February 2018 - Linux-stable-mirror

Patch "cfg80211: check dev_set_name() return value" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cfg80211: check dev_set_name() return value to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cfg80211-check-dev_set_name-return-value.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 59b179b48ce2a6076448a44531242ac2b3f6cef2 Mon Sep 17 00:00:00 2001 From: Johannes Berg <johannes.berg(a)intel.com> Date: Mon, 15 Jan 2018 09:58:27 +0100 Subject: cfg80211: check dev_set_name() return value From: Johannes Berg <johannes.berg(a)intel.com> commit 59b179b48ce2a6076448a44531242ac2b3f6cef2 upstream. syzbot reported a warning from rfkill_alloc(), and after a while I think that the reason is that it was doing fault injection and the dev_set_name() failed, leaving the name NULL, and we didn't check the return value and got to rfkill_alloc() with a NULL name. Since we really don't want a NULL name, we ought to check the return value. Fixes: fb28ad35906a ("net: struct device - replace bus_id with dev_name(), dev_set_name()") Reported-by: syzbot+1ddfb3357e1d7bb5b5d3(a)syzkaller.appspotmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/wireless/core.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/net/wireless/core.c +++ b/net/wireless/core.c @@ -421,6 +421,8 @@ struct wiphy *wiphy_new_nm(const struct if (rv) goto use_default_name; } else { + int rv; + use_default_name: /* NOTE: This is *probably* safe w/out holding rtnl because of * the restrictions on phy names. Probably this call could @@ -428,7 +430,11 @@ use_default_name: * phyX. But, might should add some locking and check return * value, and use a different name if this one exists? */ - dev_set_name(&rdev->wiphy.dev, PHY_NAME "%d", rdev->wiphy_idx); + rv = dev_set_name(&rdev->wiphy.dev, PHY_NAME "%d", rdev->wiphy_idx); + if (rv < 0) { + kfree(rdev); + return NULL; + } } INIT_LIST_HEAD(&rdev->wiphy.wdev_list); Patches currently in stable-queue which might be from johannes.berg(a)intel.com are queue-4.9/cfg80211-check-dev_set_name-return-value.patch

6 years, 10 months

1
0
0 0

Patch "blk_rq_map_user_iov: fix error override" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled blk_rq_map_user_iov: fix error override to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: blk_rq_map_user_iov-fix-error-override.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 69e0927b3774563c19b5fb32e91d75edc147fb62 Mon Sep 17 00:00:00 2001 From: Douglas Gilbert <dgilbert(a)interlog.com> Date: Sun, 14 Jan 2018 17:00:48 -0500 Subject: blk_rq_map_user_iov: fix error override From: Douglas Gilbert <dgilbert(a)interlog.com> commit 69e0927b3774563c19b5fb32e91d75edc147fb62 upstream. During stress tests by syzkaller on the sg driver the block layer infrequently returns EINVAL. Closer inspection shows the block layer was trying to return ENOMEM (which is much more understandable) but for some reason overroad that useful error. Patch below does not show this (unchanged) line: ret =__blk_rq_map_user_iov(rq, map_data, &i, gfp_mask, copy); That 'ret' was being overridden when that function failed. Signed-off-by: Douglas Gilbert <dgilbert(a)interlog.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- block/blk-map.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/block/blk-map.c +++ b/block/blk-map.c @@ -116,7 +116,7 @@ int blk_rq_map_user_iov(struct request_q unsigned long align = q->dma_pad_mask | queue_dma_alignment(q); struct bio *bio = NULL; struct iov_iter i; - int ret; + int ret = -EINVAL; if (!iter_is_iovec(iter)) goto fail; @@ -145,7 +145,7 @@ unmap_rq: __blk_rq_unmap_user(bio); fail: rq->bio = NULL; - return -EINVAL; + return ret; } EXPORT_SYMBOL(blk_rq_map_user_iov); Patches currently in stable-queue which might be from dgilbert(a)interlog.com are queue-4.9/blk_rq_map_user_iov-fix-error-override.patch

6 years, 10 months

1
0
0 0

[PATCH v2 0/2] x86/pti: KVM: fixes and optimizations for IBRS

by Paolo Bonzini

Two tiny patches for the IBRS code. They should go in through the x86/pti tree and should apply to both 4.9 and 4.14 trees. Thanks, Paolo v1->v2: remove patch 2, the same bug has already been fixed Paolo Bonzini (3): KVM: x86: use native MSR ops for SPEC_CTRL KVM: VMX: mark RDMSR path as unlikely arch/x86/kvm/svm.c | 9 +++++---- arch/x86/kvm/vmx.c | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) -- 1.8.3.1

6 years, 10 months

2
3
0 0

[PATCH] cpufreq: s3c24xx: Fix broken s3c_cpufreq_init()

by Viresh Kumar

commit a307a1e6bc0d ("cpufreq: s3c: use cpufreq_generic_init()") accidentally broke cpufreq on s3c2410 and s3c2412. These two platforms don't have a CPU frequency table and used to skip calling cpufreq_table_validate_and_show() for them. But with the above commit, we started calling it unconditionally and that will eventually fail as the frequency table pointer is NULL. Fix this by calling cpufreq_table_validate_and_show() conditionally again. Cc: stable(a)vger.kernel.org # v3.13+ Fixes: a307a1e6bc0d ("cpufreq: s3c: use cpufreq_generic_init()") Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org> --- drivers/cpufreq/s3c24xx-cpufreq.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/cpufreq/s3c24xx-cpufreq.c b/drivers/cpufreq/s3c24xx-cpufreq.c index 7b596fa38ad2..6bebc1f9f55a 100644 --- a/drivers/cpufreq/s3c24xx-cpufreq.c +++ b/drivers/cpufreq/s3c24xx-cpufreq.c @@ -351,7 +351,13 @@ struct clk *s3c_cpufreq_clk_get(struct device *dev, const char *name) static int s3c_cpufreq_init(struct cpufreq_policy *policy) { policy->clk = clk_arm; - return cpufreq_generic_init(policy, ftab, cpu_cur.info->latency); + + policy->cpuinfo.transition_latency = cpu_cur.info->latency; + + if (ftab) + return cpufreq_table_validate_and_show(policy, ftab); + + return 0; } static int __init s3c_cpufreq_initclks(void) -- 2.15.0.194.g9af6a3dea062

6 years, 10 months

1
0
0 0

v4.9.83 build: 0 failures 0 warnings (v4.9.83)

by Build bot for Mark Brown

Tree/Branch: v4.9.83 Git describe: v4.9.83 Commit: 80c1c8322c Linux 4.9.83 Build Time: 92 min 46 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

6 years, 10 months

1
0
0 0

[PATCH v2] mmc: dw_mmc: Fix the DTO timeout overflow calculation for 32-bit systems

by Evgeniy Didin

In commit 9d9491a7da2a ("mmc: dw_mmc: Fix the DTO timeout calculation") have been made changes which cause multiply overflow for 32-bit systems. The broken timeout calculations caused false interrupt latency warnings and stacktrace splat (such as below) when accessing the SD Card. | Running : 4M-check-reassembly-tcp-cmykw2-rotatew2.out -v0 -w1 | - Info: Finished target initialization. | mmcblk0: error -110 transferring data, sector 320544, nr 2048, cmd response | 0x900, card status 0x0 | mmc_host mmc0: Bus speed (slot 0) = 50000000Hz (slot req 400000Hz, actual | 396825HZ div = 63) | mmc_host mmc0: Bus speed (slot 0) = 50000000Hz (slot req 25000000Hz, actual | 25000000HZ div = 1) | ------------[ cut here ]------------ | softirq: huh, entered softirq 6 TASKLET 6f6a9412 with preempt_count 00000101, | exited with 00000100? | WARNING: CPU: 2 PID: 0 at ../lib/scatterlist.c:652 sg_miter_next+0x28/0x20c | Modules linked in: | CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.15.0 #57 | | Stack Trace: | arc_unwind_core.constprop.1+0xd0/0xf4 | dump_stack+0x68/0x80 | warn_slowpath_null+0x4e/0xec | sg_miter_next+0x28/0x20c | dw_mci_read_data_pio+0x44/0x190 | dw_mmc f000a000.mmc: Unexpected interrupt latency | dw_mci_interrupt+0x3ee/0x530 | __handle_irq_event_percpu+0x56/0x150 | handle_irq_event+0x34/0x78 | handle_level_irq+0x8e/0x120 | generic_handle_irq+0x1c/0x2c | idu_cascade_isr+0x30/0x6c | __handle_domain_irq+0x72/0xc8 | ret_from_exception+0x0/0x8 |---[ end trace 2a58c9af6c25fe51 ]--- Lets cast this multiply to u64 type which prevents overflow. Tested-by: Vineet Gupta <Vineet.Gupta1(a)synopsys.com> Fixes: ARC STAR 9001306872 HSDK, sdio: board crashes when copying big files Signed-off-by: Evgeniy Didin <Evgeniy.Didin(a)synopsys.com> CC: Alexey Brodkin <abrodkin(a)synopsys.com> CC: Eugeniy Paltsev <paltsev(a)synopsys.com> CC: Douglas Anderson <dianders(a)chromium.org> CC: Ulf Hansson <ulf.hansson(a)linaro.org> CC: linux-kernel(a)vger.kernel.org CC: linux-snps-arc(a)lists.infradead.org Cc: <stable(a)vger.kernel.org> # 9d9491a7da2a mmc: dw_mmc: Fix the DTO timeout calculation --- Changes since v1: -uint64_t switched to u64 -changed commit message drivers/mmc/host/dw_mmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c index 0aa39975f33b..1a0b9751c67c 100644 --- a/drivers/mmc/host/dw_mmc.c +++ b/drivers/mmc/host/dw_mmc.c @@ -1944,7 +1944,7 @@ static void dw_mci_set_drto(struct dw_mci *host) drto_div = (mci_readl(host, CLKDIV) & 0xff) * 2; if (drto_div == 0) drto_div = 1; - drto_ms = DIV_ROUND_UP(MSEC_PER_SEC * drto_clks * drto_div, + drto_ms = DIV_ROUND_UP((u64)MSEC_PER_SEC * drto_clks * drto_div, host->bus_hz); /* add a bit spare time */ -- 2.11.0

6 years, 10 months

5
5
0 0

v4.4.117 build: 0 failures 0 warnings (v4.4.117)

by Build bot for Mark Brown

Tree/Branch: v4.4.117 Git describe: v4.4.117 Commit: e9fd3d16de Linux 4.4.117 Build Time: 67 min 23 sec Passed: 9 / 9 (100.00 %) Failed: 0 / 9 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

6 years, 10 months

1
0
0 0

[RFC][PATCH 0/6] KEYS: Fixes

by David Howells

Hi James, Here's a collection of fixes for Linux keyrings, mostly thanks to Eric Biggers, if you could pass them along to Linus. They include: (1) Fix some PKCS#7 verification issues. (2) Fix handling of unsupported crypto in X.509. (3) Fix too-large allocation in big_key. The patches can be found here also: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/tag/?… And also on the keys-fixes branch. David --- David Howells (1): KEYS: Use individual pages in big_key for crypto buffers Eric Biggers (5): PKCS#7: fix certificate chain verification PKCS#7: fix certificate blacklisting PKCS#7: fix direct verification of SignerInfo signature X.509: fix BUG_ON() when hash algorithm is unsupported X.509: fix NULL dereference when restricting key with unsupported_sig crypto/asymmetric_keys/pkcs7_trust.c | 1 crypto/asymmetric_keys/pkcs7_verify.c | 12 ++-- crypto/asymmetric_keys/public_key.c | 4 + crypto/asymmetric_keys/restrict.c | 21 ++++-- security/keys/big_key.c | 110 ++++++++++++++++++++++++++------- 5 files changed, 111 insertions(+), 37 deletions(-)

6 years, 10 months

2
10
0 0

v4.15.5 build: 0 failures 1 warnings (v4.15.5)

by Build bot for Mark Brown

Tree/Branch: v4.15.5 Git describe: v4.15.5 Commit: a6c3a2a210 Linux 4.15.5 Build Time: 112 min 45 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 1 1 ../include/linux/sched/mm.h:188:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/linux/sched/mm.h:188:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

6 years, 10 months

1
0
0 0

Patch "xfrm: skip policies marked as dead while rehashing" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfrm: skip policies marked as dead while rehashing to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfrm-skip-policies-marked-as-dead-while-rehashing.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 862591bf4f519d1b8d859af720fafeaebdd0162a Mon Sep 17 00:00:00 2001 From: Florian Westphal <fw(a)strlen.de> Date: Wed, 27 Dec 2017 23:25:45 +0100 Subject: xfrm: skip policies marked as dead while rehashing From: Florian Westphal <fw(a)strlen.de> commit 862591bf4f519d1b8d859af720fafeaebdd0162a upstream. syzkaller triggered following KASAN splat: BUG: KASAN: slab-out-of-bounds in xfrm_hash_rebuild+0xdbe/0xf00 net/xfrm/xfrm_policy.c:618 read of size 2 at addr ffff8801c8e92fe4 by task kworker/1:1/23 [..] Workqueue: events xfrm_hash_rebuild [..] __asan_report_load2_noabort+0x14/0x20 mm/kasan/report.c:428 xfrm_hash_rebuild+0xdbe/0xf00 net/xfrm/xfrm_policy.c:618 process_one_work+0xbbf/0x1b10 kernel/workqueue.c:2112 worker_thread+0x223/0x1990 kernel/workqueue.c:2246 [..] The reproducer triggers: 1016 if (error) { 1017 list_move_tail(&walk->walk.all, &x->all); 1018 goto out; 1019 } in xfrm_policy_walk() via pfkey (it sets tiny rcv space, dump callback returns -ENOBUFS). In this case, *walk is located the pfkey socket struct, so this socket becomes visible in the global policy list. It looks like this is intentional -- phony walker has walk.dead set to 1 and all other places skip such "policies". Ccing original authors of the two commits that seem to expose this issue (first patch missed ->dead check, second patch adds pfkey sockets to policies dumper list). Fixes: 880a6fab8f6ba5b ("xfrm: configure policy hash table thresholds by netlink") Fixes: 12a169e7d8f4b1c ("ipsec: Put dumpers on the dump list") Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: Timo Teras <timo.teras(a)iki.fi> Cc: Christophe Gouault <christophe.gouault(a)6wind.com> Reported-by: syzbot <bot+c028095236fcb6f4348811565b75084c754dc729(a)syzkaller.appspotmail.com> Signed-off-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/xfrm/xfrm_policy.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -610,7 +610,8 @@ static void xfrm_hash_rebuild(struct wor /* re-insert all policies by order of creation */ list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) { - if (xfrm_policy_id2dir(policy->index) >= XFRM_POLICY_MAX) { + if (policy->walk.dead || + xfrm_policy_id2dir(policy->index) >= XFRM_POLICY_MAX) { /* skip socket policies */ continue; } Patches currently in stable-queue which might be from fw(a)strlen.de are queue-4.14/xfrm-skip-policies-marked-as-dead-while-rehashing.patch queue-4.14/netfilter-x_tables-avoid-out-of-bounds-reads-in-xt_request_find_-match-target.patch queue-4.14/netfilter-on-sockopt-acquire-sock-lock-only-in-the-required-scope.patch queue-4.14/netfilter-xt_rateest-acquire-xt_rateest_mutex-for-hash-insert.patch queue-4.14/xfrm-don-t-call-xfrm_policy_cache_flush-while-holding-spinlock.patch

6 years, 10 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2018