October 2021 - Linux-stable-mirror

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.156 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/Kconfig | 1 arch/arm/boot/dts/at91-sama5d27_som1_ek.dts | 1 arch/arm/boot/dts/spear3xx.dtsi | 2 arch/nios2/include/asm/irqflags.h | 4 arch/nios2/include/asm/registers.h | 2 arch/parisc/math-emu/fpudispatch.c | 56 +++++- arch/powerpc/kernel/idle_book3s.S | 148 ++++++++-------- arch/powerpc/kvm/book3s_hv_rmhandlers.S | 28 +-- arch/xtensa/platforms/xtfpga/setup.c | 12 - drivers/input/keyboard/snvs_pwrkey.c | 29 +++ drivers/isdn/capi/kcapi.c | 5 drivers/isdn/hardware/mISDN/netjet.c | 2 drivers/net/can/rcar/rcar_can.c | 20 +- drivers/net/can/sja1000/peak_pci.c | 9 drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 5 drivers/net/dsa/lantiq_gswip.c | 2 drivers/net/ethernet/freescale/enetc/enetc_ethtool.c | 2 drivers/net/ethernet/hisilicon/hns3/hnae3.c | 21 ++ drivers/net/ethernet/hisilicon/hns3/hnae3.h | 1 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c | 9 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 1 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-generic.c | 1 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 8 drivers/net/phy/mdio_bus.c | 1 drivers/net/usb/Kconfig | 1 drivers/pinctrl/stm32/pinctrl-stm32.c | 4 drivers/platform/x86/intel_scu_ipc.c | 2 drivers/scsi/hosts.c | 3 drivers/tee/optee/core.c | 3 drivers/tee/optee/device.c | 22 ++ drivers/tee/optee/optee_private.h | 1 fs/btrfs/tree-log.c | 47 +++-- fs/ceph/caps.c | 12 - fs/ceph/file.c | 1 fs/ceph/inode.c | 2 fs/ceph/mds_client.c | 17 - fs/ceph/super.h | 3 fs/exec.c | 2 fs/nfsd/nfsctl.c | 5 fs/ocfs2/alloc.c | 46 +--- fs/ocfs2/super.c | 14 + include/linux/elfcore.h | 2 kernel/auditsc.c | 2 kernel/dma/debug.c | 12 - kernel/trace/ftrace.c | 4 kernel/trace/trace.h | 64 ++---- kernel/trace/trace_functions.c | 2 mm/slub.c | 13 + net/can/j1939/j1939-priv.h | 1 net/can/j1939/main.c | 7 net/can/j1939/transport.c | 14 - net/netfilter/Kconfig | 2 net/netfilter/ipvs/ip_vs_ctl.c | 5 net/nfc/nci/rsp.c | 2 net/switchdev/switchdev.c | 9 scripts/Makefile.gcc-plugins | 4 sound/hda/hdac_controller.c | 5 sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/wm8960.c | 13 + sound/soc/soc-dapm.c | 13 - sound/usb/quirks-table.h | 32 +++ tools/testing/selftests/netfilter/nft_flowtable.sh | 1 65 files changed, 490 insertions(+), 279 deletions(-) Aleksander Jan Bajkowski (1): net: dsa: lantiq_gswip: fix register definition Antoine Tenart (1): netfilter: ipvs: make global sysctl readonly in non-init netns Benjamin Coddington (1): NFSD: Keep existing listeners on portlist error Brendan Grieve (1): ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset Brendan Higgins (1): gcc-plugins/structleak: add makefile var for disabling structleak Christopher M. Riedl (1): powerpc64/idle: Fix SP offsets when saving GPRs Dexuan Cui (1): scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() Eugen Hristev (1): ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default Fabien Dessenne (1): pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() Filipe Manana (1): btrfs: deal with errors when checking if a dir entry exists during log replay Florian Westphal (1): selftests: netfilter: remove stray bash debug line Gaosheng Cui (1): audit: fix possible null-pointer dereference in audit_filter_rules Gerald Schaefer (1): dma-debug: fix sg checks in debug_dma_map_sg() Greg Kroah-Hartman (1): Linux 5.4.156 Guangbin Huang (2): net: hns3: reset DWRR of unused tc to zero net: hns3: add limit ets dwrr bandwidth cannot be 0 Guenter Roeck (1): xtensa: xtfpga: Try software restart before simulating CPU reset Helge Deller (1): parisc: math-emu: Fix fall-through warnings Herve Codina (2): net: stmmac: add support for dwmac 3.40a ARM: dts: spear3xx: Fix gmac node Jan Kara (1): ocfs2: fix data corruption after conversion from inline format Jeff Layton (1): ceph: fix handling of "meta" errors Kai Vehmanen (1): ALSA: hda: avoid write to STATESTS if controller is in reset Kurt Kanzenbach (1): net: stmmac: Fix E2E delay mechanism Lin Ma (1): nfc: nci: fix the UAF of rf_conn_info object Lukas Bulwahn (1): elfcore: correct reference to CONFIG_UML Matthew Wilcox (Oracle) (1): vfs: check fd has read access in kernel_read_file_from_fd() Max Filippov (1): xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF Miaohe Lin (2): mm, slub: fix mismatch between reconstructed freelist depth and cnt mm, slub: fix potential memoryleak in kmem_cache_open() Michael Ellerman (3): KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest powerpc/idle: Don't corrupt back chain when going idle Nick Desaulniers (1): ARM: 9122/1: select HAVE_FUTEX_CMPXCHG Peng Li (1): net: hns3: disable sriov before unload hclge layer Prashant Malani (1): platform/x86: intel_scu_ipc: Update timeout value in comment Randy Dunlap (1): NIOS2: irqflags: rename a redefined register name Russell King (1): net: switchdev: do not propagate bridge updates across bridges Shengjiu Wang (1): ASoC: wm8960: Fix clock configuration on slave mode Stephane Grosjean (1): can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification Steven Clarkson (1): ALSA: hda/realtek: Add quirk for Clevo PC50HS Steven Rostedt (VMware) (1): tracing: Have all levels of checks prevent recursion Sumit Garg (1): tee: optee: Fix missing devices unregister during optee_remove Takashi Iwai (1): ASoC: DAPM: Fix missing kctl change notifications Uwe Kleine-König (1): Input: snvs_pwrkey - add clk handling Valentin Vidic (1): ocfs2: mount fails with buffer overflow in strlen Vegard Nossum (2): lan78xx: select CRC32 netfilter: Kconfig: use 'default y' instead of 'm' for bool config option Vladimir Oltean (1): net: enetc: fix ethtool counter name for PM0_TERR Xiaolong Huang (1): isdn: cpai: check ctr->cnr to avoid array index out of bound Yanfei Xu (1): net: mdiobus: Fix memory leak in __mdiobus_register Yoshihiro Shimoda (1): can: rcar_can: fix suspend/resume Zhang Changzhong (2): can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes Zheyu Ma (2): can: peak_pci: peak_pci_remove(): fix UAF isdn: mISDN: Fix sleeping function called from invalid context Ziyang Xuan (2): can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv

3 years, 7 months

1
1
0 0

Linux 4.19.214

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.214 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/Kconfig | 1 arch/arm/boot/dts/at91-sama5d27_som1_ek.dts | 1 arch/arm/boot/dts/spear3xx.dtsi | 2 arch/nios2/include/asm/irqflags.h | 4 - arch/nios2/include/asm/registers.h | 2 arch/xtensa/platforms/xtfpga/setup.c | 12 ++- drivers/isdn/capi/kcapi.c | 5 + drivers/isdn/hardware/mISDN/netjet.c | 2 drivers/net/can/rcar/rcar_can.c | 20 +++-- drivers/net/can/sja1000/peak_pci.c | 9 +- drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 5 - drivers/net/ethernet/hisilicon/hns3/hnae3.c | 21 +++++ drivers/net/ethernet/hisilicon/hns3/hnae3.h | 1 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c | 9 ++ drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 1 drivers/net/ethernet/stmicro/stmmac/dwmac-generic.c | 1 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 8 ++ drivers/net/phy/mdio_bus.c | 1 drivers/net/usb/Kconfig | 1 drivers/platform/x86/intel_scu_ipc.c | 2 drivers/scsi/hosts.c | 3 fs/btrfs/tree-log.c | 47 +++++++---- fs/exec.c | 2 fs/nfsd/nfsctl.c | 5 + fs/ocfs2/alloc.c | 46 +++-------- fs/ocfs2/super.c | 14 ++- include/linux/elfcore.h | 2 kernel/dma/debug.c | 12 +-- kernel/trace/ftrace.c | 4 - kernel/trace/trace.h | 64 +++++----------- kernel/trace/trace_functions.c | 2 mm/slub.c | 11 ++ net/netfilter/Kconfig | 2 net/netfilter/ipvs/ip_vs_ctl.c | 5 + net/nfc/nci/rsp.c | 2 scripts/Makefile.gcc-plugins | 4 + sound/hda/hdac_controller.c | 5 - sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/wm8960.c | 13 ++- sound/soc/soc-dapm.c | 13 ++- sound/usb/quirks-table.h | 32 ++++++++ 42 files changed, 245 insertions(+), 154 deletions(-) Antoine Tenart (1): netfilter: ipvs: make global sysctl readonly in non-init netns Benjamin Coddington (1): NFSD: Keep existing listeners on portlist error Brendan Grieve (1): ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset Brendan Higgins (1): gcc-plugins/structleak: add makefile var for disabling structleak Dexuan Cui (1): scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() Eugen Hristev (1): ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default Filipe Manana (1): btrfs: deal with errors when checking if a dir entry exists during log replay Gerald Schaefer (1): dma-debug: fix sg checks in debug_dma_map_sg() Greg Kroah-Hartman (1): Linux 4.19.214 Guangbin Huang (1): net: hns3: add limit ets dwrr bandwidth cannot be 0 Guenter Roeck (1): xtensa: xtfpga: Try software restart before simulating CPU reset Herve Codina (2): net: stmmac: add support for dwmac 3.40a ARM: dts: spear3xx: Fix gmac node Jan Kara (1): ocfs2: fix data corruption after conversion from inline format Kai Vehmanen (1): ALSA: hda: avoid write to STATESTS if controller is in reset Lin Ma (1): nfc: nci: fix the UAF of rf_conn_info object Lukas Bulwahn (1): elfcore: correct reference to CONFIG_UML Matthew Wilcox (Oracle) (1): vfs: check fd has read access in kernel_read_file_from_fd() Max Filippov (1): xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF Miaohe Lin (1): mm, slub: fix mismatch between reconstructed freelist depth and cnt Nick Desaulniers (1): ARM: 9122/1: select HAVE_FUTEX_CMPXCHG Peng Li (1): net: hns3: disable sriov before unload hclge layer Prashant Malani (1): platform/x86: intel_scu_ipc: Update timeout value in comment Randy Dunlap (1): NIOS2: irqflags: rename a redefined register name Shengjiu Wang (1): ASoC: wm8960: Fix clock configuration on slave mode Stephane Grosjean (1): can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification Steven Clarkson (1): ALSA: hda/realtek: Add quirk for Clevo PC50HS Steven Rostedt (VMware) (1): tracing: Have all levels of checks prevent recursion Takashi Iwai (1): ASoC: DAPM: Fix missing kctl change notifications Valentin Vidic (1): ocfs2: mount fails with buffer overflow in strlen Vegard Nossum (2): lan78xx: select CRC32 netfilter: Kconfig: use 'default y' instead of 'm' for bool config option Xiaolong Huang (1): isdn: cpai: check ctr->cnr to avoid array index out of bound Yanfei Xu (1): net: mdiobus: Fix memory leak in __mdiobus_register Yoshihiro Shimoda (1): can: rcar_can: fix suspend/resume Zheyu Ma (2): can: peak_pci: peak_pci_remove(): fix UAF isdn: mISDN: Fix sleeping function called from invalid context

3 years, 7 months

1
1
0 0

Linux 4.14.253

by Greg Kroah-Hartman

I'm announcing the release of the 4.14.253 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/Kconfig | 1 arch/arm/boot/dts/at91-sama5d27_som1_ek.dts | 1 arch/arm/boot/dts/spear3xx.dtsi | 2 arch/nios2/include/asm/irqflags.h | 4 - arch/nios2/include/asm/registers.h | 2 arch/xtensa/platforms/xtfpga/setup.c | 12 ++- drivers/isdn/capi/kcapi.c | 5 + drivers/isdn/hardware/mISDN/netjet.c | 2 drivers/net/can/rcar/rcar_can.c | 20 +++-- drivers/net/can/sja1000/peak_pci.c | 9 +- drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 5 - drivers/net/ethernet/stmicro/stmmac/dwmac-generic.c | 1 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 8 ++ drivers/net/phy/mdio_bus.c | 1 drivers/platform/x86/intel_scu_ipc.c | 2 drivers/scsi/hosts.c | 3 fs/btrfs/file.c | 56 +-------------- fs/btrfs/tree-log.c | 47 ++++++++----- fs/exec.c | 2 fs/nfsd/nfsctl.c | 5 + fs/ocfs2/alloc.c | 46 +++--------- fs/ocfs2/super.c | 14 ++- include/linux/elfcore.h | 2 kernel/trace/ftrace.c | 4 - kernel/trace/trace.h | 64 +++++------------- kernel/trace/trace_functions.c | 2 net/netfilter/Kconfig | 2 net/netfilter/ipvs/ip_vs_ctl.c | 5 + net/nfc/nci/rsp.c | 2 sound/hda/hdac_controller.c | 5 - sound/soc/soc-dapm.c | 13 ++- sound/usb/quirks-table.h | 32 +++++++++ 33 files changed, 186 insertions(+), 195 deletions(-) Antoine Tenart (1): netfilter: ipvs: make global sysctl readonly in non-init netns Benjamin Coddington (1): NFSD: Keep existing listeners on portlist error Brendan Grieve (1): ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset Dexuan Cui (1): scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() Eugen Hristev (1): ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default Filipe Manana (1): btrfs: deal with errors when checking if a dir entry exists during log replay Greg Kroah-Hartman (1): Linux 4.14.253 Guenter Roeck (1): xtensa: xtfpga: Try software restart before simulating CPU reset Herve Codina (2): net: stmmac: add support for dwmac 3.40a ARM: dts: spear3xx: Fix gmac node Jan Kara (1): ocfs2: fix data corruption after conversion from inline format Josef Bacik (1): btrfs: always wait on ordered extents at fsync time Kai Vehmanen (1): ALSA: hda: avoid write to STATESTS if controller is in reset Lin Ma (1): nfc: nci: fix the UAF of rf_conn_info object Lukas Bulwahn (1): elfcore: correct reference to CONFIG_UML Matthew Wilcox (Oracle) (1): vfs: check fd has read access in kernel_read_file_from_fd() Max Filippov (1): xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF Nick Desaulniers (1): ARM: 9122/1: select HAVE_FUTEX_CMPXCHG Prashant Malani (1): platform/x86: intel_scu_ipc: Update timeout value in comment Randy Dunlap (1): NIOS2: irqflags: rename a redefined register name Stephane Grosjean (1): can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification Steven Rostedt (VMware) (1): tracing: Have all levels of checks prevent recursion Takashi Iwai (1): ASoC: DAPM: Fix missing kctl change notifications Valentin Vidic (1): ocfs2: mount fails with buffer overflow in strlen Vegard Nossum (1): netfilter: Kconfig: use 'default y' instead of 'm' for bool config option Xiaolong Huang (1): isdn: cpai: check ctr->cnr to avoid array index out of bound Yanfei Xu (1): net: mdiobus: Fix memory leak in __mdiobus_register Yoshihiro Shimoda (1): can: rcar_can: fix suspend/resume Zheyu Ma (2): can: peak_pci: peak_pci_remove(): fix UAF isdn: mISDN: Fix sleeping function called from invalid context

3 years, 7 months

1
1
0 0

[PATCH v3 1/2] HID: u2fzero: clarify error check and length calculations

by Andrej Shadura

The previous commit fixed handling of incomplete packets but broke error handling: offsetof returns an unsigned value (size_t), but when compared against the signed return value, the return value is interpreted as if it were unsigned, so negative return values are never less than the offset. To make the code easier to read, calculate the minimal packet length once and separately, and assign it to a signed int variable to eliminate unsigned math and the need for type casts. It then becomes immediately obvious how the actual data length is calculated and why the return value cannot be less than the minimal length. Fixes: 22d65765f211 ("HID: u2fzero: ignore incomplete packets without data") Fixes: 42337b9d4d95 ("HID: add driver for U2F Zero built-in LED and RNG") Signed-off-by: Andrej Shadura <andrew.shadura(a)collabora.co.uk> --- drivers/hid/hid-u2fzero.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/hid/hid-u2fzero.c b/drivers/hid/hid-u2fzero.c index d70cd3d7f583..94f78ffb76d0 100644 --- a/drivers/hid/hid-u2fzero.c +++ b/drivers/hid/hid-u2fzero.c @@ -191,6 +191,8 @@ static int u2fzero_rng_read(struct hwrng *rng, void *data, struct u2f_hid_msg resp; int ret; size_t actual_length; + /* valid packets must have a correct header */ + int min_length = offsetof(struct u2f_hid_msg, init.data); if (!dev->present) { hid_dbg(dev->hdev, "device not present"); @@ -200,12 +202,12 @@ static int u2fzero_rng_read(struct hwrng *rng, void *data, ret = u2fzero_recv(dev, &req, &resp); /* ignore errors or packets without data */ - if (ret < offsetof(struct u2f_hid_msg, init.data)) + if (ret < min_length) return 0; /* only take the minimum amount of data it is safe to take */ - actual_length = min3((size_t)ret - offsetof(struct u2f_hid_msg, - init.data), U2F_HID_MSG_LEN(resp), max); + actual_length = min3((size_t)ret - min_length, + U2F_HID_MSG_LEN(resp), max); memcpy(data, resp.init.data, actual_length); -- 2.33.0

3 years, 7 months

2
2
0 0

[PATCH v2 2/3] ath6kl: fix division by zero in send path

by Johan Hovold

Add the missing endpoint max-packet sanity check to probe() to avoid division by zero in ath10k_usb_hif_tx_sg() in case a malicious device has broken descriptors (or when doing descriptor fuzz testing). Note that USB core will reject URBs submitted for endpoints with zero wMaxPacketSize but that drivers doing packet-size calculations still need to handle this (cf. commit 2548288b4fb0 ("USB: Fix: Don't skip endpoint descriptors with maxpacket=0")). Fixes: 9cbee358687e ("ath6kl: add full USB support") Cc: stable(a)vger.kernel.org # 3.5 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/net/wireless/ath/ath6kl/usb.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/net/wireless/ath/ath6kl/usb.c b/drivers/net/wireless/ath/ath6kl/usb.c index bd367b79a4d3..aba70f35e574 100644 --- a/drivers/net/wireless/ath/ath6kl/usb.c +++ b/drivers/net/wireless/ath/ath6kl/usb.c @@ -340,6 +340,11 @@ static int ath6kl_usb_setup_pipe_resources(struct ath6kl_usb *ar_usb) le16_to_cpu(endpoint->wMaxPacketSize), endpoint->bInterval); } + + /* Ignore broken descriptors. */ + if (usb_endpoint_maxp(endpoint) == 0) + continue; + urbcount = 0; pipe_num = -- 2.32.0

3 years, 7 months

1
0
0 0

Linux 4.9.288

by Greg Kroah-Hartman

I'm announcing the release of the 4.9.288 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/Kconfig | 1 arch/arm/boot/dts/spear3xx.dtsi | 2 arch/nios2/include/asm/irqflags.h | 4 - arch/nios2/include/asm/registers.h | 2 arch/s390/lib/string.c | 15 ++-- arch/xtensa/platforms/xtfpga/setup.c | 12 ++- drivers/ata/pata_legacy.c | 6 + drivers/firmware/efi/cper.c | 4 - drivers/firmware/efi/runtime-wrappers.c | 2 drivers/gpu/drm/msm/dsi/dsi_host.c | 2 drivers/gpu/drm/msm/edp/edp_ctrl.c | 3 drivers/iio/adc/ti-adc128s052.c | 6 + drivers/iio/common/ssp_sensors/ssp_spi.c | 11 ++- drivers/iio/light/opt3001.c | 6 - drivers/input/joystick/xpad.c | 2 drivers/isdn/capi/kcapi.c | 5 + drivers/isdn/hardware/mISDN/netjet.c | 2 drivers/misc/cb710/sgbuf2.c | 2 drivers/net/can/rcar/rcar_can.c | 20 +++--- drivers/net/can/sja1000/peak_pci.c | 9 +- drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 5 - drivers/net/ethernet/Kconfig | 1 drivers/net/ethernet/arc/Kconfig | 1 drivers/net/ethernet/microchip/encx24j600-regmap.c | 10 ++- drivers/net/ethernet/microchip/encx24j600.c | 5 + drivers/net/ethernet/microchip/encx24j600_hw.h | 4 - drivers/net/ethernet/neterion/s2io.c | 2 drivers/net/phy/mdio_bus.c | 1 drivers/net/usb/Kconfig | 4 + drivers/nvmem/core.c | 3 drivers/platform/x86/intel_scu_ipc.c | 2 drivers/usb/host/xhci-pci.c | 2 drivers/usb/serial/option.c | 2 drivers/usb/serial/qcserial.c | 1 fs/exec.c | 2 fs/nfsd/nfsctl.c | 5 + fs/ocfs2/alloc.c | 46 +++------------ fs/ocfs2/super.c | 14 +++- include/linux/elfcore.h | 2 kernel/trace/ftrace.c | 4 - kernel/trace/trace.h | 64 ++++++--------------- kernel/trace/trace_functions.c | 2 net/netfilter/Kconfig | 2 net/netfilter/ipvs/ip_vs_ctl.c | 5 + net/nfc/af_nfc.c | 3 net/nfc/digital_core.c | 9 ++ net/nfc/digital_technology.c | 8 +- net/nfc/nci/rsp.c | 2 sound/core/seq/seq_device.c | 8 -- sound/hda/hdac_controller.c | 5 - sound/soc/soc-dapm.c | 13 ++-- sound/usb/quirks-table.h | 32 ++++++++++ 53 files changed, 227 insertions(+), 160 deletions(-) Aleksander Morgado (1): USB: serial: qcserial: add EM9191 QDL support Antoine Tenart (1): netfilter: ipvs: make global sysctl readonly in non-init netns Ard Biesheuvel (1): efi/cper: use stack buffer for error record decoding Arnd Bergmann (2): cb710: avoid NULL pointer subtraction ethernet: s2io: fix setting mac address during resume Benjamin Coddington (1): NFSD: Keep existing listeners on portlist error Brendan Grieve (1): ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset Christophe JAILLET (1): iio: adc128s052: Fix the error handling path of 'adc128_probe()' Colin Ian King (1): drm/msm: Fix null pointer dereference on pointer edp Dan Carpenter (4): iio: ssp_sensors: add more range checking in ssp_parse_dataframe() iio: ssp_sensors: fix error code in ssp_print_mcu_debug() pata_legacy: fix a couple uninitialized variable bugs drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling Daniele Palmas (1): USB: serial: option: add Telit LE910Cx composition 0x1204 Greg Kroah-Hartman (1): Linux 4.9.288 Guenter Roeck (1): xtensa: xtfpga: Try software restart before simulating CPU reset Herve Codina (1): ARM: dts: spear3xx: Fix gmac node Jan Kara (1): ocfs2: fix data corruption after conversion from inline format Jiri Valek - 2N (1): iio: light: opt3001: Fixed timeout error when 0 lux Kai Vehmanen (1): ALSA: hda: avoid write to STATESTS if controller is in reset Lin Ma (1): nfc: nci: fix the UAF of rf_conn_info object Lukas Bulwahn (1): elfcore: correct reference to CONFIG_UML Matthew Wilcox (Oracle) (1): vfs: check fd has read access in kernel_read_file_from_fd() Max Filippov (1): xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF Michael Cullen (1): Input: xpad - add support for another USB ID of Nacon GC-100 Nanyong Sun (1): net: encx24j600: check error in devm_regmap_init_encx24j600 Nick Desaulniers (1): ARM: 9122/1: select HAVE_FUTEX_CMPXCHG Nikolay Martynov (1): xhci: Enable trust tx length quirk for Fresco FL11 USB controller Prashant Malani (1): platform/x86: intel_scu_ipc: Update timeout value in comment Randy Dunlap (1): NIOS2: irqflags: rename a redefined register name Roberto Sassu (1): s390: fix strrchr() implementation Stephane Grosjean (1): can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification Stephen Boyd (1): nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells Steven Rostedt (VMware) (1): tracing: Have all levels of checks prevent recursion Takashi Iwai (2): ALSA: seq: Fix a potential UAF by wrong private_free call order ASoC: DAPM: Fix missing kctl change notifications Valentin Vidic (1): ocfs2: mount fails with buffer overflow in strlen Vegard Nossum (4): net: arc: select CRC32 net: korina: select CRC32 r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 netfilter: Kconfig: use 'default y' instead of 'm' for bool config option Xiaolong Huang (1): isdn: cpai: check ctr->cnr to avoid array index out of bound Yanfei Xu (1): net: mdiobus: Fix memory leak in __mdiobus_register Yoshihiro Shimoda (1): can: rcar_can: fix suspend/resume Zhang Jianhua (1): efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() Zheyu Ma (2): can: peak_pci: peak_pci_remove(): fix UAF isdn: mISDN: Fix sleeping function called from invalid context Ziyang Xuan (3): nfc: fix error handling of nfc_proto_register() NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() NFC: digital: fix possible memory leak in digital_in_send_sdd_req()

3 years, 7 months

1
1
0 0

Linux 4.4.290

by Greg Kroah-Hartman

I'm announcing the release of the 4.4.290 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/Kconfig | 1 arch/arm/boot/dts/spear3xx.dtsi | 2 arch/nios2/include/asm/irqflags.h | 4 - arch/nios2/include/asm/registers.h | 2 arch/s390/lib/string.c | 15 ++-- drivers/ata/pata_legacy.c | 6 + drivers/firmware/efi/cper.c | 4 - drivers/gpu/drm/msm/edp/edp_ctrl.c | 3 drivers/iio/adc/ti-adc128s052.c | 6 + drivers/iio/common/ssp_sensors/ssp_spi.c | 11 ++- drivers/input/joystick/xpad.c | 2 drivers/isdn/capi/kcapi.c | 5 + drivers/isdn/hardware/mISDN/netjet.c | 2 drivers/misc/cb710/sgbuf2.c | 2 drivers/net/can/rcar_can.c | 20 +++--- drivers/net/can/sja1000/peak_pci.c | 9 +- drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 5 - drivers/net/ethernet/Kconfig | 1 drivers/net/ethernet/arc/Kconfig | 1 drivers/net/ethernet/microchip/encx24j600-regmap.c | 10 ++- drivers/net/ethernet/microchip/encx24j600.c | 5 + drivers/net/ethernet/microchip/encx24j600_hw.h | 4 - drivers/net/ethernet/neterion/s2io.c | 2 drivers/net/phy/mdio_bus.c | 1 drivers/net/usb/Kconfig | 4 + drivers/nvmem/core.c | 3 drivers/platform/x86/intel_scu_ipc.c | 2 drivers/usb/host/xhci-pci.c | 2 drivers/usb/serial/option.c | 2 drivers/usb/serial/qcserial.c | 1 fs/nfsd/nfsctl.c | 5 + fs/ocfs2/super.c | 14 +++- fs/overlayfs/dir.c | 10 ++- include/linux/elfcore.h | 2 kernel/trace/ftrace.c | 4 - kernel/trace/trace.h | 64 ++++++--------------- kernel/trace/trace_functions.c | 2 net/netfilter/Kconfig | 2 net/netfilter/ipvs/ip_vs_ctl.c | 5 + net/nfc/af_nfc.c | 3 net/nfc/digital_core.c | 9 ++ net/nfc/digital_technology.c | 8 +- net/nfc/nci/rsp.c | 2 sound/core/seq/seq_device.c | 8 -- sound/hda/hdac_controller.c | 5 - sound/soc/soc-dapm.c | 13 ++-- sound/usb/quirks-table.h | 32 ++++++++++ 48 files changed, 208 insertions(+), 119 deletions(-) Aleksander Morgado (1): USB: serial: qcserial: add EM9191 QDL support Antoine Tenart (1): netfilter: ipvs: make global sysctl readonly in non-init netns Ard Biesheuvel (1): efi/cper: use stack buffer for error record decoding Arnd Bergmann (2): cb710: avoid NULL pointer subtraction ethernet: s2io: fix setting mac address during resume Benjamin Coddington (1): NFSD: Keep existing listeners on portlist error Brendan Grieve (1): ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset Christophe JAILLET (1): iio: adc128s052: Fix the error handling path of 'adc128_probe()' Colin Ian King (1): drm/msm: Fix null pointer dereference on pointer edp Dan Carpenter (3): iio: ssp_sensors: add more range checking in ssp_parse_dataframe() iio: ssp_sensors: fix error code in ssp_print_mcu_debug() pata_legacy: fix a couple uninitialized variable bugs Daniele Palmas (1): USB: serial: option: add Telit LE910Cx composition 0x1204 Greg Kroah-Hartman (1): Linux 4.4.290 Herve Codina (1): ARM: dts: spear3xx: Fix gmac node Kai Vehmanen (1): ALSA: hda: avoid write to STATESTS if controller is in reset Lin Ma (1): nfc: nci: fix the UAF of rf_conn_info object Lukas Bulwahn (1): elfcore: correct reference to CONFIG_UML Michael Cullen (1): Input: xpad - add support for another USB ID of Nacon GC-100 Nanyong Sun (1): net: encx24j600: check error in devm_regmap_init_encx24j600 Nick Desaulniers (1): ARM: 9122/1: select HAVE_FUTEX_CMPXCHG Nikolay Martynov (1): xhci: Enable trust tx length quirk for Fresco FL11 USB controller Prashant Malani (1): platform/x86: intel_scu_ipc: Update timeout value in comment Randy Dunlap (1): NIOS2: irqflags: rename a redefined register name Roberto Sassu (1): s390: fix strrchr() implementation Stephane Grosjean (1): can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification Stephen Boyd (1): nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells Steven Rostedt (VMware) (1): tracing: Have all levels of checks prevent recursion Takashi Iwai (2): ALSA: seq: Fix a potential UAF by wrong private_free call order ASoC: DAPM: Fix missing kctl change notifications Valentin Vidic (1): ocfs2: mount fails with buffer overflow in strlen Vegard Nossum (4): net: arc: select CRC32 net: korina: select CRC32 r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 netfilter: Kconfig: use 'default y' instead of 'm' for bool config option Xiaolong Huang (1): isdn: cpai: check ctr->cnr to avoid array index out of bound Yanfei Xu (1): net: mdiobus: Fix memory leak in __mdiobus_register Yoshihiro Shimoda (1): can: rcar_can: fix suspend/resume Zheng Liang (1): ovl: fix missing negative dentry check in ovl_rename() Zheyu Ma (2): can: peak_pci: peak_pci_remove(): fix UAF isdn: mISDN: Fix sleeping function called from invalid context Ziyang Xuan (3): nfc: fix error handling of nfc_proto_register() NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() NFC: digital: fix possible memory leak in digital_in_send_sdd_req()

3 years, 7 months

1
1
0 0

[PATCH] wcn36xx: Fix HT40 capability for 2Ghz band

by Loic Poulain

All wcn36xx controllers are supposed to support HT40 (and SGI40), This doubles the maximum bitrate/throughput with compatible APs. Tested with wcn3620 & wcn3680B. Cc: stable(a)vger.kernel.org Fixes: 8e84c2582169 ("wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware") Signed-off-by: Loic Poulain <loic.poulain(a)linaro.org> --- drivers/net/wireless/ath/wcn36xx/main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/wcn36xx/main.c b/drivers/net/wireless/ath/wcn36xx/main.c index d4f44c8..4f139d9 100644 --- a/drivers/net/wireless/ath/wcn36xx/main.c +++ b/drivers/net/wireless/ath/wcn36xx/main.c @@ -137,7 +137,9 @@ static struct ieee80211_supported_band wcn_band_2ghz = { .cap = IEEE80211_HT_CAP_GRN_FLD | IEEE80211_HT_CAP_SGI_20 | IEEE80211_HT_CAP_DSSSCCK40 | - IEEE80211_HT_CAP_LSIG_TXOP_PROT, + IEEE80211_HT_CAP_LSIG_TXOP_PROT | + IEEE80211_HT_CAP_SGI_40 | + IEEE80211_HT_CAP_SUP_WIDTH_20_40, .ht_supported = true, .ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K, .ampdu_density = IEEE80211_HT_MPDU_DENSITY_16, -- 2.7.4

3 years, 7 months

2
1
0 0

[PATCH] sound: ua101: fix division by zero at probe

by Johan Hovold

Add the missing endpoint max-packet sanity check to probe() to avoid division by zero in alloc_stream_buffers() in case a malicious device has broken descriptors (or when doing descriptor fuzz testing). Note that USB core will reject URBs submitted for endpoints with zero wMaxPacketSize but that drivers doing packet-size calculations still need to handle this (cf. commit 2548288b4fb0 ("USB: Fix: Don't skip endpoint descriptors with maxpacket=0")). Fixes: 63978ab3e3e9 ("sound: add Edirol UA-101 support") Cc: stable(a)vger.kernel.org # 2.6.34 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- sound/usb/misc/ua101.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/usb/misc/ua101.c b/sound/usb/misc/ua101.c index 5834d1dc317e..4f6b20ed29dd 100644 --- a/sound/usb/misc/ua101.c +++ b/sound/usb/misc/ua101.c @@ -1000,7 +1000,7 @@ static int detect_usb_format(struct ua101 *ua) fmt_playback->bSubframeSize * ua->playback.channels; epd = &ua->intf[INTF_CAPTURE]->altsetting[1].endpoint[0].desc; - if (!usb_endpoint_is_isoc_in(epd)) { + if (!usb_endpoint_is_isoc_in(epd) || usb_endpoint_maxp(epd) == 0) { dev_err(&ua->dev->dev, "invalid capture endpoint\n"); return -ENXIO; } @@ -1008,7 +1008,7 @@ static int detect_usb_format(struct ua101 *ua) ua->capture.max_packet_bytes = usb_endpoint_maxp(epd); epd = &ua->intf[INTF_PLAYBACK]->altsetting[1].endpoint[0].desc; - if (!usb_endpoint_is_isoc_out(epd)) { + if (!usb_endpoint_is_isoc_out(epd) || usb_endpoint_maxp(epd) == 0) { dev_err(&ua->dev->dev, "invalid playback endpoint\n"); return -ENXIO; } -- 2.32.0

3 years, 7 months

2
1
0 0

[PATCH 4.19.y] arm64: Avoid premature usercopy failure

by Chen Huang

From: Robin Murphy <robin.murphy(a)arm.com> commit 295cf156231ca3f9e3a66bde7fab5e09c41835e0 upstream. Al reminds us that the usercopy API must only return complete failure if absolutely nothing could be copied. Currently, if userspace does something silly like giving us an unaligned pointer to Device memory, or a size which overruns MTE tag bounds, we may fail to honour that requirement when faulting on a multi-byte access even though a smaller access could have succeeded. Add a mitigation to the fixup routines to fall back to a single-byte copy if we faulted on a larger access before anything has been written to the destination, to guarantee making *some* forward progress. We needn't be too concerned about the overall performance since this should only occur when callers are doing something a bit dodgy in the first place. Particularly broken userspace might still be able to trick generic_perform_write() into an infinite loop by targeting write() at an mmap() of some read-only device register where the fault-in load succeeds but any store synchronously aborts such that copy_to_user() is genuinely unable to make progress, but, well, don't do that... CC: stable(a)vger.kernel.org Reported-by: Chen Huang <chenhuang5(a)huawei.com> Suggested-by: Al Viro <viro(a)zeniv.linux.org.uk> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> Link: https://lore.kernel.org/r/dc03d5c675731a1f24a62417dba5429ad744234e.16260984… Signed-off-by: Will Deacon <will(a)kernel.org> Signed-off-by: Chen Huang <chenhuang5(a)huawei.com> --- arch/arm64/lib/copy_from_user.S | 13 ++++++++++--- arch/arm64/lib/copy_in_user.S | 20 ++++++++++++++------ arch/arm64/lib/copy_to_user.S | 14 +++++++++++--- 3 files changed, 35 insertions(+), 12 deletions(-) diff --git a/arch/arm64/lib/copy_from_user.S b/arch/arm64/lib/copy_from_user.S index 96b22c0fa343..7cd6eeaa216c 100644 --- a/arch/arm64/lib/copy_from_user.S +++ b/arch/arm64/lib/copy_from_user.S @@ -39,7 +39,7 @@ .endm .macro ldrh1 ptr, regB, val - uao_user_alternative 9998f, ldrh, ldtrh, \ptr, \regB, \val + uao_user_alternative 9997f, ldrh, ldtrh, \ptr, \regB, \val .endm .macro strh1 ptr, regB, val @@ -47,7 +47,7 @@ .endm .macro ldr1 ptr, regB, val - uao_user_alternative 9998f, ldr, ldtr, \ptr, \regB, \val + uao_user_alternative 9997f, ldr, ldtr, \ptr, \regB, \val .endm .macro str1 ptr, regB, val @@ -55,7 +55,7 @@ .endm .macro ldp1 ptr, regB, regC, val - uao_ldp 9998f, \ptr, \regB, \regC, \val + uao_ldp 9997f, \ptr, \regB, \regC, \val .endm .macro stp1 ptr, regB, regC, val @@ -63,9 +63,11 @@ .endm end .req x5 +srcin .req x15 ENTRY(__arch_copy_from_user) uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 + mov srcin, x1 #include "copy_template.S" uaccess_disable_not_uao x3, x4 mov x0, #0 // Nothing to copy @@ -74,6 +76,11 @@ ENDPROC(__arch_copy_from_user) .section .fixup,"ax" .align 2 +9997: cmp dst, dstin + b.ne 9998f + // Before being absolutely sure we couldn't copy anything, try harder +USER(9998f, ldtrb tmp1w, [srcin]) + strb tmp1w, [dst], #1 9998: sub x0, end, dst // bytes not copied uaccess_disable_not_uao x3, x4 ret diff --git a/arch/arm64/lib/copy_in_user.S b/arch/arm64/lib/copy_in_user.S index e56c705f1f23..b20d3a0b3237 100644 --- a/arch/arm64/lib/copy_in_user.S +++ b/arch/arm64/lib/copy_in_user.S @@ -40,34 +40,36 @@ .endm .macro ldrh1 ptr, regB, val - uao_user_alternative 9998f, ldrh, ldtrh, \ptr, \regB, \val + uao_user_alternative 9997f, ldrh, ldtrh, \ptr, \regB, \val .endm .macro strh1 ptr, regB, val - uao_user_alternative 9998f, strh, sttrh, \ptr, \regB, \val + uao_user_alternative 9997f, strh, sttrh, \ptr, \regB, \val .endm .macro ldr1 ptr, regB, val - uao_user_alternative 9998f, ldr, ldtr, \ptr, \regB, \val + uao_user_alternative 9997f, ldr, ldtr, \ptr, \regB, \val .endm .macro str1 ptr, regB, val - uao_user_alternative 9998f, str, sttr, \ptr, \regB, \val + uao_user_alternative 9997f, str, sttr, \ptr, \regB, \val .endm .macro ldp1 ptr, regB, regC, val - uao_ldp 9998f, \ptr, \regB, \regC, \val + uao_ldp 9997f, \ptr, \regB, \regC, \val .endm .macro stp1 ptr, regB, regC, val - uao_stp 9998f, \ptr, \regB, \regC, \val + uao_stp 9997f, \ptr, \regB, \regC, \val .endm end .req x5 +srcin .req x15 ENTRY(__arch_copy_in_user) uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 + mov srcin, x1 #include "copy_template.S" uaccess_disable_not_uao x3, x4 mov x0, #0 @@ -76,6 +78,12 @@ ENDPROC(__arch_copy_in_user) .section .fixup,"ax" .align 2 +9997: cmp dst, dstin + b.ne 9998f + // Before being absolutely sure we couldn't copy anything, try harder +USER(9998f, ldtrb tmp1w, [srcin]) +USER(9998f, sttrb tmp1w, [dst]) + add dst, dst, #1 9998: sub x0, end, dst // bytes not copied uaccess_disable_not_uao x3, x4 ret diff --git a/arch/arm64/lib/copy_to_user.S b/arch/arm64/lib/copy_to_user.S index 6b99b939c50f..cfdbb1fe8d51 100644 --- a/arch/arm64/lib/copy_to_user.S +++ b/arch/arm64/lib/copy_to_user.S @@ -42,7 +42,7 @@ .endm .macro strh1 ptr, regB, val - uao_user_alternative 9998f, strh, sttrh, \ptr, \regB, \val + uao_user_alternative 9997f, strh, sttrh, \ptr, \regB, \val .endm .macro ldr1 ptr, regB, val @@ -50,7 +50,7 @@ .endm .macro str1 ptr, regB, val - uao_user_alternative 9998f, str, sttr, \ptr, \regB, \val + uao_user_alternative 9997f, str, sttr, \ptr, \regB, \val .endm .macro ldp1 ptr, regB, regC, val @@ -58,13 +58,15 @@ .endm .macro stp1 ptr, regB, regC, val - uao_stp 9998f, \ptr, \regB, \regC, \val + uao_stp 9997f, \ptr, \regB, \regC, \val .endm end .req x5 +srcin .req x15 ENTRY(__arch_copy_to_user) uaccess_enable_not_uao x3, x4, x5 add end, x0, x2 + mov srcin, x1 #include "copy_template.S" uaccess_disable_not_uao x3, x4 mov x0, #0 @@ -73,6 +75,12 @@ ENDPROC(__arch_copy_to_user) .section .fixup,"ax" .align 2 +9997: cmp dst, dstin + b.ne 9998f + // Before being absolutely sure we couldn't copy anything, try harder + ldrb tmp1w, [srcin] +USER(9998f, sttrb tmp1w, [dst]) + add dst, dst, #1 9998: sub x0, end, dst // bytes not copied uaccess_disable_not_uao x3, x4 ret -- 2.25.1

3 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2021