Greg,
Following are backports of Christian's SGID fixes that were merged to
v6.2-rc1.
Note that Christain's PR [1] contains also two ovl patches (from me).
Those two are independent fixes that have already been AUTOSELected
to 6.1.y.
Christain's fixes also contain a user observable change of behavior
to fix inconsistencies of behavior between chmod/chown and write.
This change is best described in Christain's commit to fix the expected
behavior in xfstests [2].
It is hoped that no applications rely on this minor behavioral
difference, and if we are wrong, we may need to party revert the
change, but in any case, we prefer the behavior of LTS kernels to be
consitent with that of upstream.
I ran the relevant fstests test groups on xfs and on overlayfs over xfs.
I also have backports that I prepared for 5.15 and 5.10, but those
backports include also xfs SGID fixes, so those need to go through the
xfs stable review process.
Thanks,
Amir.
[1] https://lore.kernel.org/linux-fsdevel/20221212112053.99208-1-brauner@kernel…
[2] https://lore.kernel.org/linux-fsdevel/20230103-fstests-setgid-v6-2-v3-1-595…
Christian Brauner (5):
attr: add in_group_or_capable()
fs: move should_remove_suid()
attr: add setattr_should_drop_sgid()
attr: use consistent sgid stripping checks
fs: use consistent setgid checks in is_sxid()
Documentation/trace/ftrace.rst | 2 +-
fs/attr.c | 74 +++++++++++++++++++++++++++++++---
fs/fuse/file.c | 2 +-
fs/inode.c | 64 +++++++++++++----------------
fs/internal.h | 10 ++++-
fs/ocfs2/file.c | 4 +-
fs/open.c | 8 ++--
include/linux/fs.h | 4 +-
8 files changed, 115 insertions(+), 53 deletions(-)
--
2.34.1
[Public]
Hi,
Newer GPU microcode binaries for products with DCN 314 cause the display to fail to resume from s2idle.
The following fix went into 6.3 that makes it work with both newer and older GPU microcode binaries.
Please take this to 6.1.y.
e383b12709e32 ("drm/amd/display: Move DCN314 DOMAIN power control to DMCUB")
Thanks,
Hi,
The following two commits help with initialization of DPIA which is used
for DP tunneling over USB4 within amdgpu.
Needed for both 6.1.y and 6.2.y:
ead08b95fa50 ("drm/amd/display: Fix race condition in DPIA AUX transfer")
0cf8307adbc6 ("drm/amd/display: Properly reuse completion structure")
Needed just for 6.2:
0cf8307adbc6 ("drm/amd/display: Properly reuse completion structure")
0cf8307adbc6 was actually already tagged to go stable but it doesn’t
apply cleanly to 6.1.y
because of the above mentioned dependency so it didn’t come back.
Can you please bring them back as requested above?
Thanks,
From: David Sloan <david.sloan(a)eideticom.com>
commit 5e8daf906f890560df430d30617c692a794acb73 upstream.
A race condition still exists when removing and re-creating md devices
in test cases. However, it is only seen on some setups.
The race condition was tracked down to a reference still being held
to the kobject by the rdev in the md_rdev_misc_wq which will be released
in rdev_delayed_delete().
md_alloc() waits for previous deletions by waiting on the md_misc_wq,
but the md_rdev_misc_wq may still be holding a reference to a recently
removed device.
To fix this, also flush the md_rdev_misc_wq in md_alloc().
Signed-off-by: David Sloan <david.sloan(a)eideticom.com>
[logang(a)deltatee.com: rewrote commit message]
Signed-off-by: Logan Gunthorpe <logang(a)deltatee.com>
Signed-off-by: Song Liu <song(a)kernel.org>
Signed-off-by: Hou Tao <houtao1(a)huawei.com>
---
Hi Greg,
We found the problem also exists on v5.10, so could you please pick it up
for v5.10 ?
Thanks.
drivers/md/md.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 3038e7ecb7e1..c0b34637bd66 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -5683,6 +5683,7 @@ static int md_alloc(dev_t dev, char *name)
* completely removed (mddev_delayed_delete).
*/
flush_workqueue(md_misc_wq);
+ flush_workqueue(md_rdev_misc_wq);
mutex_lock(&disks_mutex);
error = -EEXIST;
--
2.29.2
Hi,
please backport the following commit[0] to all stable releases that
contain the commit
226fae124b2d ("vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF")
Commit 46d733d0efc7 ("vc_screen: modify vcs_size() handling in vcs_read()") [1]
also tries to fix this commit but should not actually be necessary for a
proper fix. It may make sense to also backport for consistency.
commit ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e
Author: Thomas Weißschuh <linux(a)weissschuh.net>
Date: Mon Feb 20 06:46:12 2023 +0000
vc_screen: don't clobber return value in vcs_read
Commit 226fae124b2d ("vc_screen: move load of struct vc_data pointer in
vcs_read() to avoid UAF") moved the call to vcs_vc() into the loop.
While doing this it also moved the unconditional assignment of
ret = -ENXIO;
This unconditional assignment was valid outside the loop but within it
it clobbers the actual value of ret.
To avoid this only assign "ret = -ENXIO" when actually needed.
[ Also, the 'goto unlock_out" needs to be just a "break", so that it
does the right thing when it exits on later iterations when partial
success has happened - Linus ]
Reported-by: Storm Dragon <stormdragon2976(a)gmail.com>
Link: https://lore.kernel.org/lkml/Y%2FKS6vdql2pIsCiI@hotmail.com/
Fixes: 226fae124b2d ("vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF")
Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net>
Link: https://lore.kernel.org/lkml/64981d94-d00c-4b31-9063-43ad0a384bde@t-8ch.de/
Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org>
Thanks,
Thomas
[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…
commit efbc7bd90f60c71b8e786ee767952bc22fc3666d upstream.
Please apply ("staging: mt7621-dts: change palmbus address to lower
case") to 5.15. It solves the duplicate label error caused by the node
name being uppercase on gbpc1.dts, but lowercase on mt7621.dtsi.
drivers/staging/mt7621-dts/gbpc1.dts:22.28-26.4: ERROR
(duplicate_label): /palmbus@1E000000: Duplicate label 'palmbus' on
/palmbus@1E000000 and /palmbus@1e000000
ERROR: Input tree has errors, aborting (use -f to force output)
Arınç
commit 943f4e64ee177cf44d7f2c235281fcda7c32bb28 upstream
Please backport to 6.2.
This fixes an API break between the cs_dsp driver and the cs35l41 HDA
driver that broke the cs35l41 driver.
The original chain of patches that made the cs_dsp change missed out the
corresponding change to the HDA code. These changes went into the first
6.2 release.
Reported-by: Martin Wolf <info(a)martinwolf.pub>
drahý příteli
Jak se dneska máš? Myslím, že už je to dlouho, co jsme spolu mluvili
naposledy. V každém případě Vás budu znovu kontaktovat ohledně naší
předchozí transakce, která u Vás nebyla úspěšná. Vaše spolupráce se
mnou bohužel nemůže dokončit převod finančních prostředků. Nevím,
možná proto, že se musím smířit se svým zájmem o případ.
V každém případě jsem rád, že mohu oznámit úspěch při přijímání
finančních prostředků převedených novým partnerem z Venezuely.
Momentálně jsem ve Venezuele kvůli investici. Nezapomněl jsem však na
své předchozí snažení a snažil jsem se mi s převodem fondu pomoci, i
když jsme nemohli dojít ke konkrétnímu závěru. Díky mé snaze pomoci
mně jsme se s mým novým partnerem rozhodli vrátit vám 850 000 $,
abyste si s námi mohli užívat radosti a štěstí.
Nechal jsem vaše kompenzační vízum pro svou sekretářku, aby mi pomohla
podat žádost. Nyní kontaktujte mou sekretářku v Togu, jmenuje se paní
Silverly Rojas a její e-mailová adresa je
(silverlynrojas94(a)gmail.com). Řekněte jí, aby vám poslala kartu Visa v
hodnotě 850 000 USD. V současné době jsem velmi zaneprázdněn ve
Venezuele kvůli investičním projektům, které mám se svým novým
partnerem. Rychle kontaktujte paní Silverly Rojasovou a dejte jí
vědět, kam má poslat čekající vízum. Karta vám bude obratem zaslána.
Přeji vám vše nejlepší ve všech vašich snahách.
S pozdravem
Robert G Mohammed