August 2020 - Linux-stable-mirror

by Plamen Lyutov

Is it possible 5bedd3afee8eb01ccd256f0cd2cc0fa6f841417a to be backported to 5.4.xx to fix c64141c68f725068440fbc13eb63dbb283e99168 as it was backported to 5.7 as 02963f5752032ab987fae7b450d5e1e357e7425b to fix e2cb0c5635ecf7d8f2bde9971edbe00a0b8b8536

4 years, 5 months

2
1
0 0

Aw: [PATCH 2/3] arm64: dts: mt7622: add reset node for mmc device

by Frank Wunderlich

> Gesendet: Mittwoch, 12. August 2020 um 11:37 Uhr > Von: "Wenbin Mei" <wenbin.mei(a)mediatek.com> > Betreff: [PATCH 3/3] mmc: mediatek: add optional module reset property > This patch adds a optional reset management for msdc. > Sometimes the bootloader does not bring msdc register > to default state, so need reset the msdc controller. > > Signed-off-by: Wenbin Mei <wenbin.mei(a)mediatek.com> Thanks for posting the fix to Mainline same as 3/3, dts-patch is also needed for fixing eMMC-Issue on R64 Fixes: 966580ad236e ("mmc: mediatek: add support for MT7622 SoC") Tested-By: Frank Wunderlich <frank-w(a)public-files.de> and it needs to be fixed at least for 5.4+, so adding stable-CC Cc: stable(a)vger.kernel.org

4 years, 5 months

2
1
0 0

Aw: [PATCH 3/3] mmc: mediatek: add optional module reset property

by Frank Wunderlich

> Gesendet: Mittwoch, 12. August 2020 um 11:37 Uhr > Von: "Wenbin Mei" <wenbin.mei(a)mediatek.com> > Betreff: [PATCH 3/3] mmc: mediatek: add optional module reset property > This patch adds a optional reset management for msdc. > Sometimes the bootloader does not bring msdc register > to default state, so need reset the msdc controller. > > Signed-off-by: Wenbin Mei <wenbin.mei(a)mediatek.com> Thanks for posting the fix to Mainline imho this should contain a fixes-Tag as it fixes eMMC-Access on mt7622/Bpi-R64 before we got these Errors on mounting eMMC ion R64: [ 48.664925] blk_update_request: I/O error, dev mmcblk0, sector 204800 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 48.676019] Buffer I/O error on dev mmcblk0p1, logical block 0, lost sync page write Fixes: 966580ad236e ("mmc: mediatek: add support for MT7622 SoC") Tested-By: Frank Wunderlich <frank-w(a)public-files.de> and it needs to be fixed at least for 5.4+, so adding stable-CC Cc: stable(a)vger.kernel.org

4 years, 5 months

2
1
0 0

[tip: irq/urgent] genirq/PM: Always unlock IRQ descriptor in rearm_wake_irq()

by tip-bot2 for Guenter Roeck

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: e27b1636e9337d1a1d174b191e53d0f86421a822 Gitweb: https://git.kernel.org/tip/e27b1636e9337d1a1d174b191e53d0f86421a822 Author: Guenter Roeck <linux(a)roeck-us.net> AuthorDate: Tue, 11 Aug 2020 11:00:01 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Wed, 12 Aug 2020 11:04:05 +02:00 genirq/PM: Always unlock IRQ descriptor in rearm_wake_irq() rearm_wake_irq() does not unlock the irq descriptor if the interrupt is not suspended or if wakeup is not enabled on it. Restucture the exit conditions so the unlock is always ensured. Fixes: 3a79bc63d9075 ("PCI: irq: Introduce rearm_wake_irq()") Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20200811180001.80203-1-linux@roeck-us.net --- kernel/irq/pm.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/kernel/irq/pm.c b/kernel/irq/pm.c index 8f557fa..c6c7e18 100644 --- a/kernel/irq/pm.c +++ b/kernel/irq/pm.c @@ -185,14 +185,18 @@ void rearm_wake_irq(unsigned int irq) unsigned long flags; struct irq_desc *desc = irq_get_desc_buslock(irq, &flags, IRQ_GET_DESC_CHECK_GLOBAL); - if (!desc || !(desc->istate & IRQS_SUSPENDED) || - !irqd_is_wakeup_set(&desc->irq_data)) + if (!desc) return; + if (!(desc->istate & IRQS_SUSPENDED) || + !irqd_is_wakeup_set(&desc->irq_data)) + goto unlock; + desc->istate &= ~IRQS_SUSPENDED; irqd_set(&desc->irq_data, IRQD_WAKEUP_ARMED); __enable_irq(desc); +unlock: irq_put_desc_busunlock(desc, flags); }

4 years, 5 months

1
0
0 0

[PATCH] usbip: Implement a match function to fix usbip

by M. Vefa Bicakci

Commit 88b7381a939d ("USB: Select better matching USB drivers when available") introduced the use of a "match" function to select a non-generic/better driver for a particular USB device. This unfortunately breaks the operation of usbip in general, as reported in the kernel bugzilla with bug 208267 (linked below). Upon inspecting the aforementioned commit, one can observe that the original code in the usb_device_match function used to return 1 unconditionally, but the aforementioned commit makes the usb_device_match function use identifier tables and "match" virtual functions, if either of them are available. Hence, this commit implements a match function for usbip that unconditionally returns true to ensure that usbip is functional again. This change has been verified to restore usbip functionality, with a v5.7.y kernel on an up-to-date version of Qubes OS 4.0, which uses usbip to redirect USB devices between VMs. Thanks to Jonathan Dieter for the effort in bisecting this issue down to the aforementioned commit. Fixes: 88b7381a939d ("USB: Select better matching USB drivers when available") Link: https://bugzilla.kernel.org/show_bug.cgi?id=208267 Link: https://bugzilla.redhat.com/show_bug.cgi?id=1856443 Link: https://github.com/QubesOS/qubes-issues/issues/5905 Signed-off-by: M. Vefa Bicakci <m.v.b(a)runbox.com> Cc: <stable(a)vger.kernel.org> # 5.7 Cc: Valentina Manea <valentina.manea.m(a)gmail.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Bastien Nocera <hadess(a)hadess.net> Cc: Alan Stern <stern(a)rowland.harvard.edu> --- drivers/usb/usbip/stub_dev.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/usb/usbip/stub_dev.c b/drivers/usb/usbip/stub_dev.c index 2305d425e6c9..9d7d642022d1 100644 --- a/drivers/usb/usbip/stub_dev.c +++ b/drivers/usb/usbip/stub_dev.c @@ -461,6 +461,11 @@ static void stub_disconnect(struct usb_device *udev) return; } +static bool usbip_match(struct usb_device *udev) +{ + return true; +} + #ifdef CONFIG_PM /* These functions need usb_port_suspend and usb_port_resume, @@ -486,6 +491,7 @@ struct usb_device_driver stub_driver = { .name = "usbip-host", .probe = stub_probe, .disconnect = stub_disconnect, + .match = usbip_match, #ifdef CONFIG_PM .suspend = stub_suspend, .resume = stub_resume, -- 2.26.2

4 years, 5 months

4
4
0 0

[PATCH] erofs: avoid duplicated permission check for "trusted." xattrs

by Gao Xiang

Don't recheck it since xattr_permission() already checks CAP_SYS_ADMIN capability. Just follow 5d3ce4f70172 ("f2fs: avoid duplicated permission check for "trusted." xattrs") Reported-by: Hongyu Jin <hongyu.jin(a)unisoc.com> [ Gao Xiang: since it could cause some complex Android overlay permission issue as well on android-5.4+, so it'd be better to backport to 5.4+ rather than pure cleanup on mainline. ] Cc: <stable(a)vger.kernel.org> # 5.4+ Signed-off-by: Gao Xiang <hsiangkao(a)redhat.com> --- related commit: https://android-review.googlesource.com/c/kernel/common/+/1121623/6/fs/xatt… fs/erofs/xattr.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/erofs/xattr.c b/fs/erofs/xattr.c index 87e437e7b34f..f86e3247febc 100644 --- a/fs/erofs/xattr.c +++ b/fs/erofs/xattr.c @@ -473,8 +473,6 @@ static int erofs_xattr_generic_get(const struct xattr_handler *handler, return -EOPNOTSUPP; break; case EROFS_XATTR_INDEX_TRUSTED: - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; break; case EROFS_XATTR_INDEX_SECURITY: break; -- 2.18.1

4 years, 5 months

2
1
0 0

[patch 100/165] fs/minix: reject too-large maximum file size

by Andrew Morton

From: Eric Biggers <ebiggers(a)google.com> Subject: fs/minix: reject too-large maximum file size If the minix filesystem tries to map a very large logical block number to its on-disk location, block_to_path() can return offsets that are too large, causing out-of-bounds memory accesses when accessing indirect index blocks. This should be prevented by the check against the maximum file size, but this doesn't work because the maximum file size is read directly from the on-disk superblock and isn't validated itself. Fix this by validating the maximum file size at mount time. Link: http://lkml.kernel.org/r/20200628060846.682158-4-ebiggers@kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+c7d9ec7a1a7272dd71b3(a)syzkaller.appspotmail.com Reported-by: syzbot+3b7b03a0c28948054fb5(a)syzkaller.appspotmail.com Reported-by: syzbot+6e056ee473568865f3e6(a)syzkaller.appspotmail.com Signed-off-by: Eric Biggers <ebiggers(a)google.com> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Qiujun Huang <anenbupt(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/minix/inode.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) --- a/fs/minix/inode.c~fs-minix-reject-too-large-maximum-file-size +++ a/fs/minix/inode.c @@ -150,6 +150,23 @@ static int minix_remount (struct super_b return 0; } +static bool minix_check_superblock(struct minix_sb_info *sbi) +{ + if (sbi->s_imap_blocks == 0 || sbi->s_zmap_blocks == 0) + return false; + + /* + * s_max_size must not exceed the block mapping limitation. This check + * is only needed for V1 filesystems, since V2/V3 support an extra level + * of indirect blocks which places the limit well above U32_MAX. + */ + if (sbi->s_version == MINIX_V1 && + sbi->s_max_size > (7 + 512 + 512*512) * BLOCK_SIZE) + return false; + + return true; +} + static int minix_fill_super(struct super_block *s, void *data, int silent) { struct buffer_head *bh; @@ -228,11 +245,12 @@ static int minix_fill_super(struct super } else goto out_no_fs; + if (!minix_check_superblock(sbi)) + goto out_illegal_sb; + /* * Allocate the buffer map to keep the superblock small. */ - if (sbi->s_imap_blocks == 0 || sbi->s_zmap_blocks == 0) - goto out_illegal_sb; i = (sbi->s_imap_blocks + sbi->s_zmap_blocks) * sizeof(bh); map = kzalloc(i, GFP_KERNEL); if (!map) _

4 years, 5 months

1
0
0 0

[patch 099/165] fs/minix: don't allow getting deleted inodes

by Andrew Morton

From: Eric Biggers <ebiggers(a)google.com> Subject: fs/minix: don't allow getting deleted inodes If an inode has no links, we need to mark it bad rather than allowing it to be accessed. This avoids WARNINGs in inc_nlink() and drop_nlink() when doing directory operations on a fuzzed filesystem. Link: http://lkml.kernel.org/r/20200628060846.682158-3-ebiggers@kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+a9ac3de1b5de5fb10efc(a)syzkaller.appspotmail.com Reported-by: syzbot+df958cf5688a96ad3287(a)syzkaller.appspotmail.com Signed-off-by: Eric Biggers <ebiggers(a)google.com> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Qiujun Huang <anenbupt(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/minix/inode.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/fs/minix/inode.c~fs-minix-dont-allow-getting-deleted-inodes +++ a/fs/minix/inode.c @@ -468,6 +468,13 @@ static struct inode *V1_minix_iget(struc iget_failed(inode); return ERR_PTR(-EIO); } + if (raw_inode->i_nlinks == 0) { + printk("MINIX-fs: deleted inode referenced: %lu\n", + inode->i_ino); + brelse(bh); + iget_failed(inode); + return ERR_PTR(-ESTALE); + } inode->i_mode = raw_inode->i_mode; i_uid_write(inode, raw_inode->i_uid); i_gid_write(inode, raw_inode->i_gid); @@ -501,6 +508,13 @@ static struct inode *V2_minix_iget(struc iget_failed(inode); return ERR_PTR(-EIO); } + if (raw_inode->i_nlinks == 0) { + printk("MINIX-fs: deleted inode referenced: %lu\n", + inode->i_ino); + brelse(bh); + iget_failed(inode); + return ERR_PTR(-ESTALE); + } inode->i_mode = raw_inode->i_mode; i_uid_write(inode, raw_inode->i_uid); i_gid_write(inode, raw_inode->i_gid); _

4 years, 5 months

1
0
0 0

[patch 098/165] fs/minix: check return value of sb_getblk()

by Andrew Morton

From: Eric Biggers <ebiggers(a)google.com> Subject: fs/minix: check return value of sb_getblk() Patch series "fs/minix: fix syzbot bugs and set s_maxbytes". This series fixes all syzbot bugs in the minix filesystem: KASAN: null-ptr-deref Write in get_block KASAN: use-after-free Write in get_block KASAN: use-after-free Read in get_block WARNING in inc_nlink KMSAN: uninit-value in get_block WARNING in drop_nlink It also fixes the minix filesystem to set s_maxbytes correctly, so that userspace sees the correct behavior when exceeding the max file size. This patch (of 6): sb_getblk() can fail, so check its return value. This fixes a NULL pointer dereference. Originally from Qiujun Huang. Link: http://lkml.kernel.org/r/20200628060846.682158-1-ebiggers@kernel.org Link: http://lkml.kernel.org/r/20200628060846.682158-2-ebiggers@kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Biggers <ebiggers(a)google.com> Reported-by: syzbot+4a88b2b9dc280f47baf4(a)syzkaller.appspotmail.com Cc: Qiujun Huang <anenbupt(a)gmail.com> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/minix/itree_common.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/fs/minix/itree_common.c~fs-minix-check-return-value-of-sb_getblk +++ a/fs/minix/itree_common.c @@ -75,6 +75,7 @@ static int alloc_branch(struct inode *in int n = 0; int i; int parent = minix_new_block(inode); + int err = -ENOSPC; branch[0].key = cpu_to_block(parent); if (parent) for (n = 1; n < num; n++) { @@ -85,6 +86,11 @@ static int alloc_branch(struct inode *in break; branch[n].key = cpu_to_block(nr); bh = sb_getblk(inode->i_sb, parent); + if (!bh) { + minix_free_block(inode, nr); + err = -ENOMEM; + break; + } lock_buffer(bh); memset(bh->b_data, 0, bh->b_size); branch[n].bh = bh; @@ -103,7 +109,7 @@ static int alloc_branch(struct inode *in bforget(branch[i].bh); for (i = 0; i < n; i++) minix_free_block(inode, block_to_cpu(branch[i].key)); - return -ENOSPC; + return err; } static inline int splice_branch(struct inode *inode, _

4 years, 5 months

1
0
0 0

stable-rc/linux-5.7.y baseline: 188 runs, 1 regressions (v5.7.15)

by kernelci.org bot

stable-rc/linux-5.7.y baseline: 188 runs, 1 regressions (v5.7.15) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | results ----------------------+------+--------------+----------+-----------------+-------- at91-sama5d4_xplained | arm | lab-baylibre | gcc-8 | sama5_defconfig | 0/1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-5.7.y/kernel/v5.7.15/p… Test: baseline Tree: stable-rc Branch: linux-5.7.y Describe: v5.7.15 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 0e446529d34888ac57fe059ec32e9114a381c800 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | results ----------------------+------+--------------+----------+-----------------+-------- at91-sama5d4_xplained | arm | lab-baylibre | gcc-8 | sama5_defconfig | 0/1 Details: https://kernelci.org/test/plan/id/5f331373a01cd8f3f152c1cc Results: 0 PASS, 1 FAIL, 0 SKIP Full config: sama5_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/linux-5.7.y/v5.7.15/arm/sama5_defco… HTML log: https://storage.kernelci.org//stable-rc/linux-5.7.y/v5.7.15/arm/sama5_defco… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05/armel/basel… * baseline.login: https://kernelci.org/test/case/id/5f331373a01cd8f3f152c1cd failing since 26 days (last pass: v5.7.8-167-gc2fb28a4b6e4, first fail: v5.7.9)

4 years, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2020