-reva.dts | 4 +- arch/arm/boot/dts/imx6sx-sdb.dts | 4 +- arch/arm/boot/dts/imx6ul-14x14-evk.dtsi | 2 +- arch/arm/boot/dts/imx6ul-kontron-n6310-som.dtsi | 2 +- arch/arm/boot/dts/imx6ul-kontron-n6311-som.dtsi | 2 +- .../boot/dts/imx6ul-kontron-n6x1x-som-common.dtsi | 2 +- arch/arm/boot/dts/imx6ull-kontron-n6411-som.dtsi | 2 +- arch/x86/kernel/ftrace.c | 7 +-- arch/x86/kernel/ftrace_64.S | 19 ++++-- drivers/gpio/gpio-mockup.c | 9 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 +- drivers/gpu/drm/msm/msm_rd.c | 3 + drivers/hid/intel-ish-hid/ishtp-hid.h | 2 +- drivers/hid/intel-ish-hid/ishtp/client.c | 68 +++++++++++++--------- drivers/hwmon/pmbus/pmbus_core.c | 9 ++- drivers/input/joystick/iforce/iforce-main.c | 1 + drivers/input/touchscreen/goodix.c | 2 + drivers/iommu/intel/iommu.c | 28 ++++++++- drivers/net/ethernet/broadcom/tg3.c | 8 ++- drivers/net/ieee802154/cc2520.c | 1 + drivers/nvme/target/tcp.c | 3 + drivers/perf/arm_pmu_platform.c | 2 +- drivers/platform/x86/acer-wmi.c | 9 ++- drivers/soc/fsl/Kconfig | 1 + drivers/usb/storage/unusual_uas.h | 7 +++ fs/tracefs/inode.c | 31 +++++++--- mm/mmap.c | 9 ++- 54 files changed, 196 insertions(+), 100 deletions(-)

2 years, 1 month

8
33
0 0

[PATCH] Revert "ath: add support for special 0x0 regulatory domain"

by Brian Norris

This reverts commit 2dc016599cfa9672a147528ca26d70c3654a5423. Users are reporting regressions in regulatory domain detection and channel availability. The problem this was trying to resolve was fixed in firmware anyway: QCA6174 hw3.0: sdio-4.4.1: add firmware.bin_WLAN.RMH.4.4.1-00042 https://github.com/kvalo/ath10k-firmware/commit/4d382787f0efa77dba40394e0bc… Link: https://bbs.archlinux.org/viewtopic.php?id=254535 Link: http://lists.infradead.org/pipermail/ath10k/2020-April/014871.html Link: http://lists.infradead.org/pipermail/ath10k/2020-May/015152.html Fixes: 2dc016599cfa ("ath: add support for special 0x0 regulatory domain") Cc: <stable(a)vger.kernel.org> Cc: Wen Gong <wgong(a)codeaurora.org> Signed-off-by: Brian Norris <briannorris(a)chromium.org> --- drivers/net/wireless/ath/regd.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/ath/regd.c b/drivers/net/wireless/ath/regd.c index bee9110b91f3..20f4f8ea9f89 100644 --- a/drivers/net/wireless/ath/regd.c +++ b/drivers/net/wireless/ath/regd.c @@ -666,14 +666,14 @@ ath_regd_init_wiphy(struct ath_regulatory *reg, /* * Some users have reported their EEPROM programmed with - * 0x8000 or 0x0 set, this is not a supported regulatory - * domain but since we have more than one user with it we - * need a solution for them. We default to 0x64, which is - * the default Atheros world regulatory domain. + * 0x8000 set, this is not a supported regulatory domain + * but since we have more than one user with it we need + * a solution for them. We default to 0x64, which is the + * default Atheros world regulatory domain. */ static void ath_regd_sanitize(struct ath_regulatory *reg) { - if (reg->current_rd != COUNTRY_ERD_FLAG && reg->current_rd != 0) + if (reg->current_rd != COUNTRY_ERD_FLAG) return; printk(KERN_DEBUG "ath: EEPROM regdomain sanitized\n"); reg->current_rd = 0x64; -- 2.27.0.rc0.183.gde8f92d652-goog

2 years, 1 month

8
10
0 0

[PATCH net] net: mana: Add rmb after checking owner bits

by Haiyang Zhang

Per GDMA spec, rmb is necessary after checking owner_bits, before reading EQ or CQ entries. Add rmb in these two places to comply with the specs. Cc: stable(a)vger.kernel.org Fixes: ca9c54d2d6a5 ("net: mana: Add a driver for Microsoft Azure Network Adapter (MANA)") Reported-by: Sinan Kaya <Sinan.Kaya(a)microsoft.com> Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> --- drivers/net/ethernet/microsoft/mana/gdma_main.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/net/ethernet/microsoft/mana/gdma_main.c b/drivers/net/ethernet/microsoft/mana/gdma_main.c index 5f9240182351..e10b9f8f89e1 100644 --- a/drivers/net/ethernet/microsoft/mana/gdma_main.c +++ b/drivers/net/ethernet/microsoft/mana/gdma_main.c @@ -397,6 +397,11 @@ static void mana_gd_process_eq_events(void *arg) break; } + /* Per GDMA spec, rmb is necessary after checking owner_bits, before + * reading eqe. + */ + rmb(); + mana_gd_process_eqe(eq); eq->head++; @@ -1134,6 +1139,11 @@ static int mana_gd_read_cqe(struct gdma_queue *cq, struct gdma_comp *comp) if (WARN_ON_ONCE(owner_bits != new_bits)) return -1; + /* Per GDMA spec, rmb is necessary after checking owner_bits, before + * reading completion info + */ + rmb(); + comp->wq_num = cqe->cqe_info.wq_num; comp->is_sq = cqe->cqe_info.is_sq; memcpy(comp->cqe_data, cqe->cqe_data, GDMA_COMP_DATA_SIZE); -- 2.25.1

2 years, 1 month

3
2
0 0

[PATCH] usb: mon: make mmapped memory read only

by Tadeusz Struk

Syzbot found an issue in usbmon where it can corrupt monitor internal memory causing the usbmon to crash with segfault, UAF, etc. The reproducer mmaps the /dev/usbmon memory to userspace and overwrites it with arbitrary data, which causes the issues. To prevent that explicitly clear the VM_WRITE flag in mon_bin_mmap(). Cc: linux-usb(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org Fixes: 6f23ee1fefdc ("USB: add binary API to usbmon") Link: https://syzkaller.appspot.com/bug?id=2eb1f35d6525fa4a74d75b4244971e5b1411c9… Signed-off-by: Tadeusz Struk <tadeusz.struk(a)linaro.org> --- drivers/usb/mon/mon_bin.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/mon/mon_bin.c b/drivers/usb/mon/mon_bin.c index f48a23adbc35..f452fc03093c 100644 --- a/drivers/usb/mon/mon_bin.c +++ b/drivers/usb/mon/mon_bin.c @@ -1268,6 +1268,7 @@ static int mon_bin_mmap(struct file *filp, struct vm_area_struct *vma) { /* don't do anything here: "fault" will set up page table entries */ vma->vm_ops = &mon_bin_vm_ops; + vma->vm_flags &= ~VM_WRITE; vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP; vma->vm_private_data = filp->private_data; mon_bin_vma_open(vma); -- 2.37.3

2 years, 1 month

2
5
0 0

[PATCH 1/3] io_uring/rw: fix short rw error handling

by Avadhut Naik

From: Pavel Begunkov <asml.silence(a)gmail.com> We have a couple of problems, first reports of unexpected link breakage for reads when cqe->res indicates that the IO was done in full. The reason here is partial IO with retries. TL;DR; we compare the result in __io_complete_rw_common() against req->cqe.res, but req->cqe.res doesn't store the full length but rather the length left to be done. So, when we pass the full corrected result via kiocb_done() -> __io_complete_rw_common(), it fails. The second problem is that we don't try to correct res in io_complete_rw(), which, for instance, might be a problem for O_DIRECT but when a prefix of data was cached in the page cache. We also definitely don't want to pass a corrected result into io_rw_done(). The fix here is to leave __io_complete_rw_common() alone, always pass not corrected result into it and fix it up as the last step just before actually finishing the I/O. Cc: stable(a)vger.kernel.org Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://github.com/axboe/liburing/issues/643 Reported-by: Beld Zhang <beldzhang(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/rw.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/io_uring/rw.c b/io_uring/rw.c index 1babd77da79c..1e18a44adcf5 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c @@ -206,6 +206,20 @@ static bool __io_complete_rw_common(struct io_kiocb *req, long res) return false; } +static inline unsigned io_fixup_rw_res(struct io_kiocb *req, unsigned res) +{ + struct io_async_rw *io = req->async_data; + + /* add previously done IO, if any */ + if (req_has_async_data(req) && io->bytes_done > 0) { + if (res < 0) + res = io->bytes_done; + else + res += io->bytes_done; + } + return res; +} + static void io_complete_rw(struct kiocb *kiocb, long res) { struct io_rw *rw = container_of(kiocb, struct io_rw, kiocb); @@ -213,7 +227,7 @@ static void io_complete_rw(struct kiocb *kiocb, long res) if (__io_complete_rw_common(req, res)) return; - io_req_set_res(req, res, 0); + io_req_set_res(req, io_fixup_rw_res(req, res), 0); req->io_task_work.func = io_req_task_complete; io_req_task_work_add(req); } @@ -240,22 +254,14 @@ static void io_complete_rw_iopoll(struct kiocb *kiocb, long res) static int kiocb_done(struct io_kiocb *req, ssize_t ret, unsigned int issue_flags) { - struct io_async_rw *io = req->async_data; struct io_rw *rw = io_kiocb_to_cmd(req, struct io_rw); - - /* add previously done IO, if any */ - if (req_has_async_data(req) && io->bytes_done > 0) { - if (ret < 0) - ret = io->bytes_done; - else - ret += io->bytes_done; - } + unsigned final_ret = io_fixup_rw_res(req, ret); if (req->flags & REQ_F_CUR_POS) req->file->f_pos = rw->kiocb.ki_pos; if (ret >= 0 && (rw->kiocb.ki_complete == io_complete_rw)) { if (!__io_complete_rw_common(req, ret)) { - io_req_set_res(req, req->cqe.res, + io_req_set_res(req, final_ret, io_put_kbuf(req, issue_flags)); return IOU_OK; } @@ -268,7 +274,7 @@ static int kiocb_done(struct io_kiocb *req, ssize_t ret, if (io_resubmit_prep(req)) io_req_task_queue_reissue(req); else - io_req_task_queue_fail(req, ret); + io_req_task_queue_fail(req, final_ret); } return IOU_ISSUE_SKIP_COMPLETE; } -- 2.34.1

2 years, 1 month

2
2
0 0

[PATCH 5.15 1/1] video: fbdev: i740fb: Error out if 'pixclock' equals zero

by Stefan Ghinea

From: Zheyu Ma <zheyuma97(a)gmail.com> commit 15cf0b82271b1823fb02ab8c377badba614d95d5 upstream The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of 'pixclock', it may cause divide error. Fix this by checking whether 'pixclock' is zero in the function i740fb_check_var(). The following log reveals it: divide error: 0000 [#1] PREEMPT SMP KASAN PTI RIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:444 [inline] RIP: 0010:i740fb_set_par+0x272f/0x3bb0 drivers/video/fbdev/i740fb.c:739 Call Trace: fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1036 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1112 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1191 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] Signed-off-by: Zheyu Ma <zheyuma97(a)gmail.com> Signed-off-by: Helge Deller <deller(a)gmx.de> Signed-off-by: Stefan Ghinea <stefan.ghinea(a)windriver.com> --- drivers/video/fbdev/i740fb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/video/fbdev/i740fb.c b/drivers/video/fbdev/i740fb.c index ad5ced4ef972..8fb4e01e1943 100644 --- a/drivers/video/fbdev/i740fb.c +++ b/drivers/video/fbdev/i740fb.c @@ -662,6 +662,9 @@ static int i740fb_decode_var(const struct fb_var_screeninfo *var, static int i740fb_check_var(struct fb_var_screeninfo *var, struct fb_info *info) { + if (!var->pixclock) + return -EINVAL; + switch (var->bits_per_pixel) { case 8: var->red.offset = var->green.offset = var->blue.offset = 0; -- 2.37.3

2 years, 1 month

1
0
0 0

+ x86-uaccess-avoid-check_object_size-in-copy_from_user_nmi.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: x86/uaccess: avoid check_object_size() in copy_from_user_nmi() has been added to the -mm mm-hotfixes-unstable branch. Its filename is x86-uaccess-avoid-check_object_size-in-copy_from_user_nmi.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kees Cook <keescook(a)chromium.org> Subject: x86/uaccess: avoid check_object_size() in copy_from_user_nmi() Date: Mon, 19 Sep 2022 13:16:48 -0700 The check_object_size() helper under CONFIG_HARDENED_USERCOPY is designed to skip any checks where the length is known at compile time as a reasonable heuristic to avoid "likely known-good" cases. However, it can only do this when the copy_*_user() helpers are, themselves, inline too. Using find_vmap_area() requires taking a spinlock. The check_object_size() helper can call find_vmap_area() when the destination is in vmap memory. If show_regs() is called in interrupt context, it will attempt a call to copy_from_user_nmi(), which may call check_object_size() and then find_vmap_area(). If something in normal context happens to be in the middle of calling find_vmap_area() (with the spinlock held), the interrupt handler will hang forever. The copy_from_user_nmi() call is actually being called with a fixed-size length, so check_object_size() should never have been called in the first place. Given the narrow constraints, just replace the __copy_from_user_inatomic() call with an open-coded version that calls only into the sanitizers and not check_object_size(), followed by a call to raw_copy_from_user(). Link: https://lkml.kernel.org/r/20220919201648.2250764-1-keescook@chromium.org Link: https://lore.kernel.org/all/CAOUHufaPshtKrTWOz7T7QFYUNVGFm0JBjvM700Nhf9qEL9… Fixes: 0aef499f3172 ("mm/usercopy: Detect vmalloc overruns") Signed-off-by: Kees Cook <keescook(a)chromium.org> Reported-by: Yu Zhao <yuzhao(a)google.com> Reported-by: <dev(a)der-flo.net> Suggested-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/arch/x86/lib/usercopy.c~x86-uaccess-avoid-check_object_size-in-copy_from_user_nmi +++ a/arch/x86/lib/usercopy.c @@ -44,7 +44,8 @@ copy_from_user_nmi(void *to, const void * called from other contexts. */ pagefault_disable(); - ret = __copy_from_user_inatomic(to, from, n); + instrument_copy_from_user(to, from, n); + ret = raw_copy_from_user(to, from, n); pagefault_enable(); return ret; _ Patches currently in -mm which might be from keescook(a)chromium.org are x86-uaccess-avoid-check_object_size-in-copy_from_user_nmi.patch

2 years, 1 month

1
0
0 0

stable-rc/queue/5.4 baseline: 154 runs, 8 regressions (v5.4.213-14-g01680cfbf5dc)

by kernelci.org bot

stable-rc/queue/5.4 baseline: 154 runs, 8 regressions (v5.4.213-14-g01680cfbf5dc) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ---------------------------+-------+-------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2 | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv2 | arm64 | lab-broonie | gcc-10 | defconfig | 1 qemu_arm64-virt-gicv2-uefi | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv2-uefi | arm64 | lab-broonie | gcc-10 | defconfig | 1 qemu_arm64-virt-gicv3 | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv3 | arm64 | lab-broonie | gcc-10 | defconfig | 1 qemu_arm64-virt-gicv3-uefi | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv3-uefi | arm64 | lab-broonie | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F5.4/kernel/v5.4.213-… Test: baseline Tree: stable-rc Branch: queue/5.4 Describe: v5.4.213-14-g01680cfbf5dc URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 01680cfbf5dc27f6e092203efb26be60cb7fec5e Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ---------------------------+-------+-------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2 | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/632886147d8d69c770355648 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/632886147d8d69c770355649 failing since 132 days (last pass: v5.4.191-84-g56ce42d78d96, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions ---------------------------+-------+-------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2 | arm64 | lab-broonie | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63288998263f61dfc5355642 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/63288998263f61dfc5355643 failing since 132 days (last pass: v5.4.191-77-g1a3b249e415b, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions ---------------------------+-------+-------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2-uefi | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/632886011111cec30135567b Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/632886011111cec30135567c failing since 132 days (last pass: v5.4.191-84-g56ce42d78d96, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions ---------------------------+-------+-------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2-uefi | arm64 | lab-broonie | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/632887b8bb716c3f1335564e Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/632887b8bb716c3f1335564f failing since 132 days (last pass: v5.4.191-77-g1a3b249e415b, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions ---------------------------+-------+-------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3 | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/632885ebc9f4f3ec80355733 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/632885ebc9f4f3ec80355734 failing since 132 days (last pass: v5.4.191-84-g56ce42d78d96, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions ---------------------------+-------+-------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3 | arm64 | lab-broonie | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/632887f4aaf5c3aa1f35565c Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/632887f4aaf5c3aa1f35565d failing since 132 days (last pass: v5.4.191-77-g1a3b249e415b, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions ---------------------------+-------+-------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3-uefi | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/632886009cf92424a6355661 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/632886009cf92424a6355662 failing since 132 days (last pass: v5.4.191-84-g56ce42d78d96, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions ---------------------------+-------+-------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3-uefi | arm64 | lab-broonie | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/632887cc4143fbd4b635567d Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.213-14-g01680cfbf5dc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/632887cc4143fbd4b635567e failing since 132 days (last pass: v5.4.191-77-g1a3b249e415b, first fail: v5.4.191-125-g5917d1547e6e)

2 years, 1 month

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2022