December 2017 - Linux-stable-mirror

[Linux-stable-mirror] Patch "md: free unused memory after bitmap resize" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled md: free unused memory after bitmap resize to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: md-free-unused-memory-after-bitmap-resize.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Zdenek Kabelac <zkabelac(a)redhat.com> Date: Wed, 8 Nov 2017 13:44:56 +0100 Subject: md: free unused memory after bitmap resize From: Zdenek Kabelac <zkabelac(a)redhat.com> [ Upstream commit 0868b99c214a3d55486c700de7c3f770b7243e7c ] When bitmap is resized, the old kalloced chunks just are not released once the resized bitmap starts to use new space. This fixes in particular kmemleak reports like this one: unreferenced object 0xffff8f4311e9c000 (size 4096): comm "lvm", pid 19333, jiffies 4295263268 (age 528.265s) hex dump (first 32 bytes): 02 80 02 80 02 80 02 80 02 80 02 80 02 80 02 80 ................ 02 80 02 80 02 80 02 80 02 80 02 80 02 80 02 80 ................ backtrace: [<ffffffffa69471ca>] kmemleak_alloc+0x4a/0xa0 [<ffffffffa628c10e>] kmem_cache_alloc_trace+0x14e/0x2e0 [<ffffffffa676cfec>] bitmap_checkpage+0x7c/0x110 [<ffffffffa676d0c5>] bitmap_get_counter+0x45/0xd0 [<ffffffffa676d6b3>] bitmap_set_memory_bits+0x43/0xe0 [<ffffffffa676e41c>] bitmap_init_from_disk+0x23c/0x530 [<ffffffffa676f1ae>] bitmap_load+0xbe/0x160 [<ffffffffc04c47d3>] raid_preresume+0x203/0x2f0 [dm_raid] [<ffffffffa677762f>] dm_table_resume_targets+0x4f/0xe0 [<ffffffffa6774b52>] dm_resume+0x122/0x140 [<ffffffffa6779b9f>] dev_suspend+0x18f/0x290 [<ffffffffa677a3a7>] ctl_ioctl+0x287/0x560 [<ffffffffa677a693>] dm_ctl_ioctl+0x13/0x20 [<ffffffffa62d6b46>] do_vfs_ioctl+0xa6/0x750 [<ffffffffa62d7269>] SyS_ioctl+0x79/0x90 [<ffffffffa6956d41>] entry_SYSCALL_64_fastpath+0x1f/0xc2 Signed-off-by: Zdenek Kabelac <zkabelac(a)redhat.com> Signed-off-by: Shaohua Li <shli(a)fb.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/md/bitmap.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/drivers/md/bitmap.c +++ b/drivers/md/bitmap.c @@ -2084,6 +2084,7 @@ int bitmap_resize(struct bitmap *bitmap, for (k = 0; k < page; k++) { kfree(new_bp[k].map); } + kfree(new_bp); /* restore some fields from old_counts */ bitmap->counts.bp = old_counts.bp; @@ -2134,6 +2135,14 @@ int bitmap_resize(struct bitmap *bitmap, block += old_blocks; } + if (bitmap->counts.bp != old_counts.bp) { + unsigned long k; + for (k = 0; k < old_counts.pages; k++) + if (!old_counts.bp[k].hijacked) + kfree(old_counts.bp[k].map); + kfree(old_counts.bp); + } + if (!init) { int i; while (block < (chunks << chunkshift)) { Patches currently in stable-queue which might be from zkabelac(a)redhat.com are queue-4.9/md-free-unused-memory-after-bitmap-resize.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "kbuild: do not call cc-option before KBUILD_CFLAGS initialization" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled kbuild: do not call cc-option before KBUILD_CFLAGS initialization to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kbuild-do-not-call-cc-option-before-kbuild_cflags-initialization.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Masahiro Yamada <yamada.masahiro(a)socionext.com> Date: Thu, 12 Oct 2017 18:22:25 +0900 Subject: kbuild: do not call cc-option before KBUILD_CFLAGS initialization From: Masahiro Yamada <yamada.masahiro(a)socionext.com> [ Upstream commit 433dc2ebe7d17dd21cba7ad5c362d37323592236 ] Some $(call cc-option,...) are invoked very early, even before KBUILD_CFLAGS, etc. are initialized. The returned string from $(call cc-option,...) depends on KBUILD_CPPFLAGS, KBUILD_CFLAGS, and GCC_PLUGINS_CFLAGS. Since they are exported, they are not empty when the top Makefile is recursively invoked. The recursion occurs in several places. For example, the top Makefile invokes itself for silentoldconfig. "make tinyconfig", "make rpm-pkg" are the cases, too. In those cases, the second call of cc-option from the same line runs a different shell command due to non-pristine KBUILD_CFLAGS. To get the same result all the time, KBUILD_* and GCC_PLUGINS_CFLAGS must be initialized before any call of cc-option. This avoids garbage data in the .cache.mk file. Move all calls of cc-option below the config targets because target compiler flags are unnecessary for Kconfig. Signed-off-by: Masahiro Yamada <yamada.masahiro(a)socionext.com> Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Makefile | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) --- a/Makefile +++ b/Makefile @@ -370,9 +370,6 @@ LDFLAGS_MODULE = CFLAGS_KERNEL = AFLAGS_KERNEL = LDFLAGS_vmlinux = -CFLAGS_GCOV := -fprofile-arcs -ftest-coverage -fno-tree-loop-im $(call cc-disable-warning,maybe-uninitialized,) -CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,) - # Use USERINCLUDE when you must reference the UAPI directories only. USERINCLUDE := \ @@ -393,21 +390,19 @@ LINUXINCLUDE := \ LINUXINCLUDE += $(filter-out $(LINUXINCLUDE),$(USERINCLUDE)) -KBUILD_CPPFLAGS := -D__KERNEL__ - +KBUILD_AFLAGS := -D__ASSEMBLY__ KBUILD_CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \ -fno-strict-aliasing -fno-common \ -Werror-implicit-function-declaration \ -Wno-format-security \ - -std=gnu89 $(call cc-option,-fno-PIE) - - + -std=gnu89 +KBUILD_CPPFLAGS := -D__KERNEL__ KBUILD_AFLAGS_KERNEL := KBUILD_CFLAGS_KERNEL := -KBUILD_AFLAGS := -D__ASSEMBLY__ $(call cc-option,-fno-PIE) KBUILD_AFLAGS_MODULE := -DMODULE KBUILD_CFLAGS_MODULE := -DMODULE KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds +GCC_PLUGINS_CFLAGS := # Read KERNELRELEASE from include/config/kernel.release (if it exists) KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null) @@ -420,7 +415,7 @@ export MAKE AWK GENKSYMS INSTALLKERNEL P export HOSTCXX HOSTCXXFLAGS LDFLAGS_MODULE CHECK CHECKFLAGS export KBUILD_CPPFLAGS NOSTDINC_FLAGS LINUXINCLUDE OBJCOPYFLAGS LDFLAGS -export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_GCOV CFLAGS_KCOV CFLAGS_KASAN CFLAGS_UBSAN +export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_KASAN CFLAGS_UBSAN export KBUILD_AFLAGS AFLAGS_KERNEL AFLAGS_MODULE export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL @@ -620,6 +615,12 @@ endif # Defaults to vmlinux, but the arch makefile usually adds further targets all: vmlinux +KBUILD_CFLAGS += $(call cc-option,-fno-PIE) +KBUILD_AFLAGS += $(call cc-option,-fno-PIE) +CFLAGS_GCOV := -fprofile-arcs -ftest-coverage -fno-tree-loop-im $(call cc-disable-warning,maybe-uninitialized,) +CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,) +export CFLAGS_GCOV CFLAGS_KCOV + # The arch Makefile can set ARCH_{CPP,A,C}FLAGS to override the default # values of the respective KBUILD_* variables ARCH_CPPFLAGS := Patches currently in stable-queue which might be from yamada.masahiro(a)socionext.com are queue-4.9/kbuild-do-not-call-cc-option-before-kbuild_cflags-initialization.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "ipvlan: fix ipv6 outbound device" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipvlan: fix ipv6 outbound device to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipvlan-fix-ipv6-outbound-device.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Keefe Liu <liuqifa(a)huawei.com> Date: Thu, 9 Nov 2017 20:09:31 +0800 Subject: ipvlan: fix ipv6 outbound device From: Keefe Liu <liuqifa(a)huawei.com> [ Upstream commit ca29fd7cce5a6444d57fb86517589a1a31c759e1 ] When process the outbound packet of ipv6, we should assign the master device to output device other than input device. Signed-off-by: Keefe Liu <liuqifa(a)huawei.com> Acked-by: Mahesh Bandewar <maheshb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ipvlan/ipvlan_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ipvlan/ipvlan_core.c +++ b/drivers/net/ipvlan/ipvlan_core.c @@ -404,7 +404,7 @@ static int ipvlan_process_v6_outbound(st struct dst_entry *dst; int err, ret = NET_XMIT_DROP; struct flowi6 fl6 = { - .flowi6_iif = dev->ifindex, + .flowi6_oif = dev->ifindex, .daddr = ip6h->daddr, .saddr = ip6h->saddr, .flowi6_flags = FLOWI_FLAG_ANYSRC, Patches currently in stable-queue which might be from liuqifa(a)huawei.com are queue-4.9/ipvlan-fix-ipv6-outbound-device.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "audit: ensure that 'audit=1' actually enables audit for PID 1" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled audit: ensure that 'audit=1' actually enables audit for PID 1 to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: audit-ensure-that-audit-1-actually-enables-audit-for-pid-1.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Paul Moore <paul(a)paul-moore.com> Date: Fri, 1 Sep 2017 09:44:34 -0400 Subject: audit: ensure that 'audit=1' actually enables audit for PID 1 From: Paul Moore <paul(a)paul-moore.com> [ Upstream commit 173743dd99a49c956b124a74c8aacb0384739a4c ] Prior to this patch we enabled audit in audit_init(), which is too late for PID 1 as the standard initcalls are run after the PID 1 task is forked. This means that we never allocate an audit_context (see audit_alloc()) for PID 1 and therefore miss a lot of audit events generated by PID 1. This patch enables audit as early as possible to help ensure that when PID 1 is forked it can allocate an audit_context if required. Reviewed-by: Richard Guy Briggs <rgb(a)redhat.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/audit.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) --- a/kernel/audit.c +++ b/kernel/audit.c @@ -79,13 +79,13 @@ static int audit_initialized; #define AUDIT_OFF 0 #define AUDIT_ON 1 #define AUDIT_LOCKED 2 -u32 audit_enabled; -u32 audit_ever_enabled; +u32 audit_enabled = AUDIT_OFF; +u32 audit_ever_enabled = !!AUDIT_OFF; EXPORT_SYMBOL_GPL(audit_enabled); /* Default state when kernel boots without any parameters. */ -static u32 audit_default; +static u32 audit_default = AUDIT_OFF; /* If auditing cannot proceed, audit_failure selects what happens. */ static u32 audit_failure = AUDIT_FAIL_PRINTK; @@ -1199,8 +1199,6 @@ static int __init audit_init(void) skb_queue_head_init(&audit_skb_queue); skb_queue_head_init(&audit_skb_hold_queue); audit_initialized = AUDIT_INITIALIZED; - audit_enabled = audit_default; - audit_ever_enabled |= !!audit_default; audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized"); @@ -1217,6 +1215,8 @@ static int __init audit_enable(char *str audit_default = !!simple_strtol(str, NULL, 0); if (!audit_default) audit_initialized = AUDIT_DISABLED; + audit_enabled = audit_default; + audit_ever_enabled = !!audit_enabled; pr_info("%s\n", audit_default ? "enabled (after initialization)" : "disabled (until reboot)"); Patches currently in stable-queue which might be from paul(a)paul-moore.com are queue-4.9/audit-ensure-that-audit-1-actually-enables-audit-for-pid-1.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] [PATCH 1/3] x86/tsc: future proof native_calibrate_tsc()

by Len Brown

From: Len Brown <len.brown(a)intel.com> Linux-4.10 added X86_FEATURE_TSC_KNOWN_FREQ. commit 4ca4df0b7eb0 ("x86/tsc: Mark TSC frequency determined by CPUID as known") When it is set, run-time refined TSC calibration is disabled. But native_calibrate_tsc() sets it on all systems with CPUID.15, even if crystal_khz can not be discovered via CPUID.15 or via built-in table. eg. When a new Intel processor comes out that does not return CPUID.15.crystal_khz, and does not have its model# and crystal_khz listed in native_calibate_tsc(). This results in (tsc_khz = cpu_khz) and TSC refined calibration disabled. But for machines with the TSC and CPU in different clock domains (and those support CPUID.15), almost all such configurations will experience measurable negative timeofday clock drift. Signed-off-by: Len Brown <len.brown(a)intel.com> Cc: Bin Gao <bin.gao(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ --- arch/x86/kernel/tsc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c index 8ea117f8142e..49d772672367 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c @@ -609,6 +609,8 @@ unsigned long native_calibrate_tsc(void) case INTEL_FAM6_ATOM_GOLDMONT: crystal_khz = 19200; /* 19.2 MHz */ break; + default: + return 0; /* no X86_FEATURE_TSC_KNOWN_FREQ */ } } -- 2.14.0-rc0

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] [patch 16/17] mm, oom_reaper: fix memory corruption

by akpm＠linux-foundation.org

From: Michal Hocko <mhocko(a)suse.com> Subject: mm, oom_reaper: fix memory corruption David Rientjes has reported the following memory corruption while the oom reaper tries to unmap the victims address space BUG: Bad page map in process oom_reaper pte:6353826300000000 pmd:00000000 addr:00007f50cab1d000 vm_flags:08100073 anon_vma:ffff9eea335603f0 mapping: (null) index:7f50cab1d file: (null) fault: (null) mmap: (null) readpage: (null) CPU: 2 PID: 1001 Comm: oom_reaper Call Trace: [<ffffffffa4bd967d>] dump_stack+0x4d/0x70 [<ffffffffa4a03558>] unmap_page_range+0x1068/0x1130 [<ffffffffa4a2e07f>] __oom_reap_task_mm+0xd5/0x16b [<ffffffffa4a2e226>] oom_reaper+0xff/0x14c [<ffffffffa48d6ad1>] kthread+0xc1/0xe0 Tetsuo Handa has noticed that the synchronization inside exit_mmap is insufficient. We only synchronize with the oom reaper if tsk_is_oom_victim which is not true if the final __mmput is called from a different context than the oom victim exit path. This can trivially happen from context of any task which has grabbed mm reference (e.g. to read /proc/<pid>/ file which requires mm etc.). The race would look like this oom_reaper oom_victim task mmget_not_zero do_exit mmput __oom_reap_task_mm mmput __mmput exit_mmap remove_vma unmap_page_range Fix this issue by providing a new mm_is_oom_victim() helper which operates on the mm struct rather than a task. Any context which operates on a remote mm struct should use this helper in place of tsk_is_oom_victim. The flag is set in mark_oom_victim and never cleared so it is stable in the exit_mmap path. Debugged by Tetsuo Handa. Link: http://lkml.kernel.org/r/20171210095130.17110-1-mhocko@kernel.org Fixes: 212925802454 ("mm: oom: let oom_reap_task and exit_mmap run concurrently") Signed-off-by: Michal Hocko <mhocko(a)suse.com> Reported-by: David Rientjes <rientjes(a)google.com> Acked-by: David Rientjes <rientjes(a)google.com> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: Andrea Argangeli <andrea(a)kernel.org> Cc: <stable(a)vger.kernel.org> [4.14] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/oom.h | 9 +++++++++ include/linux/sched/coredump.h | 1 + mm/mmap.c | 10 +++++----- mm/oom_kill.c | 4 +++- 4 files changed, 18 insertions(+), 6 deletions(-) diff -puN include/linux/oom.h~mm-oom_reaper-fix-memory-corruption include/linux/oom.h --- a/include/linux/oom.h~mm-oom_reaper-fix-memory-corruption +++ a/include/linux/oom.h @@ -67,6 +67,15 @@ static inline bool tsk_is_oom_victim(str } /* + * Use this helper if tsk->mm != mm and the victim mm needs a special + * handling. This is guaranteed to stay true after once set. + */ +static inline bool mm_is_oom_victim(struct mm_struct *mm) +{ + return test_bit(MMF_OOM_VICTIM, &mm->flags); +} + +/* * Checks whether a page fault on the given mm is still reliable. * This is no longer true if the oom reaper started to reap the * address space which is reflected by MMF_UNSTABLE flag set in diff -puN include/linux/sched/coredump.h~mm-oom_reaper-fix-memory-corruption include/linux/sched/coredump.h --- a/include/linux/sched/coredump.h~mm-oom_reaper-fix-memory-corruption +++ a/include/linux/sched/coredump.h @@ -70,6 +70,7 @@ static inline int get_dumpable(struct mm #define MMF_UNSTABLE 22 /* mm is unstable for copy_from_user */ #define MMF_HUGE_ZERO_PAGE 23 /* mm has ever used the global huge zero page */ #define MMF_DISABLE_THP 24 /* disable THP for all VMAs */ +#define MMF_OOM_VICTIM 25 /* mm is the oom victim */ #define MMF_DISABLE_THP_MASK (1 << MMF_DISABLE_THP) #define MMF_INIT_MASK (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\ diff -puN mm/mmap.c~mm-oom_reaper-fix-memory-corruption mm/mmap.c --- a/mm/mmap.c~mm-oom_reaper-fix-memory-corruption +++ a/mm/mmap.c @@ -3019,20 +3019,20 @@ void exit_mmap(struct mm_struct *mm) /* Use -1 here to ensure all VMAs in the mm are unmapped */ unmap_vmas(&tlb, vma, 0, -1); - set_bit(MMF_OOM_SKIP, &mm->flags); - if (unlikely(tsk_is_oom_victim(current))) { + if (unlikely(mm_is_oom_victim(mm))) { /* * Wait for oom_reap_task() to stop working on this * mm. Because MMF_OOM_SKIP is already set before * calling down_read(), oom_reap_task() will not run * on this "mm" post up_write(). * - * tsk_is_oom_victim() cannot be set from under us - * either because current->mm is already set to NULL + * mm_is_oom_victim() cannot be set from under us + * either because victim->mm is already set to NULL * under task_lock before calling mmput and oom_mm is - * set not NULL by the OOM killer only if current->mm + * set not NULL by the OOM killer only if victim->mm * is found not NULL while holding the task_lock. */ + set_bit(MMF_OOM_SKIP, &mm->flags); down_write(&mm->mmap_sem); up_write(&mm->mmap_sem); } diff -puN mm/oom_kill.c~mm-oom_reaper-fix-memory-corruption mm/oom_kill.c --- a/mm/oom_kill.c~mm-oom_reaper-fix-memory-corruption +++ a/mm/oom_kill.c @@ -683,8 +683,10 @@ static void mark_oom_victim(struct task_ return; /* oom_mm is bound to the signal struct life time. */ - if (!cmpxchg(&tsk->signal->oom_mm, NULL, mm)) + if (!cmpxchg(&tsk->signal->oom_mm, NULL, mm)) { mmgrab(tsk->signal->oom_mm); + set_bit(MMF_OOM_VICTIM, &mm->flags); + } /* * Make sure that the task is woken up from uninterruptible sleep _

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] [patch 15/17] kernel: make groups_sort calling a responsibility group_info allocators

by akpm＠linux-foundation.org

From: Thiago Rafael Becker <thiago.becker(a)gmail.com> Subject: kernel: make groups_sort calling a responsibility group_info allocators In testing, we found that nfsd threads may call set_groups in parallel for the same entry cached in auth.unix.gid, racing in the call of groups_sort, corrupting the groups for that entry and leading to permission denials for the client. This patch: - Make groups_sort globally visible. - Move the call to groups_sort to the modifiers of group_info - Remove the call to groups_sort from set_groups Link: http://lkml.kernel.org/r/20171211151420.18655-1-thiago.becker@gmail.com Signed-off-by: Thiago Rafael Becker <thiago.becker(a)gmail.com> Reviewed-by: Matthew Wilcox <mawilcox(a)microsoft.com> Reviewed-by: NeilBrown <neilb(a)suse.com> Acked-by: "J. Bruce Fields" <bfields(a)fieldses.org> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/s390/kernel/compat_linux.c | 1 + fs/nfsd/auth.c | 3 +++ include/linux/cred.h | 1 + kernel/groups.c | 5 +++-- kernel/uid16.c | 1 + net/sunrpc/auth_gss/gss_rpc_xdr.c | 1 + net/sunrpc/auth_gss/svcauth_gss.c | 1 + net/sunrpc/svcauth_unix.c | 2 ++ 8 files changed, 13 insertions(+), 2 deletions(-) diff -puN arch/s390/kernel/compat_linux.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators arch/s390/kernel/compat_linux.c --- a/arch/s390/kernel/compat_linux.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators +++ a/arch/s390/kernel/compat_linux.c @@ -263,6 +263,7 @@ COMPAT_SYSCALL_DEFINE2(s390_setgroups16, return retval; } + groups_sort(group_info); retval = set_current_groups(group_info); put_group_info(group_info); diff -puN fs/nfsd/auth.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators fs/nfsd/auth.c --- a/fs/nfsd/auth.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators +++ a/fs/nfsd/auth.c @@ -60,6 +60,9 @@ int nfsd_setuser(struct svc_rqst *rqstp, gi->gid[i] = exp->ex_anon_gid; else gi->gid[i] = rqgi->gid[i]; + + /* Each thread allocates its own gi, no race */ + groups_sort(gi); } } else { gi = get_group_info(rqgi); diff -puN include/linux/cred.h~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators include/linux/cred.h --- a/include/linux/cred.h~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators +++ a/include/linux/cred.h @@ -83,6 +83,7 @@ extern int set_current_groups(struct gro extern void set_groups(struct cred *, struct group_info *); extern int groups_search(const struct group_info *, kgid_t); extern bool may_setgroups(void); +extern void groups_sort(struct group_info *); /* * The security context of a task diff -puN kernel/groups.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators kernel/groups.c --- a/kernel/groups.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators +++ a/kernel/groups.c @@ -86,11 +86,12 @@ static int gid_cmp(const void *_a, const return gid_gt(a, b) - gid_lt(a, b); } -static void groups_sort(struct group_info *group_info) +void groups_sort(struct group_info *group_info) { sort(group_info->gid, group_info->ngroups, sizeof(*group_info->gid), gid_cmp, NULL); } +EXPORT_SYMBOL(groups_sort); /* a simple bsearch */ int groups_search(const struct group_info *group_info, kgid_t grp) @@ -122,7 +123,6 @@ int groups_search(const struct group_inf void set_groups(struct cred *new, struct group_info *group_info) { put_group_info(new->group_info); - groups_sort(group_info); get_group_info(group_info); new->group_info = group_info; } @@ -206,6 +206,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsi return retval; } + groups_sort(group_info); retval = set_current_groups(group_info); put_group_info(group_info); diff -puN kernel/uid16.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators kernel/uid16.c --- a/kernel/uid16.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators +++ a/kernel/uid16.c @@ -192,6 +192,7 @@ SYSCALL_DEFINE2(setgroups16, int, gidset return retval; } + groups_sort(group_info); retval = set_current_groups(group_info); put_group_info(group_info); diff -puN net/sunrpc/auth_gss/gss_rpc_xdr.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators net/sunrpc/auth_gss/gss_rpc_xdr.c --- a/net/sunrpc/auth_gss/gss_rpc_xdr.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators +++ a/net/sunrpc/auth_gss/gss_rpc_xdr.c @@ -231,6 +231,7 @@ static int gssx_dec_linux_creds(struct x goto out_free_groups; creds->cr_group_info->gid[i] = kgid; } + groups_sort(creds->cr_group_info); return 0; out_free_groups: diff -puN net/sunrpc/auth_gss/svcauth_gss.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators net/sunrpc/auth_gss/svcauth_gss.c --- a/net/sunrpc/auth_gss/svcauth_gss.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators +++ a/net/sunrpc/auth_gss/svcauth_gss.c @@ -481,6 +481,7 @@ static int rsc_parse(struct cache_detail goto out; rsci.cred.cr_group_info->gid[i] = kgid; } + groups_sort(rsci.cred.cr_group_info); /* mech name */ len = qword_get(&mesg, buf, mlen); diff -puN net/sunrpc/svcauth_unix.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators net/sunrpc/svcauth_unix.c --- a/net/sunrpc/svcauth_unix.c~kernel-make-groups_sort-calling-a-responsibility-group_info-allocators +++ a/net/sunrpc/svcauth_unix.c @@ -520,6 +520,7 @@ static int unix_gid_parse(struct cache_d ug.gi->gid[i] = kgid; } + groups_sort(ug.gi); ugp = unix_gid_lookup(cd, uid); if (ugp) { struct cache_head *ch; @@ -819,6 +820,7 @@ svcauth_unix_accept(struct svc_rqst *rqs kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv)); cred->cr_group_info->gid[i] = kgid; } + groups_sort(cred->cr_group_info); if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { *authp = rpc_autherr_badverf; return SVC_DENIED; _

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] [patch 05/17] autofs: fix careless error in recent commit

by akpm＠linux-foundation.org

From: NeilBrown <neilb(a)suse.com> Subject: autofs: fix careless error in recent commit ecc0c469f277 ("autofs: don't fail mount for transient error") was meant to replace an 'if' with a 'switch', but instead added the 'switch' leaving the case in place. Link: http://lkml.kernel.org/r/87zi6wstmw.fsf@notabene.neil.brown.name Fixes: ecc0c469f277 ("autofs: don't fail mount for transient error") Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: NeilBrown <neilb(a)suse.com> Cc: Ian Kent <raven(a)themaw.net> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/autofs4/waitq.c | 1 - 1 file changed, 1 deletion(-) diff -puN fs/autofs4/waitq.c~autofs-fix-careless-error-in-recent-commit fs/autofs4/waitq.c --- a/fs/autofs4/waitq.c~autofs-fix-careless-error-in-recent-commit +++ a/fs/autofs4/waitq.c @@ -170,7 +170,6 @@ static void autofs4_notify_daemon(struct mutex_unlock(&sbi->wq_mutex); - if (autofs4_write(sbi, pipe, &pkt, pktsz)) switch (ret = autofs4_write(sbi, pipe, &pkt, pktsz)) { case 0: break; _

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] [patch 04/17] string.h: workaround for increased stack usage

by akpm＠linux-foundation.org

From: Arnd Bergmann <arnd(a)arndb.de> Subject: string.h: workaround for increased stack usage The hardened strlen() function causes rather large stack usage in at least one file in the kernel, in particular when CONFIG_KASAN is enabled: drivers/media/usb/em28xx/em28xx-dvb.c: In function 'em28xx_dvb_init': drivers/media/usb/em28xx/em28xx-dvb.c:2062:1: error: the frame size of 3256 bytes is larger than 204 bytes [-Werror=frame-larger-than=] Analyzing this problem led to the discovery that gcc fails to merge the stack slots for the i2c_board_info[] structures after we strlcpy() into them, due to the 'noreturn' attribute on the source string length check. I reported this as a gcc bug, but it is unlikely to get fixed for gcc-8, since it is relatively easy to work around, and it gets triggered rarely. An earlier workaround I did added an empty inline assembly statement before the call to fortify_panic(), which works surprisingly well, but is really ugly and unintuitive. This is a new approach to the same problem, this time addressing it by not calling the 'extern __real_strnlen()' function for string constants where __builtin_strlen() is a compile-time constant and therefore known to be safe. We do this by checking if the last character in the string is a compile-time constant '\0'. If it is, we can assume that strlen() of the string is also constant. As a side-effect, this should also improve the object code output for any other call of strlen() on a string constant. [akpm(a)linux-foundation.org: add comment] Link: http://lkml.kernel.org/r/20171205215143.3085755-1-arnd@arndb.de Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82365 Link: https://patchwork.kernel.org/patch/9980413/ Link: https://patchwork.kernel.org/patch/9974047/ Fixes: 6974f0c4555 ("include/linux/string.h: add the option of fortified string.h functions") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Cc: Kees Cook <keescook(a)chromium.org> Cc: Mauro Carvalho Chehab <mchehab(a)kernel.org> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Daniel Micay <danielmicay(a)gmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Martin Wilck <mwilck(a)suse.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/string.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff -puN include/linux/string.h~stringh-work-around-for-increased-stack-usage include/linux/string.h --- a/include/linux/string.h~stringh-work-around-for-increased-stack-usage +++ a/include/linux/string.h @@ -259,7 +259,10 @@ __FORTIFY_INLINE __kernel_size_t strlen( { __kernel_size_t ret; size_t p_size = __builtin_object_size(p, 0); - if (p_size == (size_t)-1) + + /* Work around gcc excess stack consumption issue */ + if (p_size == (size_t)-1 || + (__builtin_constant_p(p[p_size - 1]) && p[p_size - 1] == '\0')) return __builtin_strlen(p); ret = strnlen(p, p_size); if (p_size <= ret) _

7 years, 1 month

1
0
0 0

Re: [Linux-stable-mirror] Linux 4.9.69

by Sebastian Gottschall

this happend with the rc1 version. dont know if it still applies, will check now. 4.9.68 works [ 2.523730] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.69-rc1 #16 [ 2.523823] Hardware name: Qualcomm (Flattened Device Tree) [ 2.530247] task: dd41a9c0 task.stack: dd434000 [ 2.535548] PC is at llc_sap_open+0x34/0xf8 [ 2.540053] LR is at llc_sap_open+0x28/0xf8 [ 2.544220] pc : [<c063c554>] lr : [<c063c548>] psr: a0000013 [ 2.544220] sp : dd435e80 ip : dd435e80 fp : dd435e9c [ 2.548396] r10: c0a344c8 r9 : c0a00628 r8 : c0a29834 [ 2.559844] r7 : c0b47000 r6 : c063d84c r5 : 00000042 r4 : c0b3fbf0 [ 2.565059] r3 : ffffffec r2 : 00000000 r1 : 00000000 r0 : c0b975e4 [ 2.571655] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 2.578165] Control: 10c5787d Table: 4220406a DAC: 00000055 [ 2.585368] Process swapper/0 (pid: 1, stack limit = 0xdd434210) [ 2.591099] Stack: (0xdd435e80 to 0xdd436000) [ 2.597175] 5e80: c0a21f70 c0846820 ffffe000 c0b47000 dd435eb4 dd435ea0 c063d7e4 c063c52c [ 2.601433] 5ea0: c0a21f70 00000000 dd435ecc dd435eb8 c0a21f88 c063d794 c0a21f70 00000000 [ 2.609592] 5ec0: dd435f4c dd435ed0 c03016fc c0a21f7c dd435ef4 dd435ee0 c033ca1c c04be99c [ 2.617753] 5ee0: 00000000 c0906768 dd435f4c dd435ef8 c033cd30 c0a00634 c089bbc0 c089bc0c [ 2.625912] 5f00: 00000000 c089b5d8 00000006 00000006 c08c4424 c0905d40 ddffcedc 00000000 [ 2.634073] 5f20: 00000000 c0b47000 c0905d40 00000007 c0b47000 c0a29834 c0a00628 c0a344c8 [ 2.642231] 5f40: dd435f94 dd435f50 c0a00dec c030164c 00000006 00000006 00000000 c0a00628 [ 2.650393] 5f60: ffbfb8e3 00000082 dd435f94 00000000 c073fa10 00000000 00000000 00000000 [ 2.658550] 5f80: 00000000 00000000 dd435fac dd435f98 c073fa20 c0a00ca4 00000000 c073fa10 [ 2.666711] 5fa0: 00000000 dd435fb0 c0307c60 c073fa1c 00000000 00000000 00000000 00000000 [ 2.674869] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 2.683029] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 f3f7bff7 f6ffd7fb [ 2.691184] Backtrace: [ 2.701603] [<c063c520>] (llc_sap_open) from [<c063d7e4>] (stp_proto_register+0x5c/0xc4) [ 2.701783] r7:c0b47000 r6:ffffe000 r5:c0846820 r4:c0a21f70 [ 2.709944] [<c063d788>] (stp_proto_register) from [<c0a21f88>] (br_init+0x18/0xb8) [ 2.715578] r5:00000000 r4:c0a21f70 [ 2.722959] [<' - try 'help'_init) from [<c03016fc>] (do_one_initcall+0xbc/0x138) (IPQ) # command '5:00000000 r4:c0a21f70 Unknown command 'c0301640>] (do_one_initcall) from [<c0a00dec>] (kernel_init_freeable+0x154/0x1f0) [ 2.737806] r10:c0a344c8 r9:c0a00628 r8:c0a29834 r7:c0b47000 r6:00000007 r5:c0905d40 [ 2.746220] r4:c0b47000 Am 14.12.2017 um 10:29 schrieb Greg KH: > I'm announcing the release of the 4.9.69 kernel. > > All users of the 4.9 kernel series must upgrade. > > The updated 4.9.y git tree can be found at: > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y > and can be browsed at the normal kernel.org git web browser: > http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary > > thanks, > > greg k-h > > ------------ > > Documentation/devicetree/bindings/usb/usb-device.txt | 2 > Makefile | 2 > arch/arm/include/asm/assembler.h | 18 ++ > arch/arm/include/asm/kvm_arm.h | 4 > arch/arm/include/asm/uaccess.h | 44 ++++-- > arch/arm/kernel/entry-header.S | 6 > arch/arm/kvm/handle_exit.c | 19 +- > arch/arm/mach-omap2/gpmc-onenand.c | 10 - > arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | 25 ++- > arch/arm64/include/asm/kvm_arm.h | 3 > arch/arm64/kernel/process.c | 9 + > arch/arm64/kvm/handle_exit.c | 19 +- > arch/powerpc/Makefile | 11 + > arch/powerpc/include/asm/checksum.h | 2 > arch/powerpc/kernel/cpu_setup_power.S | 2 > arch/powerpc/mm/pgtable-radix.c | 4 > arch/powerpc/platforms/powernv/pci-ioda.c | 3 > arch/powerpc/sysdev/axonram.c | 5 > arch/s390/kernel/syscalls.S | 6 > arch/s390/kvm/priv.c | 11 + > arch/sparc/mm/init_64.c | 9 + > arch/x86/include/asm/kvm_host.h | 3 > arch/x86/kernel/hpet.c | 2 > arch/x86/kvm/vmx.c | 31 +--- > arch/x86/kvm/x86.c | 14 ++ > arch/x86/pci/broadcom_bus.c | 2 > arch/x86/platform/uv/tlb_uv.c | 1 > block/blk-core.c | 4 > block/blk-mq-sysfs.c | 4 > block/blk-mq.c | 4 > block/blk-mq.h | 1 > crypto/asymmetric_keys/pkcs7_verify.c | 2 > crypto/asymmetric_keys/x509_cert_parser.c | 2 > crypto/asymmetric_keys/x509_public_key.c | 2 > drivers/ata/libata-sff.c | 1 > drivers/atm/horizon.c | 2 > drivers/base/isa.c | 10 - > drivers/block/zram/zram_drv.c | 2 > drivers/bus/arm-cci.c | 7 - > drivers/bus/arm-ccn.c | 11 + > drivers/clk/uniphier/clk-uniphier-sys.c | 2 > drivers/crypto/s5p-sss.c | 5 > drivers/crypto/talitos.c | 66 ++++++--- > drivers/edac/i5000_edac.c | 8 - > drivers/edac/i5400_edac.c | 9 - > drivers/firmware/efi/efi.c | 3 > drivers/firmware/efi/esrt.c | 17 +- > drivers/firmware/efi/runtime-map.c | 10 - > drivers/gpio/gpio-altera.c | 26 +-- > drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 > drivers/gpu/drm/armada/Makefile | 2 > drivers/gpu/drm/exynos/exynos_drm_gem.c | 9 + > drivers/hid/Kconfig | 4 > drivers/hid/hid-chicony.c | 1 > drivers/hid/hid-core.c | 1 > drivers/hid/hid-ids.h | 1 > drivers/i2c/busses/i2c-riic.c | 6 > drivers/infiniband/hw/mlx4/qp.c | 2 > drivers/infiniband/hw/mlx5/main.c | 2 > drivers/iommu/intel-iommu.c | 8 - > drivers/irqchip/irq-crossbar.c | 8 - > drivers/media/rc/lirc_dev.c | 4 > drivers/media/usb/dvb-usb/dibusb-common.c | 16 ++ > drivers/memory/omap-gpmc.c | 4 > drivers/net/can/ti_hecc.c | 3 > drivers/net/can/usb/ems_usb.c | 2 > drivers/net/can/usb/esd_usb2.c | 2 > drivers/net/can/usb/kvaser_usb.c | 13 + > drivers/net/can/usb/usb_8dev.c | 2 > drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 36 ++++- > drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 8 + > drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.h | 1 > drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c | 23 +-- > drivers/net/ethernet/ibm/ibmvnic.c | 43 ++++-- > drivers/net/ethernet/ibm/ibmvnic.h | 1 > drivers/net/phy/spi_ks8995.c | 3 > drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 2 > drivers/net/wireless/mac80211_hwsim.c | 5 > drivers/rapidio/devices/rio_mport_cdev.c | 3 > drivers/scsi/lpfc/lpfc_els.c | 14 +- > drivers/scsi/qla2xxx/qla_dbg.c | 12 - > drivers/scsi/scsi_lib.c | 10 - > drivers/spi/Kconfig | 1 > drivers/usb/dwc3/gadget.c | 7 - > drivers/usb/gadget/configfs.c | 1 > drivers/usb/gadget/function/f_fs.c | 13 + > drivers/usb/gadget/legacy/inode.c | 4 > drivers/usb/gadget/udc/net2280.c | 25 +-- > drivers/usb/gadget/udc/pxa27x_udc.c | 5 > drivers/usb/gadget/udc/renesas_usb3.c | 2 > drivers/virtio/virtio.c | 2 > fs/afs/cmservice.c | 3 > fs/btrfs/extent-tree.c | 1 > fs/nfs/dir.c | 2 > fs/xfs/xfs_inode.c | 1 > include/linux/dma-mapping.h | 2 > include/linux/genalloc.h | 3 > include/linux/mmu_notifier.h | 13 - > include/linux/omap-gpmc.h | 5 > include/linux/sysfs.h | 6 > include/scsi/libsas.h | 2 > kernel/bpf/percpu_freelist.c | 8 - > kernel/cpu.c | 10 - > kernel/debug/kdb/kdb_io.c | 2 > kernel/jump_label.c | 2 > kernel/sched/fair.c | 2 > kernel/sched/features.h | 5 > kernel/workqueue.c | 1 > lib/asn1_decoder.c | 49 ++++--- > lib/dynamic_debug.c | 4 > lib/genalloc.c | 10 - > mm/huge_memory.c | 84 ++++++++---- > mm/zsmalloc.c | 2 > net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 4 > net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 5 > net/ipv4/route.c | 14 +- > net/ipv6/af_inet6.c | 10 - > net/ipv6/ip6_gre.c | 2 > net/ipv6/ip6_vti.c | 8 - > net/rds/tcp.c | 15 +- > net/rds/tcp.h | 2 > net/rds/tcp_listen.c | 9 + > net/sctp/socket.c | 38 +++-- > net/sunrpc/sched.c | 3 > net/xfrm/xfrm_policy.c | 1 > scripts/coccicheck | 15 +- > scripts/module-common.lds | 2 > scripts/package/Makefile | 5 > security/keys/request_key.c | 46 +++++- > sound/core/pcm.c | 2 > sound/core/seq/seq_timer.c | 2 > sound/soc/sh/rcar/ssiu.c | 6 > sound/usb/mixer.c | 13 + > tools/hv/hv_kvp_daemon.c | 70 ++-------- > tools/testing/selftests/powerpc/harness.c | 6 > tools/testing/selftests/x86/fsgsbase.c | 2 > tools/testing/selftests/x86/ldt_gdt.c | 16 +- > tools/testing/selftests/x86/mpx-hw.h | 4 > tools/testing/selftests/x86/ptrace_syscall.c | 3 > tools/testing/selftests/x86/single_step_syscall.c | 5 > virt/kvm/arm/hyp/vgic-v2-sr.c | 4 > virt/kvm/arm/vgic/vgic-irqfd.c | 3 > virt/kvm/arm/vgic/vgic-its.c | 111 +++++++++------- > virt/kvm/kvm_main.c | 8 + > 144 files changed, 906 insertions(+), 526 deletions(-) > > Alexey Kardashevskiy (1): > powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested > > Alexey Kodanev (1): > gre6: use log_ecn_error module parameter in ip6_tnl_rcv() > > Andre Przywara (1): > KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled > > Andrew Banman (1): > x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register > > Andrew Honig (1): > KVM: VMX: remove I/O port 0x80 bypass on Intel hosts > > Arend Van Spriel (1): > brcmfmac: change driver unbind order of the sdio function devices > > Arvind Yadav (1): > atm: horizon: Fix irq release error > > Ben Hutchings (1): > mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() > > Blomme, Maarten (2): > spi_ks8995: fix "BUG: key accdaa28 not in .data!" > spi_ks8995: regs_size incorrect for some devices > > Chris Brandt (1): > i2c: riic: fix restart condition > > Christoffer Dall (1): > KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion > > Christoph Hellwig (1): > scsi: dma-mapping: always provide dma_get_cache_alignment > > Christophe JAILLET (3): > bus: arm-ccn: Check memory allocation failure > USB: gadgetfs: Fix a potential memory leak in 'dev_config()' > drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' > > Chuck Lever (1): > sunrpc: Fix rpc_task_begin trace point > > Daniel Drake (1): > HID: chicony: Add support for another ASUS Zen AiO keyboard > > Daniel Thompson (1): > kdb: Fix handling of kallsyms_symbol_next() return value > > Darrick J. Wong (1): > xfs: fix forgotten rcu read unlock when skipping inode reclaim > > Dave Hansen (1): > x86/mpx/selftests: Fix up weird arrays > > Dave Martin (1): > arm64: fpsimd: Prevent registers leaking from dead tasks > > David Daney (1): > module: set __jump_table alignment to 8 > > David Howells (1): > afs: Connect up the CB.ProbeUuid > > Dmitry Safonov (1): > x86/selftests: Add clobbers for int80 on x86_64 > > Eric Biggers (5): > ASN.1: fix out-of-bounds read when parsing indefinite length item > ASN.1: check for error from ASN1_OP_END__ACT actions > KEYS: add missing permission check for request_key() destination > X.509: reject invalid BIT STRING for subjectPublicKey > X.509: fix comparisons of ->pkey_algo > > Eric Dumazet (1): > bpf: fix lockdep splat > > Florian Westphal (1): > netfilter: don't track fragmented packets > > Franck Demathieu (1): > irqchip/crossbar: Fix incorrect type of register size > > Greg Kroah-Hartman (2): > efi: Move some sysfs files to be read-only by root > Linux 4.9.69 > > Guenter Roeck (2): > ARM: OMAP2+: Fix device node reference counts > ARM: OMAP2+: Release device node after it is no longer needed. > > Heiko Carstens (1): > s390: fix compat system call table > > Herbert Xu (1): > xfrm: Copy policy family in clone_policy > > Huacai Chen (2): > scsi: use dma_get_cache_alignment() as minimum DMA alignment > scsi: libsas: align sata_device's rps_resp on a cacheline > > Jaejoong Kim (2): > ALSA: usb-audio: Fix out-of-bound error > ALSA: usb-audio: Add check return value for usb_string() > > James Smart (1): > scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters > > Jan Kara (1): > axonram: Fix gendisk handling > > Janosch Frank (1): > KVM: s390: Fix skey emulation permission check > > Jason Baron (1): > jump_label: Invoke jump_label_test() via early_initcall() > > Jeff Mahoney (1): > btrfs: fix missing error return in btrfs_drop_snapshot > > Jim Mattson (1): > kvm: nVMX: VMCLEAR should not cause the vCPU to shut down > > Jim Qu (1): > drm/amd/amdgpu: fix console deadlock if late init failed > > Jimmy Assarsson (3): > can: kvaser_usb: free buf in error paths > can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() > can: kvaser_usb: ratelimit errors if incomplete messages are received > > Joe Perches (1): > scsi: qla2xxx: Fix ql_dump_buffer > > Johan Hovold (1): > dt-bindings: usb: fix reg-property port-number range > > Johannes Thumshirn (1): > zram: set physical queue limits to avoid array out of bounds accesses > > John Keeping (2): > usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT > usb: gadget: configs: plug memory leak > > Jérémy Lefaure (2): > EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro > EDAC, i5000, i5400: Fix definition of NRECMEMB register > > Kees Cook (1): > ARM: 8657/1: uaccess: consistently check object sizes > > Kim Phillips (1): > bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left. > > Kirill A. Shutemov (3): > thp: reduce indentation level in change_huge_pmd() > thp: fix MADV_DONTNEED vs. numa balancing race > mm: drop unused pmdp_huge_get_and_clear_notify() > > Kristina Martsenko (1): > arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one > > Krzysztof Kozlowski (1): > crypto: s5p-sss - Fix completing crypto request in IRQ handler > > Kuninori Morimoto (1): > ASoC: rcar: avoid SSI_MODEx settings for SSI8 > > LEROY Christophe (6): > crypto: talitos - fix AEAD test failures > crypto: talitos - fix memory corruption on SEC2 > crypto: talitos - fix setkey to check key weakness > crypto: talitos - fix AEAD for sha224 on non sha224 capable chips > crypto: talitos - fix use of sg_link_tbl_len > crypto: talitos - fix ctr-aes-talitos > > Ladislav Michl (1): > ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure > > Lai Jiangshan (1): > smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place > > Laurent Caumont (1): > media: dvb: i2c transfers over usb cannot be done from stack > > Majd Dibbiny (1): > IB/mlx5: Assign send CQ and recv CQ of UMR QP > > Marc Zyngier (5): > arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one > KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation > KVM: arm/arm64: vgic-its: Check result of allocation before use > bus: arm-cci: Fix use of smp_processor_id() in preemptible context > bus: arm-ccn: Fix use of smp_processor_id() in preemptible context > > Marek Szyprowski (1): > drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU > > Mark Bloch (1): > IB/mlx4: Increase maximal message size under UD QP > > Mark Rutland (2): > arm: KVM: Survive unknown traps from guests > arm64: KVM: Survive unknown traps from guests > > Martin Kelly (4): > can: kvaser_usb: cancel urb on -EPIPE and -EPROTO > can: ems_usb: cancel urb on -EPIPE and -EPROTO > can: esd_usb2: cancel urb on -EPIPE and -EPROTO > can: usb_8dev: cancel urb on -EPIPE and -EPROTO > > Masahiro Yamada (3): > kbuild: pkg: use --transform option to prefix paths in tar > coccinelle: fix parallel build with CHECK=scripts/coccicheck > clk: uniphier: fix DAPLL2 clock rate of Pro5 > > Michal Schmidt (4): > bnx2x: prevent crash when accessing PTP with interface down > bnx2x: fix possible overrun of VFPF multicast addresses array > bnx2x: fix detection of VLAN filtering feature for VF > bnx2x: do not rollback VF MAC/VLAN filters we did not configure > > Ming Lei (2): > blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue() > block: wake up all tasks blocked in get_request() > > Nicholas Piggin (2): > powerpc/64s: Initialize ISAv3 MMU registers before setting partition table > powerpc: Fix compiling a BE kernel with a powerpc64le toolchain > > Oliver Stäbler (1): > can: ti_hecc: Fix napi poll return value for repoll > > Pan Bian (1): > efi/esrt: Use memunmap() instead of kfree() to free the remapping > > Paul Mackerras (1): > powerpc/64: Invalidate process table caching after setting process table > > Paul Meyer (1): > hv: kvp: Avoid reading past allocated blocks from KVP file > > Pavel Tatashin (1): > sparc64/mm: set fields in deferred pages > > Peter Zijlstra (1): > sched/fair: Make select_idle_cpu() more aggressive > > Petr Cvek (1): > usb: gadget: pxa27x: Test for a valid argument pointer > > Phil Reid (1): > gpio: altera: Use handle_level_irq when configured as a level_high > > Radim Krčmář (1): > KVM: x86: fix APIC page invalidation > > Rafael J. Wysocki (1): > x86/PCI: Make broadcom_postcore_init() check acpi_disabled > > Randy Dunlap (1): > dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 > > Raz Manor (1): > usb: gadget: udc: net2280: Fix tmp reusage in net2280 driver > > Robb Glasser (1): > ALSA: pcm: prevent UAF in snd_pcm_info > > Robin Murphy (1): > iommu/vt-d: Fix scatterlist offset handling > > Roger Quadros (1): > usb: dwc3: gadget: Fix system suspend/resume on TI platforms > > Russell King (2): > ARM: BUG if jumping to usermode address in kernel mode > ARM: avoid faulting on qemu > > Sachin Sant (1): > selftest/powerpc: Fix false failures for skipped tests > > Sasha Levin (2): > Revert "drm/armada: Fix compile fail" > Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" > > Sean Young (1): > lirc: fix dead lock between open and wakeup_filter > > Sergey Senozhatsky (1): > zsmalloc: calling zs_map_object() from irq is a bug > > Shile Zhang (1): > powerpc/64: Fix checksum folding in csum_add() > > Sowmini Varadhan (1): > rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races > > Steffen Klassert (1): > vti6: Don't report path MTU below IPV6_MIN_MTU. > > Stephen Bates (1): > lib/genalloc.c: make the avail variable an atomic_long_t > > Takashi Iwai (1): > ALSA: seq: Remove spurious WARN_ON() at timer check > > Tejun Heo (2): > libata: drop WARN from protocol error in ata_sff_qc_issue() > workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq > > Thomas Falcon (2): > ibmvnic: Fix overflowing firmware/hardware TX queue > ibmvnic: Allocate number of rx/tx buffers agreed on by firmware > > Thomas Gleixner (1): > x86/hpet: Prevent might sleep splat on resume > > Trond Myklebust (1): > NFS: Fix a typo in nfs_rename() > > WANG Cong (1): > ipv6: reorder icmpv6_init() and ip6_mr_init() > > Wanpeng Li (1): > KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset > > William Breathitt Gray (1): > isa: Prevent NULL dereference in isa_bus driver callbacks > > Xin Long (4): > route: also update fnhe_genid when updating a route cache > route: update fnhe_expires for redirect when the fnhe exists > sctp: do not free asoc when it is already dead in sctp_sendmsg > sctp: use the right sk after waking up from wait_buf sleep > > Yoshihiro Shimoda (1): > usb: gadget: udc: renesas_usb3: fix number of the pipes > > weiping zhang (1): > virtio: release virtio index when fail to device_register > -- Mit freundlichen Grüssen / Regards Sebastian Gottschall / CTO NewMedia-NET GmbH - DD-WRT Firmensitz: Stubenwaldallee 21a, 64625 Bensheim Registergericht: Amtsgericht Darmstadt, HRB 25473 Geschäftsführer: Peter Steinhäuser, Christian Scheele http://www.dd-wrt.com email: s.gottschall(a)dd-wrt.com Tel.: +496251-582650 / Fax: +496251-5826565

7 years, 1 month

2
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2017