February 2023 - Linux-stable-mirror

FAILED: patch "[PATCH] scripts/tags.sh: fix incompatibility with PCRE2" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Possible dependencies: 6ec363fc6142 ("scripts/tags.sh: fix incompatibility with PCRE2") 7394d2ebb651 ("scripts/tags.sh: Invoke 'realpath' via 'xargs'") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ec363fc6142226b9ab5a6528f65333d729d2b6b Mon Sep 17 00:00:00 2001 From: Carlos Llamas <cmllamas(a)google.com> Date: Wed, 15 Feb 2023 18:38:50 +0000 Subject: [PATCH] scripts/tags.sh: fix incompatibility with PCRE2 Starting with release 10.38 PCRE2 drops default support for using \K in lookaround patterns as described in [1]. Unfortunately, scripts/tags.sh relies on such functionality to collect all_compiled_soures() leading to the following error: $ make COMPILED_SOURCE=1 tags GEN tags grep: \K is not allowed in lookarounds (but see PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK) The usage of \K for this pattern was introduced in commit 4f491bb6ea2a ("scripts/tags.sh: collect compiled source precisely") which speeds up the generation of tags significantly. In order to fix this issue without compromising the performance we can switch over to an equivalent sed expression. The same matching pattern is preserved here except \K is replaced with a backreference \1. [1] https://www.pcre.org/current/doc/html/pcre2syntax.html#SEC11 Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Cc: Jialu Xu <xujialu(a)vimux.org> Cc: Vipin Sharma <vipinsh(a)google.com> Cc: stable(a)vger.kernel.org Fixes: 4f491bb6ea2a ("scripts/tags.sh: collect compiled source precisely") Signed-off-by: Carlos Llamas <cmllamas(a)google.com> Link: https://lore.kernel.org/r/20230215183850.3353198-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/scripts/tags.sh b/scripts/tags.sh index 1ad45f17179a..6b9001853890 100755 --- a/scripts/tags.sh +++ b/scripts/tags.sh @@ -98,7 +98,7 @@ all_compiled_sources() { echo include/generated/autoconf.h find $ignore -name "*.cmd" -exec \ - grep -Poh '(?(?=^source_.* \K).*|(?=^ \K\S).*(?= \\))' {} \+ | + sed -n -E 's/^source_.* (.*)/\1/p; s/^ (\S.*) \\/\1/p' {} \+ | awk '!a[$0]++' } | xargs realpath -esq $([ -z "$KBUILD_ABS_SRCTREE" ] && echo --relative-to=.) | sort -u

1 year, 11 months

1
0
0 0

[PATCH 4.14 v3 0/4] BPF fixes for CVE-2021-3444 and CVE-2021-3600

by Edward Liaw

Thadeu Lima de Souza Cascardo originally sent this patch but it failed to merge because of a compilation error: https://lore.kernel.org/bpf/20210830183211.339054-1-cascardo@canonical.com/… v3: Added upstream commit hash from 4.19.y and added detail to changelog. v2: Removed redefinition of tmp to fix compilation with CONFIG_BPF_JIT_ALWAYS_ON enabled. -Edward == The upstream changes necessary to fix these CVEs rely on the presence of JMP32, which is not a small backport and brings its own potential set of necessary follow-ups. Daniel Borkmann, John Fastabend and Alexei Starovoitov came up with a fix involving the use of the AX register. This has been tested against the test_verifier in 4.14.y tree and some tests specific to the two referred CVEs. The test_bpf module was also tested. Daniel Borkmann (4): bpf: Do not use ax register in interpreter on div/mod bpf: fix subprog verifier bypass by div/mod by 0 exception bpf: Fix 32 bit src register truncation on div/mod bpf: Fix truncation handling for mod32 dst reg wrt zero include/linux/filter.h | 24 ++++++++++++++++++++++++ kernel/bpf/core.c | 39 ++++++++++++++------------------------- kernel/bpf/verifier.c | 39 +++++++++++++++++++++++++++++++-------- net/core/filter.c | 9 ++++++++- 4 files changed, 77 insertions(+), 34 deletions(-) base-commit: a8ad60f2af5884921167e8cede5784c7849884b2 -- 2.39.2.637.g21b0678d19-goog

1 year, 11 months

2
5
0 0

[PATCH 6.1 0/5] Backport v6.2 SGID fixes to LTS 6.1

by Amir Goldstein

Greg, Following are backports of Christian's SGID fixes that were merged to v6.2-rc1. Note that Christain's PR [1] contains also two ovl patches (from me). Those two are independent fixes that have already been AUTOSELected to 6.1.y. Christain's fixes also contain a user observable change of behavior to fix inconsistencies of behavior between chmod/chown and write. This change is best described in Christain's commit to fix the expected behavior in xfstests [2]. It is hoped that no applications rely on this minor behavioral difference, and if we are wrong, we may need to party revert the change, but in any case, we prefer the behavior of LTS kernels to be consitent with that of upstream. I ran the relevant fstests test groups on xfs and on overlayfs over xfs. I also have backports that I prepared for 5.15 and 5.10, but those backports include also xfs SGID fixes, so those need to go through the xfs stable review process. Thanks, Amir. [1] https://lore.kernel.org/linux-fsdevel/20221212112053.99208-1-brauner@kernel… [2] https://lore.kernel.org/linux-fsdevel/20230103-fstests-setgid-v6-2-v3-1-595… Christian Brauner (5): attr: add in_group_or_capable() fs: move should_remove_suid() attr: add setattr_should_drop_sgid() attr: use consistent sgid stripping checks fs: use consistent setgid checks in is_sxid() Documentation/trace/ftrace.rst | 2 +- fs/attr.c | 74 +++++++++++++++++++++++++++++++--- fs/fuse/file.c | 2 +- fs/inode.c | 64 +++++++++++++---------------- fs/internal.h | 10 ++++- fs/ocfs2/file.c | 4 +- fs/open.c | 8 ++-- include/linux/fs.h | 4 +- 8 files changed, 115 insertions(+), 53 deletions(-) -- 2.34.1

1 year, 11 months

2
6
0 0

S2idle fix for DCN314

by Limonciello, Mario

[Public] Hi, Newer GPU microcode binaries for products with DCN 314 cause the display to fail to resume from s2idle. The following fix went into 6.3 that makes it work with both newer and older GPU microcode binaries. Please take this to 6.1.y. e383b12709e32 ("drm/amd/display: Move DCN314 DOMAIN power control to DMCUB") Thanks,

1 year, 11 months

2
2
0 0

USB4 DPIA fixups for 6.1.y/6.2

by Limonciello, Mario

Hi, The following two commits help with initialization of DPIA which is used for DP tunneling over USB4 within amdgpu. Needed for both 6.1.y and 6.2.y: ead08b95fa50 ("drm/amd/display: Fix race condition in DPIA AUX transfer") 0cf8307adbc6 ("drm/amd/display: Properly reuse completion structure") Needed just for 6.2: 0cf8307adbc6 ("drm/amd/display: Properly reuse completion structure") 0cf8307adbc6 was actually already tagged to go stable but it doesn’t apply cleanly to 6.1.y because of the above mentioned dependency so it didn’t come back. Can you please bring them back as requested above? Thanks,

1 year, 11 months

2
1
0 0

[PATCH 5.10] md: Flush workqueue md_rdev_misc_wq in md_alloc()

by Hou Tao

From: David Sloan <david.sloan(a)eideticom.com> commit 5e8daf906f890560df430d30617c692a794acb73 upstream. A race condition still exists when removing and re-creating md devices in test cases. However, it is only seen on some setups. The race condition was tracked down to a reference still being held to the kobject by the rdev in the md_rdev_misc_wq which will be released in rdev_delayed_delete(). md_alloc() waits for previous deletions by waiting on the md_misc_wq, but the md_rdev_misc_wq may still be holding a reference to a recently removed device. To fix this, also flush the md_rdev_misc_wq in md_alloc(). Signed-off-by: David Sloan <david.sloan(a)eideticom.com> [logang(a)deltatee.com: rewrote commit message] Signed-off-by: Logan Gunthorpe <logang(a)deltatee.com> Signed-off-by: Song Liu <song(a)kernel.org> Signed-off-by: Hou Tao <houtao1(a)huawei.com> --- Hi Greg, We found the problem also exists on v5.10, so could you please pick it up for v5.10 ? Thanks. drivers/md/md.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/md.c b/drivers/md/md.c index 3038e7ecb7e1..c0b34637bd66 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -5683,6 +5683,7 @@ static int md_alloc(dev_t dev, char *name) * completely removed (mddev_delayed_delete). */ flush_workqueue(md_misc_wq); + flush_workqueue(md_rdev_misc_wq); mutex_lock(&disks_mutex); error = -EEXIST; -- 2.29.2

1 year, 11 months

3
3
0 0

Please backport commit ae3419fbac84 ("vc_screen: don't clobber return value in vcs_read")

by Thomas Weißschuh

Hi, please backport the following commit[0] to all stable releases that contain the commit 226fae124b2d ("vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF") Commit 46d733d0efc7 ("vc_screen: modify vcs_size() handling in vcs_read()") [1] also tries to fix this commit but should not actually be necessary for a proper fix. It may make sense to also backport for consistency. commit ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e Author: Thomas Weißschuh <linux(a)weissschuh.net> Date: Mon Feb 20 06:46:12 2023 +0000 vc_screen: don't clobber return value in vcs_read Commit 226fae124b2d ("vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF") moved the call to vcs_vc() into the loop. While doing this it also moved the unconditional assignment of ret = -ENXIO; This unconditional assignment was valid outside the loop but within it it clobbers the actual value of ret. To avoid this only assign "ret = -ENXIO" when actually needed. [ Also, the 'goto unlock_out" needs to be just a "break", so that it does the right thing when it exits on later iterations when partial success has happened - Linus ] Reported-by: Storm Dragon <stormdragon2976(a)gmail.com> Link: https://lore.kernel.org/lkml/Y%2FKS6vdql2pIsCiI@hotmail.com/ Fixes: 226fae124b2d ("vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF") Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Link: https://lore.kernel.org/lkml/64981d94-d00c-4b31-9063-43ad0a384bde@t-8ch.de/ Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Thanks, Thomas [0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…

1 year, 11 months

2
1
0 0

Please apply 4e4a08868f15897ca236528771c3733fded42c62 to linux-6.2.y

by Nathan Chancellor

Hi Greg and Sasha, Please apply commit 4e4a08868f15 ("crypto: arm64/sm4-gcm - Fix possible crash in GCM cryption") to 6.2, as it fixes a crash that I see when booting Arch Linux ARM's aarch64 configuration [1] in QEMU: [ 1.512110] Unable to handle kernel paging request at virtual address fffffe000024d588 [ 1.512357] Mem abort info: [ 1.512542] ESR = 0x0000000097c38004 [ 1.512695] EC = 0x25: DABT (current EL), IL = 32 bits [ 1.512863] SET = 0, FnV = 0 [ 1.512967] EA = 0, S1PTW = 0 [ 1.513075] FSC = 0x04: level 0 translation fault [ 1.513236] Data abort info: [ 1.513343] Access size = 8 byte(s) [ 1.513618] SSE = 0, SRT = 3 [ 1.513721] SF = 1, AR = 0 [ 1.513824] CM = 0, WnR = 0 [ 1.513964] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041ef8000 [ 1.514162] [fffffe000024d588] pgd=0000000000000000, p4d=0000000000000000 [ 1.514932] Internal error: Oops: 0000000097c38004 [#1] PREEMPT SMP [ 1.515206] Modules linked in: [ 1.515477] CPU: 0 PID: 113 Comm: cryptomgr_test Not tainted 6.2.1-ARCH #1 [ 1.515755] Hardware name: linux,dummy-virt (DT) [ 1.516029] pstate: a1400009 (NzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1.516277] pc : kfree+0x30/0xb0 [ 1.516766] lr : skcipher_walk_done+0x198/0x2b0 [ 1.516934] sp : ffff80000ace3820 [ 1.517042] x29: ffff80000ace3820 x28: 0000000000000000 x27: 0000000000000400 [ 1.517316] x26: ffff80000937d880 x25: ffff0000034d0400 x24: ffff0000036efe00 [ 1.517557] x23: ffff800008088730 x22: ffff0000036efd00 x21: ffff80000ace3998 [ 1.517791] x20: 0000000000000000 x19: ffff80000ace3900 x18: ffffffffffffffff [ 1.518022] x17: 0000000000000000 x16: 0000000000000000 x15: ffffffffffffffff [ 1.518263] x14: ffff80008ace3ce7 x13: 0000000000000000 x12: 0000000000000000 [ 1.518510] x11: ffff80000ace38c8 x10: ffff80000ace38d0 x9 : 0000000000000001 [ 1.518757] x8 : 0000000000000000 x7 : ffff80000ace38a8 x6 : 0000000000000001 [ 1.518993] x5 : ffff80000ace3998 x4 : fffffc0000000000 x3 : ffff80000ace3b00 [ 1.519242] x2 : 000002000024d580 x1 : ffff800009356218 x0 : fffffe000024d580 [ 1.519549] Call trace: [ 1.519654] kfree+0x30/0xb0 [ 1.519785] skcipher_walk_done+0x198/0x2b0 [ 1.519931] gcm_crypt+0xd8/0x170 [ 1.520047] gcm_encrypt+0x90/0xbc [ 1.520153] crypto_aead_encrypt+0x24/0x40 [ 1.520285] test_aead_vec_cfg+0x21c/0x770 [ 1.520422] test_aead+0xb4/0x140 [ 1.520538] alg_test_aead+0x94/0x190 [ 1.520662] alg_test+0x34c/0x520 [ 1.520770] cryptomgr_test+0x24/0x44 [ 1.520889] kthread+0xe4/0xf0 [ 1.520993] ret_from_fork+0x10/0x20 [ 1.521300] Code: b25657e4 d34cfc42 d37ae442 8b040040 (f9400403) [ 1.521691] ---[ end trace 0000000000000000 ]--- [1]: https://github.com/archlinuxarm/PKGBUILDs/raw/master/core/linux-aarch64/con… Cheers, Nathan

1 year, 11 months

2
1
0 0

Please apply efbc7bd90f60 to 5.15

by Arınç ÜNAL

commit efbc7bd90f60c71b8e786ee767952bc22fc3666d upstream. Please apply ("staging: mt7621-dts: change palmbus address to lower case") to 5.15. It solves the duplicate label error caused by the node name being uppercase on gbpc1.dts, but lowercase on mt7621.dtsi. drivers/staging/mt7621-dts/gbpc1.dts:22.28-26.4: ERROR (duplicate_label): /palmbus@1E000000: Duplicate label 'palmbus' on /palmbus@1E000000 and /palmbus@1e000000 ERROR: Input tree has errors, aborting (use -f to force output) Arınç

1 year, 11 months

3
3
0 0

[PATCH] ceph: do not print the whole xattr value if it's too long

by xiubli＠redhat.com

From: Xiubo Li <xiubli(a)redhat.com> If the xattr's value size is long enough the kernel will warn and then will fail the xfstests test case. Just print part of the value string if it's too long. Cc: stable(a)vger.kernel.org URL: https://tracker.ceph.com/issues/58404 Signed-off-by: Xiubo Li <xiubli(a)redhat.com> --- fs/ceph/xattr.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index b10d459c2326..6638bb0ec10f 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -561,6 +561,7 @@ static struct ceph_vxattr *ceph_match_vxattr(struct inode *inode, return NULL; } +#define XATTR_MAX_VAL 256 static int __set_xattr(struct ceph_inode_info *ci, const char *name, int name_len, const char *val, int val_len, @@ -654,8 +655,10 @@ static int __set_xattr(struct ceph_inode_info *ci, dout("__set_xattr_val p=%p\n", p); } - dout("__set_xattr_val added %llx.%llx xattr %p %.*s=%.*s\n", - ceph_vinop(&ci->netfs.inode), xattr, name_len, name, val_len, val); + dout("__set_xattr_val added %llx.%llx xattr %p %.*s=%.*s%s\n", + ceph_vinop(&ci->netfs.inode), xattr, name_len, name, + val_len > XATTR_MAX_VAL ? XATTR_MAX_VAL : val_len, val, + val_len > XATTR_MAX_VAL ? "..." : ""); return 0; } @@ -681,8 +684,10 @@ static struct ceph_inode_xattr *__get_xattr(struct ceph_inode_info *ci, else if (c > 0) p = &(*p)->rb_right; else { - dout("__get_xattr %s: found %.*s\n", name, - xattr->val_len, xattr->val); + int len = xattr->val_len; + dout("__get_xattr %s: found %.*s%s\n", name, + len > XATTR_MAX_VAL ? XATTR_MAX_VAL : len, + xattr->val, len > XATTR_MAX_VAL ? "..." : ""); return xattr; } } -- 2.31.1

1 year, 11 months

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2023