- Linux-stable-mirror - lists.linaro.org

[PATCH 4.14 00/43] 4.14.32-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.32 release. There are 43 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Mar 31 17:57:12 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.32-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.32-rc1 Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: on channel error, reject further cmd requests Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: lock read device while queueing next buffer Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: when thread completes, wake up all waiters Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: free netdevice when removing a card Camelia Groza <camelia.groza(a)nxp.com> dpaa_eth: remove duplicate increment of the tx_errors counter Camelia Groza <camelia.groza(a)nxp.com> dpaa_eth: increment the RX dropped counter when needed Camelia Groza <camelia.groza(a)nxp.com> dpaa_eth: remove duplicate initialization Madalin Bucur <madalin.bucur(a)nxp.com> dpaa_eth: fix error in dpaa_remove() Madalin Bucur <madalin.bucur(a)nxp.com> soc/fsl/qbman: fix issue in qman_delete_cgr_safe() Arkadi Sharshevsky <arkadis(a)mellanox.com> team: Fix double free in error path Vinicius Costa Gomes <vinicius.gomes(a)intel.com> skbuff: Fix not waking applications when errors are enqueued Michal Kalderon <Michal.Kalderon(a)cavium.com> qede: Fix qedr link update Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Rewrite __bcm_sysport_tx_reclaim() David Ahern <dsahern(a)gmail.com> net: Only honor ifindex in IP_PKTINFO if non-0 Nicolas Dichtel <nicolas.dichtel(a)6wind.com> netlink: avoid a double skb free in genlmsg_mcast() Arvind Yadav <arvind.yadav.cs(a)gmail.com> net/iucv: Free memory obtained by kzalloc Florian Fainelli <f.fainelli(a)gmail.com> net: fec: Fix unbalanced PM runtime calls SZ Lin (林上智) <sz.lin(a)moxa.com> net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred Eric Dumazet <edumazet(a)google.com> l2tp: do not accept arbitrary sockets Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: check sk for closed state in dccp_sendmsg() Kirill Tkhai <ktkhai(a)virtuozzo.com> net: Fix hlist corruptions in inet_evict_bucket() Eric Dumazet <edumazet(a)google.com> net: use skb_to_full_sk() in skb_update_prio() Eric Dumazet <edumazet(a)google.com> ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() Alexey Kodanev <alexey.kodanev(a)oracle.com> sch_netem: fix skb leak in netem_enqueue() Tom Herbert <tom(a)quantonium.net> kcm: lock lower socket in kcm_attach Paul Blakey <paulb(a)mellanox.com> rhashtable: Fix rhlist duplicates insertion Guillaume Nault <g.nault(a)alphalink.fr> ppp: avoid loop in xmit recursion detection code Roman Mashak <mrv(a)mojatatu.com> net sched actions: return explicit error when tunnel_key mode is not specified Brad Mouring <brad.mouring(a)ni.com> net: phy: Tell caller result of phy_change() Ido Schimmel <idosch(a)mellanox.com> mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic David Lebrun <dlebrun(a)google.com> ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state David Lebrun <dlebrun(a)google.com> ipv6: sr: fix NULL pointer dereference when setting encap source address Stefano Brivio <sbrivio(a)redhat.com> ipv6: old_dport should be a __be16 in __ip6_datagram_connect() Paolo Abeni <pabeni(a)redhat.com> net: ipv6: keep sk status consistent after datagram connect failure Shannon Nelson <shannon.nelson(a)oracle.com> macvlan: filter out unsupported feature flags Arkadi Sharshevsky <arkadis(a)mellanox.com> devlink: Remove redundant free on error path Grygorii Strashko <grygorii.strashko(a)ti.com> net: phy: relax error checking when creating sysfs link netdev->phydev Grygorii Strashko <grygorii.strashko(a)ti.com> sysfs: symlink: export sysfs_create_link_nowarn() Michal Kalderon <Michal.Kalderon(a)cavium.com> qed: Fix non TCP packets should be dropped on iWARP ll2 connection Soheil Hassas Yeganeh <soheil(a)google.com> tcp: purge write queue upon aborting the connection Soheil Hassas Yeganeh <soheil(a)google.com> tcp: reset sk_send_head in tcp_write_queue_purge ------------- Diffstat: Makefile | 4 +- drivers/net/ethernet/arc/emac_rockchip.c | 6 +- drivers/net/ethernet/broadcom/bcmsysport.c | 33 ++-- drivers/net/ethernet/broadcom/bcmsysport.h | 2 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 8 +- drivers/net/ethernet/freescale/fec_main.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 12 +- drivers/net/ethernet/qlogic/qed/qed_iwarp.c | 15 ++ drivers/net/ethernet/qlogic/qede/qede_main.c | 4 +- drivers/net/ethernet/ti/cpsw.c | 3 +- drivers/net/macvlan.c | 2 +- drivers/net/phy/phy.c | 173 ++++++++++----------- drivers/net/phy/phy_device.c | 15 +- drivers/net/ppp/ppp_generic.c | 26 ++-- drivers/net/team/team.c | 4 +- drivers/s390/net/qeth_core_main.c | 21 ++- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/soc/fsl/qbman/qman.c | 28 +--- fs/sysfs/symlink.c | 1 + include/linux/cgroup-defs.h | 4 +- include/linux/phy.h | 1 - include/linux/rhashtable.h | 4 +- include/net/sch_generic.h | 19 +++ include/net/tcp.h | 11 +- lib/rhashtable.c | 4 +- net/core/dev.c | 22 ++- net/core/devlink.c | 16 +- net/core/skbuff.c | 2 +- net/dccp/proto.c | 5 + net/ieee802154/6lowpan/core.c | 12 +- net/ipv4/inet_fragment.c | 3 + net/ipv4/ip_sockglue.c | 6 +- net/ipv4/tcp.c | 1 + net/ipv4/tcp_timer.c | 1 + net/ipv6/datagram.c | 21 ++- net/ipv6/ndisc.c | 3 +- net/ipv6/seg6_iptunnel.c | 7 +- net/iucv/af_iucv.c | 4 +- net/kcm/kcmsock.c | 33 ++-- net/l2tp/l2tp_core.c | 8 +- net/netlink/genetlink.c | 2 +- net/sched/act_tunnel_key.c | 1 + net/sched/sch_netem.c | 2 +- 44 files changed, 320 insertions(+), 235 deletions(-)

7 years, 7 months

4
45
0 0

[PATCH v2] PCI / PM: Always check PME wakeup capability for runtime wakeup support

by Kai-Heng Feng

USB controller ASM1042 stops working after commit de3ef1eb1cd0 ("PM / core: Drop run_wake flag from struct dev_pm_info"). The device in question is not power managed by platform firmware, furthermore, it only supports PME# from D3cold: Capabilities: [78] Power Management version 3 Flags: PMEClk- DSI- D1- D2- AuxCurrent=55mA PME(D0-,D1-,D2-,D3hot-,D3cold+) Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME- Before commit de3ef1eb1cd0, the device never gets runtime suspended. After that commit, the device gets runtime suspended, so it does not respond to any PME#. usb_hcd_pci_probe() mandatorily calls device_wakeup_enable(), hence device_can_wakeup() in pci_dev_run_wake() always returns true. So pci_dev_run_wake() needs to check PME wakeup capability as its first condition. Fixes: de3ef1eb1cd0 ("PM / core: Drop run_wake flag from struct dev_pm_info") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> --- v2: Explicitly check dev->pme_support. drivers/pci/pci.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index f6a4dd10d9b0..52821a21fc07 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -2125,16 +2125,16 @@ bool pci_dev_run_wake(struct pci_dev *dev) { struct pci_bus *bus = dev->bus; - if (device_can_wakeup(&dev->dev)) - return true; - if (!dev->pme_support) return false; /* PME-capable in principle, but not from the target power state */ - if (!pci_pme_capable(dev, pci_target_state(dev, false))) + if (!pci_pme_capable(dev, pci_target_state(dev, true))) return false; + if (device_can_wakeup(&dev->dev)) + return true; + while (bus->parent) { struct pci_dev *bridge = bus->self; -- 2.15.1

7 years, 7 months

3
3
0 0

Regression in v4.4.124 due to 'genirq: Use irqd_get_trigger_type to compare ..'

by Guenter Roeck

Hi Greg, commit 9d0273bb1c4b64 ("genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs") causes a regression in v4.4.124. The problem has been fixed upstream with commit 4f8413a3a799 ("genirq: Track whether the trigger type has been set"). Please apply that patch to v4.4.y at your earliest convenience. The patch does not apply cleanly; you'll get a conflict include/linux/irq.h. The fix is simple - just take the version introduced by the patch. It adds a couple of extra defines, but those don't hurt and just keep the code aligned with upstream. Thanks, Guenter

7 years, 7 months

3
7
0 0

Patch "[PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 6ac05ec9c1bdefb8a88aefd4681869814b3f6c73 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Fri, 30 Mar 2018 10:56:51 +0200 Subject: [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" This reverts commit 093c265afffb0a91a7611c3bb74d0883731a807b which is commit 382bd4de61827dbaaf5fb4fb7b1f4be4a86505e7 upstream. It causes too many problems with the stable tree, and would require too many other things to be backported, so just revert it. Reported-by: Guenter Roeck <linux(a)roeck-us.net> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/irq/manage.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -1058,10 +1058,8 @@ __setup_irq(unsigned int irq, struct irq * set the trigger type must match. Also all must * agree on ONESHOT. */ - unsigned int oldtype = irqd_get_trigger_type(&desc->irq_data); - if (!((old->flags & new->flags) & IRQF_SHARED) || - (oldtype != (new->flags & IRQF_TRIGGER_MASK)) || + ((old->flags ^ new->flags) & IRQF_TRIGGER_MASK) || ((old->flags ^ new->flags) & IRQF_ONESHOT)) goto mismatch; Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-3.18/tty-vt-fix-up-tabstops-properly.patch queue-3.18/alsa-aloop-fix-access-to-not-yet-ready-substream-via-cable.patch queue-3.18/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch queue-3.18/net-only-honor-ifindex-in-ip_pktinfo-if-non-0.patch queue-3.18/libata-disable-lpm-for-crucial-bx100-ssd-500gb-drive.patch queue-3.18/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch queue-3.18/libata-apply-nolpm-quirk-to-crucial-m500-480-and-960gb-ssds.patch queue-3.18/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-3.18/libata-fix-length-validation-of-atapi-relayed-scsi-commands.patch queue-3.18/tracing-probeevent-fix-to-support-minus-offset-from-symbol.patch queue-3.18/can-cc770-fix-use-after-free-in-cc770_tx_interrupt.patch queue-3.18/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-3.18/libata-apply-nolpm-quirk-to-crucial-mx100-512gb-ssds.patch queue-3.18/libata-modify-quirks-for-mx100-to-limit-ncq_trim-quirk-to-mu01-version.patch queue-3.18/revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch queue-3.18/l2tp-do-not-accept-arbitrary-sockets.patch queue-3.18/can-cc770-fix-queue-stall-dropped-rtr-reply.patch queue-3.18/netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch queue-3.18/libata-enable-queued-trim-for-samsung-ssd-860.patch queue-3.18/staging-ncpfs-memory-corruption-in-ncp_read_kernel.patch queue-3.18/drm-udl-properly-check-framebuffer-mmap-offsets.patch queue-3.18/can-cc770-fix-stalls-on-rt-linux-remove-redundant-irq-ack.patch queue-3.18/team-fix-double-free-in-error-path.patch queue-3.18/brcmfmac-fix-p2p_device-ethernet-address-generation.patch queue-3.18/alsa-usb-audio-fix-parsing-descriptor-of-uac2-processing-unit.patch queue-3.18/net-iucv-free-memory-obtained-by-kzalloc.patch queue-3.18/alsa-aloop-sync-stale-timer-before-release.patch queue-3.18/net-ethernet-arc-fix-a-potential-memory-leak-if-an-optional-regulator-is-deferred.patch queue-3.18/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-3.18/scsi-sg-don-t-return-bogus-sg_requests.patch queue-3.18/dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch queue-3.18/net-fec-fix-unbalanced-pm-runtime-calls.patch queue-3.18/libata-make-crucial-bx100-500gb-lpm-quirk-apply-to-all-firmware-versions.patch queue-3.18/libata-remove-warn-for-dma-or-pio-command-without-data.patch queue-3.18/s390-qeth-free-netdevice-when-removing-a-card.patch queue-3.18/kvm-x86-fix-icebp-instruction-handling.patch

7 years, 7 months

1
0
0 0

Patch "[PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5512cca5c518c20037b10369a4725327202dd80b Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Fri, 30 Mar 2018 10:53:44 +0200 Subject: [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" This reverts commit 9d0273bb1c4b645817eccfe5c5975ea29add3300 which is commit 382bd4de61827dbaaf5fb4fb7b1f4be4a86505e7 upstream. It causes too many problems with the stable tree, and would require too many other things to be backported, so just revert it. Reported-by: Guenter Roeck <linux(a)roeck-us.net> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/irq/manage.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -1189,10 +1189,8 @@ __setup_irq(unsigned int irq, struct irq * set the trigger type must match. Also all must * agree on ONESHOT. */ - unsigned int oldtype = irqd_get_trigger_type(&desc->irq_data); - if (!((old->flags & new->flags) & IRQF_SHARED) || - (oldtype != (new->flags & IRQF_TRIGGER_MASK)) || + ((old->flags ^ new->flags) & IRQF_TRIGGER_MASK) || ((old->flags ^ new->flags) & IRQF_ONESHOT)) goto mismatch; Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-4.4/net-fix-hlist-corruptions-in-inet_evict_bucket.patch queue-4.4/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch queue-4.4/net-only-honor-ifindex-in-ip_pktinfo-if-non-0.patch queue-4.4/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch queue-4.4/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-4.4/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-4.4/net-systemport-rewrite-__bcm_sysport_tx_reclaim.patch queue-4.4/revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch queue-4.4/l2tp-do-not-accept-arbitrary-sockets.patch queue-4.4/netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch queue-4.4/team-fix-double-free-in-error-path.patch queue-4.4/ieee802154-6lowpan-fix-possible-null-deref-in-lowpan_device_event.patch queue-4.4/net-iucv-free-memory-obtained-by-kzalloc.patch queue-4.4/net-ethernet-arc-fix-a-potential-memory-leak-if-an-optional-regulator-is-deferred.patch queue-4.4/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-4.4/scsi-sg-don-t-return-bogus-sg_requests.patch queue-4.4/dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch queue-4.4/net-fec-fix-unbalanced-pm-runtime-calls.patch queue-4.4/net-ethernet-ti-cpsw-add-check-for-in-band-mode-setting-with-rgmii-phy-interface.patch queue-4.4/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 7 months

1
0
0 0

Patch "[PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 399af491b3f604277121f817ab0da9be6801bcef Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Fri, 30 Mar 2018 10:43:30 +0200 Subject: [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" This reverts commit f2596a9808acfd02ce1ee389f0e1c37e64aec5f6 which is commit 382bd4de61827dbaaf5fb4fb7b1f4be4a86505e7 upstream. It causes too many problems with the stable tree, and would require too many other things to be backported, so just revert it. Reported-by: Guenter Roeck <linux(a)roeck-us.net> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/irq/manage.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -1210,10 +1210,8 @@ __setup_irq(unsigned int irq, struct irq * set the trigger type must match. Also all must * agree on ONESHOT. */ - unsigned int oldtype = irqd_get_trigger_type(&desc->irq_data); - if (!((old->flags & new->flags) & IRQF_SHARED) || - (oldtype != (new->flags & IRQF_TRIGGER_MASK)) || + ((old->flags ^ new->flags) & IRQF_TRIGGER_MASK) || ((old->flags ^ new->flags) & IRQF_ONESHOT)) goto mismatch; Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-4.9/net-fix-hlist-corruptions-in-inet_evict_bucket.patch queue-4.9/ppp-avoid-loop-in-xmit-recursion-detection-code.patch queue-4.9/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch queue-4.9/net-only-honor-ifindex-in-ip_pktinfo-if-non-0.patch queue-4.9/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch queue-4.9/rhashtable-fix-rhlist-duplicates-insertion.patch queue-4.9/kcm-lock-lower-socket-in-kcm_attach.patch queue-4.9/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-4.9/sch_netem-fix-skb-leak-in-netem_enqueue.patch queue-4.9/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-4.9/net-systemport-rewrite-__bcm_sysport_tx_reclaim.patch queue-4.9/revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch queue-4.9/l2tp-do-not-accept-arbitrary-sockets.patch queue-4.9/netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch queue-4.9/team-fix-double-free-in-error-path.patch queue-4.9/net-use-skb_to_full_sk-in-skb_update_prio.patch queue-4.9/ieee802154-6lowpan-fix-possible-null-deref-in-lowpan_device_event.patch queue-4.9/net-hns-fix-a-skb-used-after-free-bug.patch queue-4.9/soc-fsl-qbman-fix-issue-in-qman_delete_cgr_safe.patch queue-4.9/net-iucv-free-memory-obtained-by-kzalloc.patch queue-4.9/net-ethernet-arc-fix-a-potential-memory-leak-if-an-optional-regulator-is-deferred.patch queue-4.9/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-4.9/scsi-sg-don-t-return-bogus-sg_requests.patch queue-4.9/dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch queue-4.9/net-fec-fix-unbalanced-pm-runtime-calls.patch queue-4.9/net-ethernet-ti-cpsw-add-check-for-in-band-mode-setting-with-rgmii-phy-interface.patch queue-4.9/net-sched-actions-return-explicit-error-when-tunnel_key-mode-is-not-specified.patch queue-4.9/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 7 months

1
0
0 0

[PATCH] mm/memblock: fix potential issue in memblock_search_pfn_nid()

by Wei Yang

memblock_search_pfn_nid() returns the nid and the [start|end]_pfn of the memory region where pfn sits in. While the calculation of start_pfn has potential issue when the regions base is not page aligned. For example, we assume PAGE_SHIFT is 12 and base is 0x1234. Current implementation would return 1 while this is not correct. This patch fixes this by using PFN_UP(). The original commit is commit e76b63f80d93 ("memblock, numa: binary search node id") and merged in v3.12. Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> Cc: 3.12 <stable(a)vger.kernel.org> --- mm/memblock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memblock.c b/mm/memblock.c index b6ba6b7adadc..de768307696d 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -1673,7 +1673,7 @@ int __init_memblock memblock_search_pfn_nid(unsigned long pfn, if (mid == -1) return -1; - *start_pfn = PFN_DOWN(type->regions[mid].base); + *start_pfn = PFN_UP(type->regions[mid].base); *end_pfn = PFN_DOWN(type->regions[mid].base + type->regions[mid].size); return type->regions[mid].nid; -- 2.15.1

7 years, 7 months

1
1
0 0

Re: [PATCH 4.9 00/28] 4.9.92-stable review

by Guenter Roeck

On Thu, Mar 29, 2018 at 03:01:18PM -0700, kernelci.org bot wrote: > stable-rc/linux-4.9.y boot: 122 boots: 1 failed, 104 passed with 14 offline, 3 untried/unknown (v4.9.91-29-gcdf42b7a5c27) > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.9.y/kernel/v4.9.… > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.9.y/kernel/v4.9.91-29-g… > > Tree: stable-rc > Branch: linux-4.9.y > Git Describe: v4.9.91-29-gcdf42b7a5c27 > Git Commit: cdf42b7a5c277bc4a4dd0853f6e2155a3ead8b02 > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > Tested: 63 unique boards, 22 SoC families, 19 builds out of 183 > > Boot Regressions Detected: > > arm: > > multi_v7_defconfig: > sun8i-a33-sinlinx-sina33: > lab-free-electrons: new failure (last pass: v4.9.91) > This is an actual crash. > Boot Failure Detected: > > arm: > > multi_v7_defconfig > sun8i-a33-sinlinx-sina33: 1 failed lab > > Offline Platforms: > > arm: > > sunxi_defconfig: > sun5i-r8-chip: 1 offline lab > sun7i-a20-cubietruck: 1 offline lab > > multi_v7_defconfig: > exynos5410-odroidxu: 1 offline lab > exynos5800-peach-pi: 1 offline lab > sun5i-r8-chip: 1 offline lab > sun7i-a20-cubietruck: 1 offline lab > tegra20-iris-512: 1 offline lab > tegra30-beaver: 1 offline lab > > exynos_defconfig: > exynos5410-odroidxu: 1 offline lab > exynos5800-peach-pi: 1 offline lab > > davinci_all_defconfig: > dm365evm,legacy: 1 offline lab > > tegra_defconfig: > tegra20-iris-512: 1 offline lab > tegra30-beaver: 1 offline lab > > arm64: > > defconfig: > meson-gxbb-odroidc2: 1 offline lab > > --- > For more info write to <info(a)kernelci.org>

7 years, 7 months

1
0
0 0

Re: [PATCH 4.4 00/20] 4.4.126-stable review

by Guenter Roeck

On Thu, Mar 29, 2018 at 03:01:19PM -0700, kernelci.org bot wrote: > stable-rc/linux-4.4.y boot: 105 boots: 1 failed, 92 passed with 10 offline, 2 untried/unknown (v4.4.125-21-g290572f02954) > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.… > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.125-21-… > > Tree: stable-rc > Branch: linux-4.4.y > Git Describe: v4.4.125-21-g290572f02954 > Git Commit: 290572f02954767c84991efa816fbfb56c7da9df > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > Tested: 53 unique boards, 20 SoC families, 16 builds out of 177 > > Boot Regressions Detected: > > arm: > > at91_dt_defconfig: > at91sam9261ek: > lab-free-electrons: failing since 6 days (last pass: v4.4.123 - first fail: v4.4.123-97-g3054df73e9af) >From the boot log, this may suffer from the regression I have been talking about. The boot log repeats 13:42:46.064162 genirq: Flags mismatch irq 16. 00040080 (ttyS0) vs. 00040080 (pmc) 13:42:46.071500 atmel_usart fffff200.serial: atmel_startup - Can't get irq forever. Guenter > > Boot Failure Detected: > > arm: > > at91_dt_defconfig > at91sam9261ek: 1 failed lab > > Offline Platforms: > > arm: > > sunxi_defconfig: > sun5i-r8-chip: 1 offline lab > sun7i-a20-cubietruck: 1 offline lab > > multi_v7_defconfig: > exynos5410-odroidxu: 1 offline lab > sun5i-r8-chip: 1 offline lab > sun7i-a20-cubietruck: 1 offline lab > tegra20-iris-512: 1 offline lab > tegra30-beaver: 1 offline lab > > exynos_defconfig: > exynos5410-odroidxu: 1 offline lab > > tegra_defconfig: > tegra20-iris-512: 1 offline lab > tegra30-beaver: 1 offline lab > > --- > For more info write to <info(a)kernelci.org>

7 years, 7 months

1
0
0 0

[PATCH] ext4: limit xattr size to INT_MAX

by Theodore Ts'o

From: Eric Biggers <ebiggers(a)google.com> ext4 isn't validating the sizes of xattrs. This is problematic because ->e_value_size is a u32, but ext4_xattr_get() returns an int. A very large size is misinterpreted as an error code, which ext4_get_acl() translates into a bogus ERR_PTR() for which IS_ERR() returns false, causing a crash. Fix this by validating that all xattrs are <= INT_MAX bytes. Also add explicit checks in ext4_xattr_block_get() and ext4_xattr_ibody_get() just in case the xattr block is corrupted in memory. This issue has been assigned CVE-2018-1095. https://bugzilla.kernel.org/show_bug.cgi?id=199185 https://bugzilla.redhat.com/show_bug.cgi?id=1560793 Reported-by: Wen Xu <wen.xu(a)gatech.edu> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/xattr.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index 63656dbafdc4..fea1108c3bea 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -201,6 +201,9 @@ ext4_xattr_check_entries(struct ext4_xattr_entry *entry, void *end, u32 size = le32_to_cpu(entry->e_value_size); void *value; + if (size > INT_MAX) + return -EFSCORRUPTED; + /* * The value cannot overlap the names, and the value * with padding cannot extend beyond 'end'. Check both @@ -523,8 +526,10 @@ ext4_xattr_block_get(struct inode *inode, int name_index, const char *name, if (error) goto cleanup; size = le32_to_cpu(entry->e_value_size); + error = -ERANGE; + if (unlikely(size > INT_MAX)) + goto cleanup; if (buffer) { - error = -ERANGE; if (size > buffer_size) goto cleanup; if (entry->e_value_inum) { @@ -572,8 +577,10 @@ ext4_xattr_ibody_get(struct inode *inode, int name_index, const char *name, if (error) goto cleanup; size = le32_to_cpu(entry->e_value_size); + error = -ERANGE; + if (unlikely(size > INT_MAX)) + goto cleanup; if (buffer) { - error = -ERANGE; if (size > buffer_size) goto cleanup; if (entry->e_value_inum) { -- 2.16.1.72.g5be1f00a9a

7 years, 7 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror