- Linux-stable-mirror - lists.linaro.org

by Greg KH

I'm announcing the release of the 4.9.221 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-imx/Makefile | 2 arch/x86/kvm/vmx.c | 2 arch/x86/net/bpf_jit_comp.c | 18 +++++++- drivers/char/tpm/tpm_tis_core.c | 8 +++ drivers/crypto/mxs-dcp.c | 4 - drivers/gpu/drm/msm/msm_gem.c | 4 - drivers/hwmon/jc42.c | 2 drivers/iio/adc/xilinx-xadc-core.c | 17 ++++++-- drivers/mtd/chips/cfi_cmdset_0002.c | 6 ++ drivers/net/dsa/b53/b53_regs.h | 4 - drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 2 drivers/net/macsec.c | 12 +++-- drivers/net/macvlan.c | 2 drivers/net/team/team.c | 4 + drivers/pci/pcie/aspm.c | 18 +++++--- drivers/pwm/pwm-bcm2835.c | 1 drivers/pwm/pwm-rcar.c | 10 +++- drivers/pwm/pwm-renesas-tpu.c | 9 +--- drivers/remoteproc/remoteproc_core.c | 2 drivers/s390/cio/device.c | 13 ++++-- drivers/scsi/lpfc/lpfc_sli.c | 2 drivers/scsi/scsi_transport_iscsi.c | 4 + drivers/staging/comedi/comedi_fops.c | 4 + drivers/staging/comedi/drivers/dt2815.c | 3 + drivers/staging/vt6656/int.c | 3 - drivers/staging/vt6656/main_usb.c | 9 ++-- drivers/target/target_core_fabric_lib.c | 2 drivers/tty/hvc/hvc_console.c | 23 ++++++----- drivers/tty/rocket.c | 25 ++++++------ drivers/usb/core/hub.c | 14 ++++++ drivers/usb/core/message.c | 9 +++- drivers/usb/core/quirks.c | 4 + drivers/usb/gadget/function/f_fs.c | 4 + drivers/usb/gadget/udc/bdc/bdc_ep.c | 2 drivers/usb/misc/sisusbvga/sisusb.c | 20 ++++----- drivers/usb/misc/sisusbvga/sisusb_init.h | 14 +++--- drivers/usb/storage/uas.c | 46 +++++++++++++++++++++- drivers/usb/storage/unusual_devs.h | 7 +++ drivers/watchdog/watchdog_dev.c | 1 drivers/xen/xenbus/xenbus_client.c | 9 +++- fs/ceph/caps.c | 8 ++- fs/ceph/export.c | 5 ++ fs/ext4/block_validity.c | 54 ++++++++++++++++++++++++++ fs/ext4/ext4.h | 15 ++++++- fs/ext4/extents.c | 59 +++++++++++++++++------------ fs/ext4/ialloc.c | 2 fs/ext4/inode.c | 48 +++++++++++++++++------ fs/ext4/ioctl.c | 2 fs/ext4/mballoc.c | 6 +- fs/ext4/namei.c | 4 - fs/ext4/resize.c | 5 +- fs/ext4/super.c | 22 +++------- fs/fuse/dev.c | 12 ++++- fs/namespace.c | 2 fs/nfsd/nfs4state.c | 2 fs/pnode.c | 9 +--- fs/proc/vmcore.c | 2 fs/xfs/xfs_reflink.c | 1 include/linux/kvm_host.h | 2 include/linux/overflow.h | 31 +++++++++++++++ include/linux/vmalloc.h | 2 include/net/tcp.h | 2 ipc/util.c | 2 kernel/audit.c | 3 + kernel/events/core.c | 13 ++++-- kernel/gcov/fs.c | 2 mm/vmalloc.c | 16 ++++++- net/ipv4/ip_vti.c | 4 - net/ipv4/raw.c | 4 + net/ipv4/route.c | 3 - net/ipv4/xfrm4_output.c | 2 net/ipv6/ipv6_sockglue.c | 13 ++---- net/ipv6/xfrm6_output.c | 2 net/netrom/nr_route.c | 1 net/x25/x25_dev.c | 4 + sound/pci/hda/hda_intel.c | 1 sound/soc/intel/atom/sst-atom-controls.c | 2 sound/soc/soc-dapm.c | 20 ++++++++- sound/usb/format.c | 52 +++++++++++++++++++++++++ sound/usb/mixer_quirks.c | 12 +++-- sound/usb/usx2y/usbusx2yaudio.c | 2 tools/objtool/check.c | 17 +++++++- tools/objtool/orc_dump.c | 44 +++++++++++++-------- 84 files changed, 638 insertions(+), 223 deletions(-) Ahmad Fatoum (1): ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y Al Viro (1): propagate_one(): mnt_set_mountpoint() needs mount_lock Alan Stern (3): USB: core: Fix free-while-in-use bug in the USB S-Glibrary USB: hub: Fix handling of connect changes during sleep usb-storage: Add unusual_devs entry for JMicron JMS566 Alexander Tsoy (1): ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices Andrew Melnychenko (1): tty: hvc: fix buffer overflow during hvc_alloc(). Arnd Bergmann (1): net: ipv4: avoid unused variable warning for sysctl Bodo Stroesser (1): scsi: target: fix PR IN / READ FULL STATUS for FC Changming Liu (1): USB: sisusbvga: Change port variable from signed to unsigned Clement Leger (1): remoteproc: Fix wrong rvring index computation Colin Ian King (1): ext4: unsigned int compared against zero Cornelia Huck (1): s390/cio: avoid duplicated 'ADD' uevents Darrick J. Wong (1): xfs: fix partially uninitialized structure in xfs_reflink_remap_extent David Ahern (1): xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish Dmitry Monakhov (1): ext4: fix extent_status fragmentation for plain files Eric Dumazet (1): tcp: cache line align MAX_TCP_HEADER Florian Fainelli (2): pwm: bcm2835: Dynamically allocate base net: dsa: b53: Fix ARL register definitions Geert Uytterhoeven (2): pwm: rcar: Fix late Runtime PM enablement pwm: renesas-tpu: Fix late Runtime PM enablement Greg Kroah-Hartman (1): Linux 4.9.221 Gyeongtaek Lee (1): ASoC: dapm: fixup dapm kcontrol widget Hans de Goede (1): ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() Heiner Kallweit (1): PCI/ASPM: Allow re-enabling Clock PM Ian Abbott (1): staging: comedi: dt2815: fix writing hi byte of analog output Ian Rogers (1): perf/core: fix parent pid/tid in task exit events James Smart (1): scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login Jann Horn (1): vmalloc: fix remap_vmalloc_range() bounds checks Jarkko Sakkinen (1): tpm/tpm_tis: Free IRQ if probing fails Jason Gunthorpe (2): overflow.h: Add arithmetic shift helper net/cxgb4: Check the return from t4_query_params properly Jeremy Sowden (1): vti4: removed duplicate log message. Jiri Slaby (1): tty: rocket, avoid OOB access John Haxby (1): ipv6: fix restrict IPV6_ADDRFORM operation Jonathan Cox (1): USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE Josh Poimboeuf (2): objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings objtool: Support Clang non-section symbols in ORC dump Juergen Gross (1): xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status Lars-Peter Clausen (3): iio: xilinx-xadc: Fix ADC-B powerdown iio: xilinx-xadc: Fix clearing interrupt when enabling trigger iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode Liu Jian (1): mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer Luke Nelson (1): bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B Malcolm Priestley (2): staging: vt6656: Fix drivers TBTT timing counter. staging: vt6656: Power save stop wake_up_count wrap around. Miklos Szeredi (1): fuse: fix possibly missed wake-up after abort Nathan Chancellor (1): usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete Nicolai Stange (1): net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg() Oliver Neukum (2): UAS: no use logging any details in case of ENODEV UAS: fix deadlock in error handling and PM flushing work Paul Moore (1): audit: check the length of userspace generated audit records Piotr Krysiuk (1): fs/namespace.c: fix mountpoint reference counter race Qiujun Huang (1): ceph: return ceph_mdsc_do_request() errors from __get_parent() Ritesh Harjani (1): ext4: check for non-zero journal inum in ext4_calculate_overhead Rob Clark (1): drm/msm: Use the correct dma_sync calls harder Sascha Hauer (1): hwmon: (jc42) Fix name to have no illegal characters Sean Christopherson (1): KVM: Check validity of resolved slot when searching memslots Taehee Yoo (3): macsec: avoid to set wrong mtu macvlan: fix null dereference in macvlan_device_event() team: fix hang in team_mode_get() Takashi Iwai (2): ALSA: hda: Remove ASUS ROG Zenith from the blacklist ALSA: usx2y: Fix potential NULL dereference Tero Kristo (1): watchdog: reset last_hw_keepalive time at start Theodore Ts'o (5): ext4: convert BUG_ON's to WARN_ON's in mballoc.c ext4: avoid declaring fs inconsistent due to invalid file handles ext4: protect journal inode's blocks using block_validity ext4: don't perform block validity checks on the journal inode ext4: fix block validity checks for journal inodes using indirect blocks Udipto Goswami (1): usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() Uros Bizjak (1): KVM: VMX: Enable machine check support for 32bit targets Vasily Averin (3): kernel/gcov/fs.c: gcov_seq_next() should increase position index ipc/util.c: sysvipc_find_ipc() should increase position index nfsd: memory corruption in nfsd4_lock() Wei Yongjun (1): crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static Wu Bo (1): scsi: iscsi: Report unbind session event when the target has been removed Xiyu Yang (4): net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node net/x25: Fix x25_neigh refcnt leak when receiving frame ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif staging: comedi: Fix comedi_device refcnt leak in comedi_open Yan, Zheng (1): ceph: don't skip updating wanted caps when cap is stale

5 years, 7 months

1
1
0 0

Linux 4.4.221

by Greg KH

I'm announcing the release of the 4.4.221 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-imx/Makefile | 2 arch/x86/kvm/vmx.c | 2 arch/x86/net/bpf_jit_comp.c | 18 +++++++- drivers/crypto/mxs-dcp.c | 4 - drivers/iio/adc/xilinx-xadc-core.c | 17 ++++++-- drivers/mtd/chips/cfi_cmdset_0002.c | 6 ++ drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 2 drivers/net/macvlan.c | 2 drivers/net/team/team.c | 4 + drivers/pwm/pwm-bcm2835.c | 1 drivers/pwm/pwm-rcar.c | 10 +++- drivers/pwm/pwm-renesas-tpu.c | 9 +--- drivers/remoteproc/remoteproc_core.c | 2 drivers/s390/cio/device.c | 13 ++++-- drivers/scsi/lpfc/lpfc_sli.c | 2 drivers/scsi/scsi_transport_iscsi.c | 4 + drivers/staging/comedi/comedi_fops.c | 4 + drivers/staging/comedi/drivers/dt2815.c | 3 + drivers/staging/vt6656/int.c | 3 - drivers/staging/vt6656/main_usb.c | 9 ++-- drivers/target/target_core_fabric_lib.c | 2 drivers/tty/hvc/hvc_console.c | 23 ++++++----- drivers/tty/rocket.c | 25 ++++++------ drivers/usb/core/hub.c | 14 ++++++ drivers/usb/core/message.c | 53 +++++++++++++------------- drivers/usb/core/quirks.c | 4 + drivers/usb/gadget/function/f_fs.c | 4 + drivers/usb/gadget/udc/bdc/bdc_ep.c | 2 drivers/usb/misc/sisusbvga/sisusb.c | 20 ++++----- drivers/usb/misc/sisusbvga/sisusb_init.h | 14 +++--- drivers/usb/storage/uas.c | 46 +++++++++++++++++++++- drivers/usb/storage/unusual_devs.h | 7 +++ drivers/xen/xenbus/xenbus_client.c | 9 +++- fs/ceph/caps.c | 8 ++- fs/ceph/export.c | 5 ++ fs/ext4/block_validity.c | 54 ++++++++++++++++++++++++++ fs/ext4/ext4.h | 15 ++++++- fs/ext4/extents.c | 59 +++++++++++++++++------------ fs/ext4/ialloc.c | 2 fs/ext4/inode.c | 48 +++++++++++++++++------ fs/ext4/ioctl.c | 2 fs/ext4/mballoc.c | 6 +- fs/ext4/namei.c | 4 - fs/ext4/resize.c | 5 +- fs/ext4/super.c | 28 ++++--------- fs/fuse/dev.c | 12 ++++- fs/namespace.c | 2 fs/pnode.c | 9 +--- include/linux/kvm_host.h | 2 include/net/tcp.h | 2 ipc/util.c | 2 kernel/audit.c | 3 + kernel/events/core.c | 13 ++++-- kernel/gcov/fs.c | 2 net/ipv4/ip_vti.c | 4 - net/ipv4/raw.c | 4 + net/ipv4/route.c | 3 - net/ipv4/xfrm4_output.c | 2 net/ipv6/ipv6_sockglue.c | 13 ++---- net/ipv6/xfrm6_output.c | 2 net/netrom/nr_route.c | 1 net/sctp/socket.c | 6 +- net/x25/x25_dev.c | 4 + sound/pci/hda/hda_intel.c | 1 sound/pci/hda/patch_realtek.c | 2 sound/soc/intel/atom/sst-atom-controls.c | 2 sound/soc/soc-dapm.c | 20 ++++++++- sound/usb/format.c | 52 +++++++++++++++++++++++++ sound/usb/mixer_quirks.c | 12 +++-- sound/usb/usx2y/usbusx2yaudio.c | 2 71 files changed, 542 insertions(+), 213 deletions(-) Ahmad Fatoum (1): ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y Al Viro (1): propagate_one(): mnt_set_mountpoint() needs mount_lock Alan Stern (3): USB: core: Fix free-while-in-use bug in the USB S-Glibrary USB: hub: Fix handling of connect changes during sleep usb-storage: Add unusual_devs entry for JMicron JMS566 Alexander Tsoy (1): ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices Andrew Melnychenko (1): tty: hvc: fix buffer overflow during hvc_alloc(). Arnd Bergmann (1): net: ipv4: avoid unused variable warning for sysctl Bodo Stroesser (1): scsi: target: fix PR IN / READ FULL STATUS for FC Changming Liu (1): USB: sisusbvga: Change port variable from signed to unsigned Clement Leger (1): remoteproc: Fix wrong rvring index computation Colin Ian King (1): ext4: unsigned int compared against zero Cornelia Huck (1): s390/cio: avoid duplicated 'ADD' uevents David Ahern (1): xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish David Mosberger (2): drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit. drivers: usb: core: Minimize irq disabling in usb_sg_cancel() Dmitry Monakhov (1): ext4: fix extent_status fragmentation for plain files Eric Dumazet (1): tcp: cache line align MAX_TCP_HEADER Florian Fainelli (1): pwm: bcm2835: Dynamically allocate base Geert Uytterhoeven (2): pwm: rcar: Fix late Runtime PM enablement pwm: renesas-tpu: Fix late Runtime PM enablement Greg Kroah-Hartman (1): Linux 4.4.221 Gyeongtaek Lee (1): ASoC: dapm: fixup dapm kcontrol widget Hans de Goede (1): ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() Ian Abbott (1): staging: comedi: dt2815: fix writing hi byte of analog output Ian Rogers (1): perf/core: fix parent pid/tid in task exit events James Smart (1): scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login Jason Gunthorpe (1): net/cxgb4: Check the return from t4_query_params properly Jeremy Sowden (1): vti4: removed duplicate log message. Jiri Slaby (1): tty: rocket, avoid OOB access John Haxby (1): ipv6: fix restrict IPV6_ADDRFORM operation Jonathan Cox (1): USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE Juergen Gross (1): xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status Lars-Peter Clausen (3): iio: xilinx-xadc: Fix ADC-B powerdown iio: xilinx-xadc: Fix clearing interrupt when enabling trigger iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode Liu Jian (1): mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer Luke Nelson (1): bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B Malcolm Priestley (2): staging: vt6656: Fix drivers TBTT timing counter. staging: vt6656: Power save stop wake_up_count wrap around. Miklos Szeredi (1): fuse: fix possibly missed wake-up after abort Nathan Chancellor (1): usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete Nicolai Stange (1): net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg() Oliver Neukum (2): UAS: no use logging any details in case of ENODEV UAS: fix deadlock in error handling and PM flushing work Paul Moore (1): audit: check the length of userspace generated audit records Piotr Krysiuk (1): fs/namespace.c: fix mountpoint reference counter race Qiujun Huang (1): ceph: return ceph_mdsc_do_request() errors from __get_parent() Sean Christopherson (1): KVM: Check validity of resolved slot when searching memslots Taehee Yoo (2): macvlan: fix null dereference in macvlan_device_event() team: fix hang in team_mode_get() Takashi Iwai (3): ALSA: hda - Fix incorrect usage of IS_REACHABLE() ALSA: hda: Remove ASUS ROG Zenith from the blacklist ALSA: usx2y: Fix potential NULL dereference Theodore Ts'o (5): ext4: convert BUG_ON's to WARN_ON's in mballoc.c ext4: avoid declaring fs inconsistent due to invalid file handles ext4: protect journal inode's blocks using block_validity ext4: don't perform block validity checks on the journal inode ext4: fix block validity checks for journal inodes using indirect blocks Udipto Goswami (1): usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() Uros Bizjak (1): KVM: VMX: Enable machine check support for 32bit targets Vasily Averin (2): kernel/gcov/fs.c: gcov_seq_next() should increase position index ipc/util.c: sysvipc_find_ipc() should increase position index Wei Yongjun (1): crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static Wu Bo (1): scsi: iscsi: Report unbind session event when the target has been removed Xin Long (1): sctp: use right member as the param of list_for_each_entry Xiyu Yang (4): net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node net/x25: Fix x25_neigh refcnt leak when receiving frame ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif staging: comedi: Fix comedi_device refcnt leak in comedi_open Yan, Zheng (1): ceph: don't skip updating wanted caps when cap is stale

5 years, 7 months

1
1
0 0

[PATCH] drm: ingenic-drm: add MODULE_DEVICE_TABLE

by H. Nikolaus Schaller

so that the driver can load by matching the device tree if compiled as module. Cc: stable(a)vger.kernel.org # v5.3+ Fixes: 90b86fcc47b4 ("DRM: Add KMS driver for the Ingenic JZ47xx SoCs") Signed-off-by: H. Nikolaus Schaller <hns(a)goldelico.com> --- drivers/gpu/drm/ingenic/ingenic-drm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/ingenic/ingenic-drm.c b/drivers/gpu/drm/ingenic/ingenic-drm.c index 9dfe7cb530e11..1754c05470690 100644 --- a/drivers/gpu/drm/ingenic/ingenic-drm.c +++ b/drivers/gpu/drm/ingenic/ingenic-drm.c @@ -843,6 +843,7 @@ static const struct of_device_id ingenic_drm_of_match[] = { { .compatible = "ingenic,jz4770-lcd", .data = &jz4770_soc_info }, { /* sentinel */ }, }; +MODULE_DEVICE_TABLE(of, ingenic_drm_of_match); static struct platform_driver ingenic_drm_driver = { .driver = { -- 2.26.2

5 years, 7 months

2
1
0 0

[Patch include request] ARM: dts: imx6qdl-sr-som-ti: indicate powering off wifi is safe

by Miguel Borges de Freitas

Dear all, This is a request to backport b7dc7205b2ae6b6c9d9cfc3e47d6f08da8647b10 (Arm: dts: imx6qdl-sr-som-ti: indicate powering off wifi is safe), already in Linus tree (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/a…) to LTS kernel 5.4 and to stable 5.6.8. Reasoning: Changes to the wlcore driver during Kernel 5.x development, made the Cubox-i with the IMX SOM v1.5 (which includes.a TI Wilink 8 wifi chipset) not power the wireless interface on boot leaving it completely unusable. This happens since at least kernel 5.3 (older one I tested) and affects the current stable and LTS latest kernels. The linked commit, already in linux mainline, restores the wifi functionality. Thanks in advance, Miguel B Freitas

5 years, 7 months

3
2
0 0

FAILED: patch "[PATCH] selinux: properly handle multiple messages in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From fb73974172ffaaf57a7c42f35424d9aece1a5af6 Mon Sep 17 00:00:00 2001 From: Paul Moore <paul(a)paul-moore.com> Date: Tue, 28 Apr 2020 09:59:02 -0400 Subject: [PATCH] selinux: properly handle multiple messages in selinux_netlink_send() Fix the SELinux netlink_send hook to properly handle multiple netlink messages in a single sk_buff; each message is parsed and subject to SELinux access control. Prior to this patch, SELinux only inspected the first message in the sk_buff. Cc: stable(a)vger.kernel.org Reported-by: Dmitry Vyukov <dvyukov(a)google.com> Reviewed-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b8e09aedbc56..487d4df0e37c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5842,40 +5842,60 @@ static unsigned int selinux_ipv6_postroute(void *priv, static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) { - int err = 0; - u32 perm; + int rc = 0; + unsigned int msg_len; + unsigned int data_len = skb->len; + unsigned char *data = skb->data; struct nlmsghdr *nlh; struct sk_security_struct *sksec = sk->sk_security; + u16 sclass = sksec->sclass; + u32 perm; - if (skb->len < NLMSG_HDRLEN) { - err = -EINVAL; - goto out; - } - nlh = nlmsg_hdr(skb); + while (data_len >= nlmsg_total_size(0)) { + nlh = (struct nlmsghdr *)data; + + /* NOTE: the nlmsg_len field isn't reliably set by some netlink + * users which means we can't reject skb's with bogus + * length fields; our solution is to follow what + * netlink_rcv_skb() does and simply skip processing at + * messages with length fields that are clearly junk + */ + if (nlh->nlmsg_len < NLMSG_HDRLEN || nlh->nlmsg_len > data_len) + return 0; - err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm); - if (err) { - if (err == -EINVAL) { + rc = selinux_nlmsg_lookup(sclass, nlh->nlmsg_type, &perm); + if (rc == 0) { + rc = sock_has_perm(sk, perm); + if (rc) + return rc; + } else if (rc == -EINVAL) { + /* -EINVAL is a missing msg/perm mapping */ pr_warn_ratelimited("SELinux: unrecognized netlink" - " message: protocol=%hu nlmsg_type=%hu sclass=%s" - " pid=%d comm=%s\n", - sk->sk_protocol, nlh->nlmsg_type, - secclass_map[sksec->sclass - 1].name, - task_pid_nr(current), current->comm); - if (!enforcing_enabled(&selinux_state) || - security_get_allow_unknown(&selinux_state)) - err = 0; + " message: protocol=%hu nlmsg_type=%hu sclass=%s" + " pid=%d comm=%s\n", + sk->sk_protocol, nlh->nlmsg_type, + secclass_map[sclass - 1].name, + task_pid_nr(current), current->comm); + if (enforcing_enabled(&selinux_state) && + !security_get_allow_unknown(&selinux_state)) + return rc; + rc = 0; + } else if (rc == -ENOENT) { + /* -ENOENT is a missing socket/class mapping, ignore */ + rc = 0; + } else { + return rc; } - /* Ignore */ - if (err == -ENOENT) - err = 0; - goto out; + /* move to the next message after applying netlink padding */ + msg_len = NLMSG_ALIGN(nlh->nlmsg_len); + if (msg_len >= data_len) + return 0; + data_len -= msg_len; + data += msg_len; } - err = sock_has_perm(sk, perm); -out: - return err; + return rc; } static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)

5 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] selinux: properly handle multiple messages in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From fb73974172ffaaf57a7c42f35424d9aece1a5af6 Mon Sep 17 00:00:00 2001 From: Paul Moore <paul(a)paul-moore.com> Date: Tue, 28 Apr 2020 09:59:02 -0400 Subject: [PATCH] selinux: properly handle multiple messages in selinux_netlink_send() Fix the SELinux netlink_send hook to properly handle multiple netlink messages in a single sk_buff; each message is parsed and subject to SELinux access control. Prior to this patch, SELinux only inspected the first message in the sk_buff. Cc: stable(a)vger.kernel.org Reported-by: Dmitry Vyukov <dvyukov(a)google.com> Reviewed-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b8e09aedbc56..487d4df0e37c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5842,40 +5842,60 @@ static unsigned int selinux_ipv6_postroute(void *priv, static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) { - int err = 0; - u32 perm; + int rc = 0; + unsigned int msg_len; + unsigned int data_len = skb->len; + unsigned char *data = skb->data; struct nlmsghdr *nlh; struct sk_security_struct *sksec = sk->sk_security; + u16 sclass = sksec->sclass; + u32 perm; - if (skb->len < NLMSG_HDRLEN) { - err = -EINVAL; - goto out; - } - nlh = nlmsg_hdr(skb); + while (data_len >= nlmsg_total_size(0)) { + nlh = (struct nlmsghdr *)data; + + /* NOTE: the nlmsg_len field isn't reliably set by some netlink + * users which means we can't reject skb's with bogus + * length fields; our solution is to follow what + * netlink_rcv_skb() does and simply skip processing at + * messages with length fields that are clearly junk + */ + if (nlh->nlmsg_len < NLMSG_HDRLEN || nlh->nlmsg_len > data_len) + return 0; - err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm); - if (err) { - if (err == -EINVAL) { + rc = selinux_nlmsg_lookup(sclass, nlh->nlmsg_type, &perm); + if (rc == 0) { + rc = sock_has_perm(sk, perm); + if (rc) + return rc; + } else if (rc == -EINVAL) { + /* -EINVAL is a missing msg/perm mapping */ pr_warn_ratelimited("SELinux: unrecognized netlink" - " message: protocol=%hu nlmsg_type=%hu sclass=%s" - " pid=%d comm=%s\n", - sk->sk_protocol, nlh->nlmsg_type, - secclass_map[sksec->sclass - 1].name, - task_pid_nr(current), current->comm); - if (!enforcing_enabled(&selinux_state) || - security_get_allow_unknown(&selinux_state)) - err = 0; + " message: protocol=%hu nlmsg_type=%hu sclass=%s" + " pid=%d comm=%s\n", + sk->sk_protocol, nlh->nlmsg_type, + secclass_map[sclass - 1].name, + task_pid_nr(current), current->comm); + if (enforcing_enabled(&selinux_state) && + !security_get_allow_unknown(&selinux_state)) + return rc; + rc = 0; + } else if (rc == -ENOENT) { + /* -ENOENT is a missing socket/class mapping, ignore */ + rc = 0; + } else { + return rc; } - /* Ignore */ - if (err == -ENOENT) - err = 0; - goto out; + /* move to the next message after applying netlink padding */ + msg_len = NLMSG_ALIGN(nlh->nlmsg_len); + if (msg_len >= data_len) + return 0; + data_len -= msg_len; + data += msg_len; } - err = sock_has_perm(sk, perm); -out: - return err; + return rc; } static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)

5 years, 7 months

1
0
0 0

patch "Revert "tty: serial: bcm63xx: fix missing clk_put() in bcm63xx_uart"" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "tty: serial: bcm63xx: fix missing clk_put() in bcm63xx_uart" to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 092a9f59bc05904d4555fa012db12e768734ba1a Mon Sep 17 00:00:00 2001 From: Florian Fainelli <f.fainelli(a)gmail.com> Date: Thu, 30 Apr 2020 18:39:04 -0700 Subject: Revert "tty: serial: bcm63xx: fix missing clk_put() in bcm63xx_uart" This reverts commit 580d952e44de5509c69c8f9346180ecaa78ebeec ("tty: serial: bcm63xx: fix missing clk_put() in bcm63xx_uart") because we should not be doing a clk_put() if we were not successful in getting a valid clock reference via clk_get() in the first place. Fixes: 580d952e44de ("tty: serial: bcm63xx: fix missing clk_put() in bcm63xx_uart") Signed-off-by: Florian Fainelli <f.fainelli(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20200501013904.1394-1-f.fainelli@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/bcm63xx_uart.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/tty/serial/bcm63xx_uart.c b/drivers/tty/serial/bcm63xx_uart.c index ed0aa5c0d9b7..5674da2b76f0 100644 --- a/drivers/tty/serial/bcm63xx_uart.c +++ b/drivers/tty/serial/bcm63xx_uart.c @@ -843,10 +843,8 @@ static int bcm_uart_probe(struct platform_device *pdev) if (IS_ERR(clk) && pdev->dev.of_node) clk = of_clk_get(pdev->dev.of_node, 0); - if (IS_ERR(clk)) { - clk_put(clk); + if (IS_ERR(clk)) return -ENODEV; - } port->iotype = UPIO_MEM; port->irq = res_irq->start; -- 2.26.2

5 years, 7 months

1
0
0 0

patch "vt: fix unicode console freeing with a common interface" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vt: fix unicode console freeing with a common interface to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 57d38f26d81e4275748b69372f31df545dcd9b71 Mon Sep 17 00:00:00 2001 From: Nicolas Pitre <nico(a)fluxnic.net> Date: Sat, 2 May 2020 11:01:07 -0400 Subject: vt: fix unicode console freeing with a common interface By directly using kfree() in different places we risk missing one if it is switched to using vfree(), especially if the corresponding vmalloc() is hidden away within a common abstraction. Oh wait, that's exactly what happened here. So let's fix this by creating a common abstraction for the free case as well. Signed-off-by: Nicolas Pitre <nico(a)fluxnic.net> Reported-by: syzbot+0bfda3ade1ee9288a1be(a)syzkaller.appspotmail.com Fixes: 9a98e7a80f95 ("vt: don't use kmalloc() for the unicode screen buffer") Cc: <stable(a)vger.kernel.org> Reviewed-by: Sam Ravnborg <sam(a)ravnborg.org> Link: https://lore.kernel.org/r/nycvar.YSQ.7.76.2005021043110.2671@knanqh.ubzr Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/vt/vt.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index e5ffed795e4c..48a8199f7845 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -365,9 +365,14 @@ static struct uni_screen *vc_uniscr_alloc(unsigned int cols, unsigned int rows) return uniscr; } +static void vc_uniscr_free(struct uni_screen *uniscr) +{ + vfree(uniscr); +} + static void vc_uniscr_set(struct vc_data *vc, struct uni_screen *new_uniscr) { - vfree(vc->vc_uni_screen); + vc_uniscr_free(vc->vc_uni_screen); vc->vc_uni_screen = new_uniscr; } @@ -1230,7 +1235,7 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc, err = resize_screen(vc, new_cols, new_rows, user); if (err) { kfree(newscreen); - kfree(new_uniscr); + vc_uniscr_free(new_uniscr); return err; } -- 2.26.2

5 years, 7 months

1
0
0 0

[PATCH] epoll: ensure ep_poll() doesn't miss wakeup events

by Jason Baron

Now that the ep_events_available() check is done in a lockless way, and we no longer perform wakeups from ep_scan_ready_list(), we need to ensure that either ep->rdllist has items or the overflow list is active. Prior to: commit 339ddb53d373 ("fs/epoll: remove unnecessary wakeups of nested epoll"), we did wake_up(&ep->wq) after manipulating the ep->rdllist and the overflow list. Thus, any waiters would observe the correct state. However, with that wake_up() now removed we need to be more careful to ensure that condition. Here's an example of what could go wrong: We have epoll fds: epfd1, epfd2. And epfd1 is added to epfd2 and epfd2 is added to a socket: epfd1->epfd2->socket. Thread a is doing epoll_wait() on epfd1, and thread b is doing epoll_wait on epfd2. Then: 1) data comes in on socket ep_poll_callback() wakes up threads a and b 2) thread a runs ep_poll() ep_scan_ready_list() ep_send_events_proc() ep_item_poll() ep_scan_ready_list() list_splice_init(&ep->rdllist, &txlist); 3) now thread b is running ep_poll() ep_events_available() returns false schedule_hrtimeout_range() Thus, thread b has now scheduled and missed the wakeup. Fixes: 339ddb53d373 ("fs/epoll: remove unnecessary wakeups of nested epoll") Signed-off-by: Jason Baron <jbaron(a)akamai.com> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Heiher <r(a)hev.cc> Cc: Roman Penyaev <rpenyaev(a)suse.de> Cc: Khazhismel Kumykov <khazhy(a)google.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Davidlohr Bueso <dbueso(a)suse.de> Cc: <stable(a)vger.kernel.org> --- fs/eventpoll.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/fs/eventpoll.c b/fs/eventpoll.c index aba03ee749f8..4af2d020f548 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -704,8 +704,14 @@ static __poll_t ep_scan_ready_list(struct eventpoll *ep, * in a lockless way. */ write_lock_irq(&ep->lock); - list_splice_init(&ep->rdllist, &txlist); WRITE_ONCE(ep->ovflist, NULL); + /* + * In ep_poll() we use ep_events_available() in a lockless way to decide + * if events are available. So we need to preserve that either + * ep->oflist != EP_UNACTIVE_PTR or there are events on the ep->rdllist. + */ + smp_wmb(); + list_splice_init(&ep->rdllist, &txlist); write_unlock_irq(&ep->lock); /* @@ -737,16 +743,21 @@ static __poll_t ep_scan_ready_list(struct eventpoll *ep, } } /* + * Quickly re-inject items left on "txlist". + */ + list_splice(&txlist, &ep->rdllist); + /* + * In ep_poll() we use ep_events_available() in a lockless way to decide + * if events are available. So we need to preserve that either + * ep->oflist != EP_UNACTIVE_PTR or there are events on the ep->rdllist. + */ + smp_wmb(); + /* * We need to set back ep->ovflist to EP_UNACTIVE_PTR, so that after * releasing the lock, events will be queued in the normal way inside * ep->rdllist. */ WRITE_ONCE(ep->ovflist, EP_UNACTIVE_PTR); - - /* - * Quickly re-inject items left on "txlist". - */ - list_splice(&txlist, &ep->rdllist); __pm_relax(ep->ws); write_unlock_irq(&ep->lock); -- 2.7.4

5 years, 7 months

3
7
0 0

FAILED: patch "[PATCH] NFSv4.1: fix handling of backchannel binding in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From dff58530c4ca8ce7ee5a74db431c6e35362cf682 Mon Sep 17 00:00:00 2001 From: Olga Kornievskaia <olga.kornievskaia(a)gmail.com> Date: Fri, 24 Apr 2020 17:45:50 -0400 Subject: [PATCH] NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION Currently, if the client sends BIND_CONN_TO_SESSION with NFS4_CDFC4_FORE_OR_BOTH but only gets NFS4_CDFS4_FORE back it ignores that it wasn't able to enable a backchannel. To make sure, the client sends BIND_CONN_TO_SESSION as the first operation on the connections (ie., no other session compounds haven't been sent before), and if the client's request to bind the backchannel is not satisfied, then reset the connection and retry. Cc: stable(a)vger.kernel.org Signed-off-by: Olga Kornievskaia <kolga(a)netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com> diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 1c710a7834c2..a0c1e653a935 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -7891,6 +7891,7 @@ static void nfs4_bind_one_conn_to_session_done(struct rpc_task *task, void *calldata) { struct nfs41_bind_conn_to_session_args *args = task->tk_msg.rpc_argp; + struct nfs41_bind_conn_to_session_res *res = task->tk_msg.rpc_resp; struct nfs_client *clp = args->client; switch (task->tk_status) { @@ -7899,6 +7900,12 @@ nfs4_bind_one_conn_to_session_done(struct rpc_task *task, void *calldata) nfs4_schedule_session_recovery(clp->cl_session, task->tk_status); } + if (args->dir == NFS4_CDFC4_FORE_OR_BOTH && + res->dir != NFS4_CDFS4_BOTH) { + rpc_task_close_connection(task); + if (args->retries++ < MAX_BIND_CONN_TO_SESSION_RETRIES) + rpc_restart_call(task); + } } static const struct rpc_call_ops nfs4_bind_one_conn_to_session_ops = { @@ -7921,6 +7928,7 @@ int nfs4_proc_bind_one_conn_to_session(struct rpc_clnt *clnt, struct nfs41_bind_conn_to_session_args args = { .client = clp, .dir = NFS4_CDFC4_FORE_OR_BOTH, + .retries = 0, }; struct nfs41_bind_conn_to_session_res res; struct rpc_message msg = { diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h index 440230488025..e5f3e7d8d3d5 100644 --- a/include/linux/nfs_xdr.h +++ b/include/linux/nfs_xdr.h @@ -1317,11 +1317,13 @@ struct nfs41_impl_id { struct nfstime4 date; }; +#define MAX_BIND_CONN_TO_SESSION_RETRIES 3 struct nfs41_bind_conn_to_session_args { struct nfs_client *client; struct nfs4_sessionid sessionid; u32 dir; bool use_conn_in_rdma_mode; + int retries; }; struct nfs41_bind_conn_to_session_res { diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h index 7bd124e06b36..02e7a5863d28 100644 --- a/include/linux/sunrpc/clnt.h +++ b/include/linux/sunrpc/clnt.h @@ -242,4 +242,9 @@ static inline int rpc_reply_expected(struct rpc_task *task) (task->tk_msg.rpc_proc->p_decode != NULL); } +static inline void rpc_task_close_connection(struct rpc_task *task) +{ + if (task->tk_xprt) + xprt_force_disconnect(task->tk_xprt); +} #endif /* _LINUX_SUNRPC_CLNT_H */

5 years, 7 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror