These are the first two patches in https://lore.kernel.org/stable/20210501043014.33300-1-fllinden@amazon.com/
I will re-send the rest of that series as soon as the other bpf backports
hit the 4.19 branch.
This fixes errors in earlier bpf 4.14 backports. The verifier fix was
sent in earlier to bpf@ by Sam, and acked. I added the selftests
fix.
Essentially, together with the previous backports that had errors,
this produces correct backports of:
9d7eceede76 ("bpf: restrict unknown scalars of mixed signed bounds for
unprivileged")
80c9b2fae87b ("bpf: add various test cases to selftests")
Commits:
<4.14 only> ("bpf: Fix backport of "bpf: restrict unknown scalars of mixed signed bounds for unprivileged")
This was sent in by Sam to bpf@ earlier, and acked by Yonghong Song,
https://lore.kernel.org/bpf/20210419235641.5442-1-samjonas@amazon.com/T/#u
I am including it so that it is 'formally' submitted it
to -stable.
<4.14 only> ("bpf: fix up selftests after backports were fixed")
This is a follow-up to the previous by me, to fix selftests. It's
from 80c9b2fae87b ("bpf: add various test cases to selftests"), but
since that one was already partially added to the 4.14 branch
in 03f11a51a196 ("bpf: Fix selftests are changes for CVE 2019-7308"),
it's not a "backport" as such. To avoid confusion, I created a
separate commit for it, referencing the original commit
in the message. I examined each individual changed test, and
went through the history to see that the error message was indeed
as expected.
Hi Greg, Sasha,
The config malta_qemu_32r6_defconfig for mips fails to build for gcc-10+.
Please apply 1d7ba0165d82 ("mips: Do not include hi and lo in clobber list for R6")
to 4.14-stable to 5.12-stable branches.
It will apply cleanly to 5.9-stable to 5.12-stable. I will send the backport
for 4.14-stable, 4.19-stable and 5.4-stable.
--
Regards
Sudip
I'm announcing the release of the 5.12.1 kernel.
All users of the 5.12 kernel series must upgrade.
The updated 5.12.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.12.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2 -
drivers/misc/mei/hw-me-regs.h | 1
drivers/misc/mei/pci-me.c | 1
drivers/net/usb/hso.c | 2 -
drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 7 +++---
drivers/usb/class/cdc-acm.c | 3 +-
net/wireless/core.c | 21 +++++++++++++++----
net/wireless/nl80211.c | 24 +++++++++++++++++-----
8 files changed, 46 insertions(+), 15 deletions(-)
Greg Kroah-Hartman (1):
Linux 5.12.1
Jiri Kosina (1):
iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd()
Johan Hovold (1):
net: hso: fix NULL-deref on disconnect regression
Johannes Berg (1):
cfg80211: fix locking in netlink owner interface destruction
Oliver Neukum (1):
USB: CDC-ACM: fix poison/unpoison imbalance
Tomas Winkler (1):
mei: me: add Alder Lake P device id.
I'm announcing the release of the 5.11.18 kernel.
All users of the 5.11 kernel series must upgrade.
The updated 5.11.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.11.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 4 ++--
drivers/misc/mei/hw-me-regs.h | 1 +
drivers/misc/mei/pci-me.c | 1 +
drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 7 ++++---
5 files changed, 9 insertions(+), 6 deletions(-)
Greg Kroah-Hartman (1):
Linux 5.11.18
Jiri Kosina (1):
iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd()
Qingqing Zhuo (1):
drm/amd/display: Update modifier list for gfx10_3
Tomas Winkler (1):
mei: me: add Alder Lake P device id.
This is a backport of the BPF verifier fixes for CVE-2021-29155. Original
series was part of the pull request here: https://lore.kernel.org/bpf/20210416223700.15611-1-daniel@iogearbox.net/T/
This wasn't a complicated backport, but copying bpf@ to see if
there are any concerns.
5.4 verifier selftests are clean with this backport:
Summary: 1566 PASSED, 0 SKIPPED, 0 FAILED
The individual commits:
960114839252 ("bpf: Use correct permission flag for mixed signed bounds arithmetic")
* Not applicable to 5.4, as 5.4 does not have
2c78ee898d8f ("bpf: Implement CAP_BPF").
6f55b2f2a117 ("bpf: Move off_reg into sanitize_ptr_alu")
* Clean cherry-pick.
24c109bb1537 ("bpf: Ensure off_reg has no mixed signed bounds for all types")
* Conflict: allow_ptr_leaks was replaced by bypass_spec_v1 in the
deleted PTR_TO_MAP_VALUE switch case by
2c78ee898d8f ("bpf: Implement CAP_BPF"). Resolution is easy,
the case statement gets deleted either way.
b658bbb844e2 ("bpf: Rework ptr_limit into alu_limit and add common error path")
* Clean cherry-pick.
a6aaece00a57 ("bpf: Improve verifier error messages for users")
* Resolved simple contextual conflict in adjust_scalar_min_max_vals().
because of a var declaration that was added by this post-5.4 commit:
3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking").
073815b756c5 ("bpf: Refactor and streamline bounds check into helper")
* Conflict: another allow_ptr_leaks that was replaced with
bypass_spec_v1 after 2c78ee898d8f.
* Conflict: Post-5.4 commit
01f810ace9ed ("bpf: Allow variable-offset stack access")
changed the call to check_stack_access to a new function,
check_stack_access_for_ptr_arithmetic(), and moved/changed an
error message.
* Since this commit just factors out some code from
adjust_ptr_min_max_vals() in to a new function, do the same
with the corresponding block in 5.4 that doesn't have the
changes listed above from post-5.4 commits.
f528819334 ("bpf: Move sanitize_val_alu out of op switch")
* Contextual conflict from post-5.4 commit
3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking"),
that added a comment on top of the switch referenced in the commit
message.
7fedb63a8307 ("bpf: Tighten speculative pointer arithmetic mask")
* Contextual conflict post-5.4 commit:
3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking")
added a call to a new function just above the switch statement in
adjust_ptr_min_max_vals. This doesn't affect the lines that were
actually changed.
d7a509135175 ("bpf: Update selftests to reflect new error states")
* The bounds.c tests have undergone several changes since 5.4, related
to commits that were not backported (like e.g. the ALU32 changes).
The error messages for those tests will remain the same on 5.4.
=====
Daniel Borkmann (8):
bpf: Move off_reg into sanitize_ptr_alu
bpf: Ensure off_reg has no mixed signed bounds for all types
bpf: Rework ptr_limit into alu_limit and add common error path
bpf: Improve verifier error messages for users
bpf: Refactor and streamline bounds check into helper
bpf: Move sanitize_val_alu out of op switch
bpf: Tighten speculative pointer arithmetic mask
bpf: Update selftests to reflect new error states
kernel/bpf/verifier.c | 233 ++++++++++++------
.../selftests/bpf/verifier/bounds_deduction.c | 21 +-
.../bpf/verifier/bounds_mix_sign_unsign.c | 13 -
tools/testing/selftests/bpf/verifier/unpriv.c | 2 +-
.../selftests/bpf/verifier/value_ptr_arith.c | 6 +-
5 files changed, 173 insertions(+), 102 deletions(-)
--
2.23.3
This is the start of the stable review cycle for the 5.12.1 release.
There are 5 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sun, 02 May 2021 14:19:04 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.12.1-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.12.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.12.1-rc1
Tomas Winkler <tomas.winkler(a)intel.com>
mei: me: add Alder Lake P device id.
Johannes Berg <johannes.berg(a)intel.com>
cfg80211: fix locking in netlink owner interface destruction
Jiri Kosina <jkosina(a)suse.cz>
iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd()
Oliver Neukum <oneukum(a)suse.com>
USB: CDC-ACM: fix poison/unpoison imbalance
Johan Hovold <johan(a)kernel.org>
net: hso: fix NULL-deref on disconnect regression
-------------
Diffstat:
Makefile | 4 ++--
drivers/misc/mei/hw-me-regs.h | 1 +
drivers/misc/mei/pci-me.c | 1 +
drivers/net/usb/hso.c | 2 +-
drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 7 ++++---
drivers/usb/class/cdc-acm.c | 3 ++-
net/wireless/core.c | 21 ++++++++++++++++----
net/wireless/nl80211.c | 24 ++++++++++++++++++-----
8 files changed, 47 insertions(+), 16 deletions(-)
This is the start of the stable review cycle for the 5.11.18 release.
There are 3 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sun, 02 May 2021 14:19:04 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.11.18-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.11.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.11.18-rc1
Tomas Winkler <tomas.winkler(a)intel.com>
mei: me: add Alder Lake P device id.
Qingqing Zhuo <qingqing.zhuo(a)amd.com>
drm/amd/display: Update modifier list for gfx10_3
Jiri Kosina <jkosina(a)suse.cz>
iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd()
-------------
Diffstat:
Makefile | 4 ++--
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 4 ++--
drivers/misc/mei/hw-me-regs.h | 1 +
drivers/misc/mei/pci-me.c | 1 +
drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 7 ++++---
5 files changed, 10 insertions(+), 7 deletions(-)
This is the start of the stable review cycle for the 5.4.116 release.
There are 8 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sun, 02 May 2021 14:19:04 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.116-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.4.116-rc1
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Update selftests to reflect new error states
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Tighten speculative pointer arithmetic mask
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Move sanitize_val_alu out of op switch
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Refactor and streamline bounds check into helper
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Improve verifier error messages for users
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Rework ptr_limit into alu_limit and add common error path
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Ensure off_reg has no mixed signed bounds for all types
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Move off_reg into sanitize_ptr_alu
-------------
Diffstat:
Makefile | 4 +-
kernel/bpf/verifier.c | 233 ++++++++++++++-------
.../selftests/bpf/verifier/bounds_deduction.c | 21 +-
.../bpf/verifier/bounds_mix_sign_unsign.c | 13 --
tools/testing/selftests/bpf/verifier/unpriv.c | 2 +-
.../selftests/bpf/verifier/value_ptr_arith.c | 6 +-
6 files changed, 175 insertions(+), 104 deletions(-)
DIPM is unsupported or broken on sunxi. Trying to enable the power
management policy med_power_with_dipm on an Allwinner A20 SoC based board
leads to immediate I/O errors and the attached SATA disk disappears from
the /dev filesystem. A reset (power cycle) is required to make the SATA
controller or disk work again. The A10 and A20 SoC data sheets and manuals
don't mention DIPM at all [1], so it's fair to assume that it's simply not
supported. But even if it was, it should be considered broken and best be
disabled in the ahci_sunxi driver.
[1] https://github.com/allwinner-zh/documents/tree/master/
Fixes: c5754b5220f0 ("ARM: sunxi: Add support for Allwinner SUNXi SoCs sata to ahci_platform")
Cc: stable(a)vger.kernel.org
Signed-off-by: Timo Sigurdsson <public_timo.s(a)silentcreek.de>
Tested-by: Timo Sigurdsson <public_timo.s(a)silentcreek.de>
---
Changes since v1:
- Formal changes to the commit message (Fixes and Cc lines) as suggested
by Greg Kroah-Hartman and Sergei Shtylyov. No changes to the patch
itself.
---
drivers/ata/ahci_sunxi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/ata/ahci_sunxi.c b/drivers/ata/ahci_sunxi.c
index cb69b737cb49..56b695136977 100644
--- a/drivers/ata/ahci_sunxi.c
+++ b/drivers/ata/ahci_sunxi.c
@@ -200,7 +200,7 @@ static void ahci_sunxi_start_engine(struct ata_port *ap)
}
static const struct ata_port_info ahci_sunxi_port_info = {
- .flags = AHCI_FLAG_COMMON | ATA_FLAG_NCQ,
+ .flags = AHCI_FLAG_COMMON | ATA_FLAG_NCQ | ATA_FLAG_NO_DIPM,
.pio_mask = ATA_PIO4,
.udma_mask = ATA_UDMA6,
.port_ops = &ahci_platform_ops,
--
2.26.2
This series contains backports for BPF commits for 4.14, except two commits
that are 4.14-only commits. One 4.14-only commit was already acked by
a BPF maintainer (see below). The other one is a selftest follow-up.
The backports were not complicated. But, copying to bpf@ and BPF
maintainers for a sanity check.
What the series does is:
* Fix errors in an older bpf 4.14 backport (this fix was sent in earlier
to bpf@, and acked).
* Fix selftests after recent bpf backports to 4.14 (but before the
fixes for CVE-2021-29155).
* Backport fixes for CVE-2021-29155, including selftests changes.
* Backport commits that disallow the mangling of valid pointers by root
(one commit that came in shortly after 4.14, one follow-up fix). This
also means that 5 verifier selftests that always failed on the 4.14
branch are OK again.
* Backport selftest commits to adapt alignment selftests after the previous.
Verifier/alignment selftests are now clean on the 4.14 branch, which should
help prevent further backporting errors.
Listed by their mainline commit id (except when 4.14 only):
<4.14 only> ("bpf: Fix backport of "bpf: restrict unknown scalars of mixed signed bounds for unprivileged")
This was sent in by Sam to bpf@ earlier, and acked by Yonghong Song,
https://lore.kernel.org/bpf/20210419235641.5442-1-samjonas@amazon.com/T/#u
I am including it so that it is 'formally' submitted it
to -stable.
<4.14 only> ("bpf: fix up selftests after backports were fixed")
This is a follow-up to the previous by me, to fix selftests. It's
from 80c9b2fae87b ("bpf: add various test cases to selftests"), but
since that one was already partially added to the 4.14 branch
in 03f11a51a196 ("bpf: Fix selftests are changes for CVE 2019-7308"),
it's not a "backport" as such. To avoid confusion, I created a
separate commit for it, referencing the original commit
in the message. I examined each individual changed test, and
went through the history to see that the error message was indeed
as expected.
0a13e3537ea6 ("bpf, selftests: Fix up some test_verifier cases for unprivileged")
After some recent backports of bpf fixes to 4.14 (separate from this
series), there are some selftests that need to be modified. This
backported commit does that. No major conflicts/issues. For 4.14,
some tests do not exist yet, so they were skipped.
The next ones are a backport of the BPF verifier fixes for CVE-2021-29155.
Original series was part of the pull request here: https://lore.kernel.org/bpf/20210416223700.15611-1-daniel@iogearbox.net/T/
960114839252 ("bpf: Use correct permission flag for mixed signed bounds arithmetic")
* Not applicable for 4.14, as it does not have
2c78ee898d8f ("bpf: Implement CAP_BPF").
6f55b2f2a117 ("bpf: Move off_reg into sanitize_ptr_alu")
* Minor contextual conflict: verbose() does not have the env
argument in 4.14.
24c109bb1537 ("bpf: Ensure off_reg has no mixed signed bounds for all types")
* This deletes a switch() case in adjust_ptr_min_max_vals, since
it moves the check in it to retrieve_ptr_limit. For 4.14, that
switch() statement was still 2 if() statements, since it does not
have aad2eeaf4697 ("bpf: Simplify ptr_min_max_vals adjustment").
The equivalent change for 4.14 is to delete the PTR_TO_MAP_VALUE
if().
b658bbb844e2 ("bpf: Rework ptr_limit into alu_limit and add common error path")
* Clean cherry-pick.
a6aaece00a57 ("bpf: Improve verifier error messages for users")
* Simple contextual conflict in adjust_scalar_min_max_vals().
because of a var declaration that was added by this post-5.4 commit:
3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking").
* Additional simple contextual conflict: verbose() does not have
the env argument in 4.14.
073815b756c5 ("bpf: Refactor and streamline bounds check into helper")
* This factors out the bounds check in adjust_ptr_min_max_vals
in to a separate function. In 4.14, the bounds check block
in question looks a little different, because:
* 4.14 still uses allow_ptr_leaks, not bypass_spec_v1.
* 01f810ace9ed ("bpf: Allow variable-offset stack access")
changed the call to check_stack_access to a new function,
check_stack_access_for_ptr_arithmetic(), and moved/changed
an error message.
* Since this commit just factors out some code from
adjust_ptr_min_max_vals() in to a new function, do the same
with the corresponding block in 4.14 that doesn't have the
changes listed above from post-4.14 commits.
f528819334 ("bpf: Move sanitize_val_alu out of op switch")
* Resolved contextual conflict from post-4.14 commit
3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking"),
that added a comment on top of the switch referenced in the commit
message.
7fedb63a8307 ("bpf: Tighten speculative pointer arithmetic mask")
* Resolved contextual conflict post-4.14 commit:
3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking")
added a call to a new function just above the switch statement in
adjust_ptr_min_max_vals. This doesn't affect the lines that were
actually changed.
* Resolved contextual conflict:
01f810ace9ed ("bpf: Allow variable-offset stack access") added
a comment to the PTR_TO_STACK case in retrieve_ptr_limit. This
comment is not present in 4.14, but the code is the same.
d7a509135175 ("bpf: Update selftests to reflect new error states")
* Post-4.14, the verifier tests were split in to different
files, in 4.14 they are still all in test_verifier.c.
* The bounds.c tests have undergone several changes since 4.14,
related to commits that were not backported (like e.g. the
ALU32 changes). The error message will remain the same on 4.14.
* 4f7b3e82589e ("bpf: improve verifier branch analysis") changed
the error message for the "bounds checks mixing signed and
unsigned, variant 14" test. Since 4.14 does not have that commit,
this test will still produce the original error message ("R0
invalid mem access 'inv'").
The rest of the commits are to pull in a few commits that get the number
of verifier/align selftest errors on the 4.14 branch down to 0. This is
mainly about the first one:
82abbf8d2fc4 ("bpf: do not allow root to mangle valid pointers")
* This commit has a follow-up that must be added as well,
see the next commit.
* As the commit message states, this mostly disallows
pointer mangling that was allowed by
f1174f77b50c ("bpf/verifier: rework value tracking").
Allowing root to mangle valid pointers also results
in the unexpected successful loading of some selftests,
so backporting this fixes that.
* Resolved contextual conflict: 4.14 does not have the
env argument to verbose
dd066823db2a ("bpf/verifier: disallow pointer subtraction")
* Fixes the above.
* Minor contextual conflict: mark_reg_unknown does not
have an env argument on 4.14.
2b36047e7889 ("selftests/bpf: fix test_align")
* Selftest follow-up to
82abbf8d2fc4 ("bpf: do not allow root to mangle valid pointers")
* Clean cherry-pick.
31e95b61e172 ("selftests/bpf: make 'dubious pointer arithmetic' test useful")
* Selftest follow-up to the above.
* Conflict: 4.14 does not have 'liveness' of registers in the
output, so adjust the expected output to match.
=====
Alexei Starovoitov (4):
bpf: do not allow root to mangle valid pointers
bpf/verifier: disallow pointer subtraction
selftests/bpf: fix test_align
selftests/bpf: make 'dubious pointer arithmetic' test useful
Daniel Borkmann (8):
bpf: Move off_reg into sanitize_ptr_alu
bpf: Ensure off_reg has no mixed signed bounds for all types
bpf: Rework ptr_limit into alu_limit and add common error path
bpf: Improve verifier error messages for users
bpf: Refactor and streamline bounds check into helper
bpf: Move sanitize_val_alu out of op switch
bpf: Tighten speculative pointer arithmetic mask
bpf: Update selftests to reflect new error states
Frank van der Linden (1):
bpf: fix up selftests after backports were fixed
Piotr Krysiuk (1):
bpf, selftests: Fix up some test_verifier cases for unprivileged
Samuel Mendoza-Jonas (1):
bpf: Fix backport of "bpf: restrict unknown scalars of mixed signed
bounds for unprivileged"
kernel/bpf/verifier.c | 330 ++++++++++++--------
tools/testing/selftests/bpf/test_align.c | 26 +-
tools/testing/selftests/bpf/test_verifier.c | 104 +++---
3 files changed, 269 insertions(+), 191 deletions(-)
--
2.23.3