January 2020 - Linux-stable-mirror

patch "staging: most: net: fix buffer overflow" added to staging-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: most: net: fix buffer overflow to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the staging-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 4d1356ac12f4d5180d0df345d85ff0ee42b89c72 Mon Sep 17 00:00:00 2001 From: Andrey Shvetsov <andrey.shvetsov(a)k2l.de> Date: Thu, 16 Jan 2020 18:22:39 +0100 Subject: staging: most: net: fix buffer overflow If the length of the socket buffer is 0xFFFFFFFF (max size for an unsigned int), then payload_len becomes 0xFFFFFFF1 after subtracting 14 (ETH_HLEN). Then, mdp_len is set to payload_len + 16 (MDP_HDR_LEN) which overflows and results in a value of 2. These values for payload_len and mdp_len will pass current buffer size checks. This patch checks if derived from skb->len sum may overflow. The check is based on the following idea: For any `unsigned V1, V2` and derived `unsigned SUM = V1 + V2`, `V1 + V2` overflows iif `SUM < V1`. Reported-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Andrey Shvetsov <andrey.shvetsov(a)k2l.de> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20200116172238.6046-1-andrey.shvetsov@microchip.c… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/most/net/net.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/staging/most/net/net.c b/drivers/staging/most/net/net.c index 8218c9a06cb5..5547e36e09de 100644 --- a/drivers/staging/most/net/net.c +++ b/drivers/staging/most/net/net.c @@ -82,6 +82,11 @@ static int skb_to_mamac(const struct sk_buff *skb, struct mbo *mbo) unsigned int payload_len = skb->len - ETH_HLEN; unsigned int mdp_len = payload_len + MDP_HDR_LEN; + if (mdp_len < skb->len) { + pr_err("drop: too large packet! (%u)\n", skb->len); + return -EINVAL; + } + if (mbo->buffer_length < mdp_len) { pr_err("drop: too small buffer! (%d for %d)\n", mbo->buffer_length, mdp_len); @@ -129,6 +134,11 @@ static int skb_to_mep(const struct sk_buff *skb, struct mbo *mbo) u8 *buff = mbo->virt_address; unsigned int mep_len = skb->len + MEP_HDR_LEN; + if (mep_len < skb->len) { + pr_err("drop: too large packet! (%u)\n", skb->len); + return -EINVAL; + } + if (mbo->buffer_length < mep_len) { pr_err("drop: too small buffer! (%d for %d)\n", mbo->buffer_length, mep_len); -- 2.25.0

4 years, 11 months

1
0
0 0

[BACKPORT v4.19 0/3] Fixes for nv50/gf100 under VMD

by Sushma Kalakota

This fix is a case where a nv50 or gf100 graphics card is used on a VMD Domain (or other memory restricted domain) that results in a null-pointer dereference. One of the original fixes was already backported: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… Sushma Kalakota (3): drm/nouveau/bar/nv50: check bar1 vmm return value drm/nouveau/bar/gf100: ensure BAR is mapped drm/nouveau/mmu: qualify vmm during dtor drivers/gpu/drm/nouveau/nvkm/subdev/bar/gf100.c | 2 ++ drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c | 2 ++ drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) -- 2.17.1

4 years, 11 months

2
4
0 0

Re: [PATCH v2 1/3] ARM: dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL

by Naresh Kamboju

The following dtbs build error noticed for arm build on stable rc 4.19 branch. # make -sk KBUILD_BUILD_USER=KernelCI -C/linux ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- HOSTCC=gcc O=build dtbs # ../arch/arm/boot/dts/imx6dl-icore-mipi.dts:11:10: fatal error: imx6qdl-icore-1.5.dtsi: No such file or directory 11 | #include "imx6qdl-icore-1.5.dtsi" | ^~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. make[2]: *** [scripts/Makefile.lib:294: arch/arm/boot/dts/imx6dl-icore-mipi.dtb] Error 1 On Thu, 9 Jan 2020 at 13:16, Shawn Guo <shawnguo(a)kernel.org> wrote: > > On Mon, Dec 30, 2019 at 05:30:19PM +0530, Jagan Teki wrote: > > The EDIMM STARTER KIT i.Core 1.5 MIPI Evaluation is based on > > the 1.5 version of the i.Core MX6 cpu module. The 1.5 version > > differs from the original one for a few details, including the > > ethernet PHY interface clock provider. > > > > With this commit, the ethernet interface works properly: > > SMSC LAN8710/LAN8720 2188000.ethernet-1:00: attached PHY driver > > > > While before using the 1.5 version, ethernet failed to startup > > do to un-clocked PHY interface: > > fec 2188000.ethernet eth0: could not attach to PHY > > > > Similar fix has merged for i.Core MX6Q but missed to update for DL. > > > > Fixes: a8039f2dd089 ("ARM: dts: imx6dl: Add Engicam i.CoreM6 1.5 Quad/Dual MIPI starter kit support") > > Cc: Jacopo Mondi <jacopo(a)jmondi.org> > > Signed-off-by: Michael Trimarchi <michael(a)amarulasolutions.com> > > Signed-off-by: Jagan Teki <jagan(a)amarulasolutions.com> > > Applied all 3, thanks.

4 years, 11 months

3
2
0 0

[PATCH] iommu/vt-d: call __dmar_remove_one_dev_info with valid pointer

by Jerry Snitselaar

It is possible for archdata.iommu to be set to DEFER_DEVICE_DOMAIN_INFO or DUMMY_DEVICE_DOMAIN_INFO so check for those values before calling __dmar_remove_one_dev_info. Without a check it can result in a null pointer dereference. This has been seen while booting a kdump kernel on an HP dl380 gen9. Cc: Joerg Roedel <joro(a)8bytes.org> Cc: Lu Baolu <baolu.lu(a)linux.intel.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: stable(a)vger.kernel.org # 5.3+ Cc: linux-kernel(a)vger.kernel.org Fixes: ae23bfb68f28 ("iommu/vt-d: Detach domain before using a private one") Signed-off-by: Jerry Snitselaar <jsnitsel(a)redhat.com> --- drivers/iommu/intel-iommu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c index 1801f0aaf013..932267f49f9a 100644 --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c @@ -5163,7 +5163,8 @@ static void dmar_remove_one_dev_info(struct device *dev) spin_lock_irqsave(&device_domain_lock, flags); info = dev->archdata.iommu; - if (info) + if (info && info != DEFER_DEVICE_DOMAIN_INFO + && info != DUMMY_DEVICE_DOMAIN_INFO) __dmar_remove_one_dev_info(info); spin_unlock_irqrestore(&device_domain_lock, flags); } -- 2.24.0

4 years, 11 months

2
1
0 0

stable-rc/linux-4.9.y boot: 53 boots: 2 failed, 51 passed (v4.9.210-90-ge20d090cbbfe)

by kernelci.org bot

stable-rc/linux-4.9.y boot: 53 boots: 2 failed, 51 passed (v4.9.210-90-ge20d090cbbfe) Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.9.y/kernel/v4.9.… Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.9.y/kernel/v4.9.210-90-… Tree: stable-rc Branch: linux-4.9.y Git Describe: v4.9.210-90-ge20d090cbbfe Git Commit: e20d090cbbfefd4e4f49fbd3b5535ef965533294 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Tested: 28 unique boards, 13 SoC families, 10 builds out of 183 Boot Regressions Detected: arm: multi_v7_defconfig: gcc-8: alpine-db: lab-baylibre: new failure (last pass: v4.9.210) Boot Failures Detected: arm: sama5_defconfig: gcc-8: at91-sama5d4_xplained: 1 failed lab multi_v7_defconfig: gcc-8: alpine-db: 1 failed lab --- For more info write to <info(a)kernelci.org>

4 years, 11 months

1
0
0 0

RE: [v3] x86/tsc: Unset TSC_KNOWN_FREQ and TSC_RELIABLE flags on Intel Bay Trail SoC

by Kumar, Vipul

Hi Sasha, As this patch is based on commit f3a02ecebed7 ("x86/tsc: Set TSC_KNOWN_FREQ and TSC_RELIABLE flags on Intel Atom SoCs") which was introduced in 4.14. So, this patch is not applicable for kernel versions prior to 4.14. As this patch is under review, can we put it on hold ? Regards, Vipul -----Original Message----- From: Sasha Levin [mailto:sashal@kernel.org] Sent: 22 January 2020 07:56 To: Sasha Levin <sashal(a)kernel.org>; Vipul Kumar <vipulk0511(a)gmail.com>; Kumar, Vipul <Vipul_Kumar(a)mentor.com>; Daniel Lezcano <daniel.lezcano(a)linaro.org> Cc: linux-kernel(a)vger.kernel.org; Stable <stable(a)vger.kernel.org>; stable(a)vger.kernel.org; stable(a)vger.kernel.org Subject: Re: [v3] x86/tsc: Unset TSC_KNOWN_FREQ and TSC_RELIABLE flags on Intel Bay Trail SoC Hi, [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all The bot has tested the following trees: v5.4.13, v4.19.97, v4.14.166, v4.9.210, v4.4.210. v5.4.13: Build OK! v4.19.97: Build OK! v4.14.166: Build failed! Errors: v4.9.210: Failed to apply! Possible dependencies: f3a02ecebed7 ("x86/tsc: Set TSC_KNOWN_FREQ and TSC_RELIABLE flags on Intel Atom SoCs") v4.4.210: Failed to apply! Possible dependencies: 0007bccc3cfd ("x86: Replace RDRAND forced-reseed with simple sanity check") 07dc900e17a9 ("perf/x86: Move Kconfig.perf and other perf configuration bits to events/Kconfig") 1b74dde7c47c ("x86/cpu: Convert printk(KERN_<LEVEL> ...) to pr_<level>(...)") 218cfe4ed888 ("perf/x86: Move perf_event_amd_ibs.c ....... => x86/events/amd/ibs.c") 39b0332a2158 ("perf/x86: Move perf_event_amd.c ........... => x86/events/amd/core.c") 442f5c74cbea ("perf/x86: Use INST_RETIRED.TOTAL_CYCLES_PS for cycles:pp for Skylake") 5b26547dd7fa ("perf/x86: Move perf_event_amd_iommu.[ch] .. => x86/events/amd/iommu.[ch]") 724697648eec ("perf/x86: Use INST_RETIRED.PREC_DIST for cycles: ppp") e633c65a1d58 ("x86/perf/intel/uncore: Make the Intel uncore PMU driver modular") fa9cbf320e99 ("perf/x86: Move perf_event.c ............... => x86/events/core.c") NOTE: The patch will not be queued to stable trees until it is upstream. How should we proceed with this patch? -- Thanks, Sasha

4 years, 11 months

1
0
0 0

stable-rc/linux-4.19.y boot: 57 boots: 1 failed, 53 passed with 3 untried/unknown (v4.19.97-88-g854a2a8f9451)

by kernelci.org bot

stable-rc/linux-4.19.y boot: 57 boots: 1 failed, 53 passed with 3 untried/unknown (v4.19.97-88-g854a2a8f9451) Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.19.y/kernel/v4.1… Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.19.y/kernel/v4.19.97-88… Tree: stable-rc Branch: linux-4.19.y Git Describe: v4.19.97-88-g854a2a8f9451 Git Commit: 854a2a8f9451c77029355b3ca1cf0c963aaaffd5 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Tested: 43 unique boards, 14 SoC families, 13 builds out of 206 Boot Regressions Detected: arc: hsdk_defconfig: gcc-8: hsdk: lab-baylibre: new failure (last pass: v4.19.97-66-g6e319a78bc27) arm: sunxi_defconfig: gcc-8: sun4i-a10-olinuxino-lime: lab-baylibre: new failure (last pass: v4.19.97-66-g6e319a78bc27) Boot Failure Detected: arm: sama5_defconfig: gcc-8: at91-sama5d4_xplained: 1 failed lab --- For more info write to <info(a)kernelci.org>

4 years, 11 months

1
0
0 0

stable-rc/linux-4.4.y boot: 37 boots: 1 failed, 36 passed (v4.4.210-70-ga43a787c971a)

by kernelci.org bot

stable-rc/linux-4.4.y boot: 37 boots: 1 failed, 36 passed (v4.4.210-70-ga43a787c971a) Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.… Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.210-70-… Tree: stable-rc Branch: linux-4.4.y Git Describe: v4.4.210-70-ga43a787c971a Git Commit: a43a787c971af563b4ae7d2e96f5c35e04b37456 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Tested: 22 unique boards, 11 SoC families, 7 builds out of 182 Boot Failure Detected: arm: sama5_defconfig: gcc-8: at91-sama5d4_xplained: 1 failed lab --- For more info write to <info(a)kernelci.org>

4 years, 11 months

1
0
0 0

Re: [for-linus][PATCH 3/5] tracing: trigger: Replace unneeded RCU-list traversals

by Masami Hiramatsu

On Wed, 22 Jan 2020 02:26:22 +0000 Sasha Levin <sashal(a)kernel.org> wrote: > Hi, > > [This is an automated email] > > This commit has been processed because it contains a "Fixes:" tag, > fixing commit: 30350d65ac56 ("tracing: Add variable support to hist triggers"). > > The bot has tested the following trees: v5.4.13, v4.19.97. > > v5.4.13: Build OK! > v4.19.97: Build failed! Errors: > kernel/trace/trace_events_hist.c:5725:34: error: macro "list_for_each_entry_rcu" passed 4 arguments, but takes just 3 > kernel/trace/trace_events_hist.c:5724:2: error: ‘list_for_each_entry_rcu’ undeclared (first use in this function) > kernel/trace/trace_events_hist.c:5724:25: error: expected ‘;’ before ‘{’ token Ah, that depends on commit 28875945ba98 ("rcu: Add support for consolidated-RCU reader checking"). We need to remove lockdep_is_held() from that list_for_each_entry_rcu(). (I've attached it) Thank you, -- Masami Hiramatsu <mhiramat(a)kernel.org>

4 years, 11 months

1
0
0 0

✅ PASS: Test report for kernel 5.4.14-rc1-58262df.cki (stable)

by CKI Project

Hello, We ran automated tests on a recent commit from this kernel tree: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Commit: 58262dfd5845 - Linux 5.4.14-rc1 The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK All kernel binaries, config files, and logs are available for download here: https://artifacts.cki-project.org/pipelines/396359 Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Compile testing --------------- We compiled the kernel for 3 architectures: aarch64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg ppc64le: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg x86_64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: Host 1: ✅ Boot test ✅ Podman system integration test (as root) ✅ Podman system integration test (as user) ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking MACsec: sanity ✅ Networking socket: fuzz ✅ Networking sctp-auth: sockopts test ✅ Networking: igmp conformance test ✅ Networking route: pmtu ✅ Networking route_func: local ✅ Networking route_func: forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns transport ✅ Networking ipsec: basic netns tunnel ✅ audit: audit testsuite test ✅ httpd: mod_ssl smoke sanity ✅ tuned: tune-processes-through-perf ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ storage: SCSI VPD ✅ trace: ftrace/tracer 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm test suite 🚧 ✅ Memory function: kaslr 🚧 ✅ LTP: openposix test suite 🚧 ✅ Networking vnic: ipvlan/basic 🚧 ✅ iotop: sanity 🚧 ✅ Usex - version 1.9-29 🚧 ✅ storage: dm/common Host 2: ✅ Boot test ✅ xfstests: ext4 ✅ xfstests: xfs ✅ selinux-policy: serge-testsuite ✅ lvm thinp sanity ✅ storage: software RAID testing ✅ stress: stress-ng 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ✅ Storage blktests ppc64le: Host 1: ✅ Boot test ✅ Podman system integration test (as root) ✅ Podman system integration test (as user) ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking MACsec: sanity ✅ Networking socket: fuzz ✅ Networking sctp-auth: sockopts test ✅ Networking route: pmtu ✅ Networking route_func: local ✅ Networking route_func: forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns tunnel ✅ audit: audit testsuite test ✅ httpd: mod_ssl smoke sanity ✅ tuned: tune-processes-through-perf ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ trace: ftrace/tracer 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm test suite 🚧 ✅ Memory function: kaslr 🚧 ✅ LTP: openposix test suite 🚧 ✅ Networking vnic: ipvlan/basic 🚧 ✅ iotop: sanity 🚧 ✅ Usex - version 1.9-29 🚧 ✅ storage: dm/common Host 2: ✅ Boot test ✅ xfstests: ext4 ✅ xfstests: xfs ✅ selinux-policy: serge-testsuite ✅ lvm thinp sanity ✅ storage: software RAID testing 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ✅ Storage blktests x86_64: Host 1: ✅ Boot test ✅ Podman system integration test (as root) ✅ Podman system integration test (as user) ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking MACsec: sanity ✅ Networking socket: fuzz ✅ Networking sctp-auth: sockopts test ✅ Networking: igmp conformance test ✅ Networking route: pmtu ✅ Networking route_func: local ✅ Networking route_func: forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns transport ✅ Networking ipsec: basic netns tunnel ✅ audit: audit testsuite test ✅ httpd: mod_ssl smoke sanity ✅ tuned: tune-processes-through-perf ✅ pciutils: sanity smoke test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ storage: SCSI VPD ✅ trace: ftrace/tracer 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm test suite 🚧 ✅ Memory function: kaslr 🚧 ✅ LTP: openposix test suite 🚧 ✅ Networking vnic: ipvlan/basic 🚧 ✅ iotop: sanity 🚧 ✅ Usex - version 1.9-29 🚧 ✅ storage: dm/common Host 2: ✅ Boot test ✅ Storage SAN device stress - mpt3sas driver Host 3: ✅ Boot test ✅ Storage SAN device stress - megaraid_sas Host 4: ✅ Boot test ✅ xfstests: ext4 ✅ xfstests: xfs ✅ selinux-policy: serge-testsuite ✅ lvm thinp sanity ✅ storage: software RAID testing ✅ stress: stress-ng 🚧 ✅ IOMMU boot test 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ✅ Storage blktests Test sources: https://github.com/CKI-project/tests-beaker 💚 Pull requests are welcome for new tests or improvements to existing tests! Waived tests ------------ If the test run included waived tests, they are marked with 🚧. Such tests are executed but their results are not taken into account. Tests are waived when their results are not reliable enough, e.g. when they're just introduced or are being fixed. Testing timeout --------------- We aim to provide a report within reasonable timeframe. Tests that haven't finished running are marked with ⏱. Reports for non-upstream kernels have a Beaker recipe linked to next to each host.

4 years, 11 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2020