May 2022 - Linux-stable-mirror

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.118 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arm64/silicon-errata.rst | 3 Documentation/core-api/dma-attributes.rst | 8 Documentation/devicetree/bindings/pinctrl/aspeed,ast2600-pinctrl.yaml | 2 Makefile | 2 arch/arm/boot/dts/aspeed-g6-pinctrl.dtsi | 9 arch/arm/kernel/entry-armv.S | 2 arch/arm/kernel/stacktrace.c | 10 arch/arm/mm/proc-v7-bugs.c | 1 arch/arm64/kernel/cpu_errata.c | 2 arch/arm64/kernel/mte.c | 3 arch/arm64/kernel/paravirt.c | 29 arch/mips/lantiq/falcon/sysctrl.c | 2 arch/mips/lantiq/xway/gptu.c | 2 arch/mips/lantiq/xway/sysctrl.c | 46 - arch/riscv/boot/dts/sifive/fu540-c000.dtsi | 2 arch/s390/pci/pci.c | 1 arch/s390/pci/pci_bus.h | 3 arch/s390/pci/pci_clp.c | 9 arch/s390/pci/pci_event.c | 7 arch/x86/crypto/chacha-avx512vl-x86_64.S | 4 arch/x86/kvm/mmu/mmu.c | 10 arch/x86/um/shared/sysdep/syscalls_64.h | 5 drivers/block/drbd/drbd_main.c | 7 drivers/block/floppy.c | 20 drivers/clk/at91/clk-generated.c | 4 drivers/crypto/qcom-rng.c | 1 drivers/crypto/stm32/stm32-crc32.c | 4 drivers/gpio/gpio-mvebu.c | 3 drivers/gpio/gpio-vf610.c | 8 drivers/gpu/drm/drm_dp_mst_topology.c | 1 drivers/gpu/drm/i915/display/intel_opregion.c | 15 drivers/i2c/busses/i2c-mt7621.c | 10 drivers/input/input.c | 19 drivers/input/touchscreen/ili210x.c | 4 drivers/input/touchscreen/stmfts.c | 8 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 20 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 7 drivers/net/ethernet/broadcom/bcmsysport.c | 6 drivers/net/ethernet/cadence/macb_main.c | 2 drivers/net/ethernet/dec/tulip/tulip_core.c | 5 drivers/net/ethernet/intel/ice/ice_main.c | 7 drivers/net/ethernet/intel/igb/igb_main.c | 3 drivers/net/ethernet/intel/igc/igc_base.c | 10 drivers/net/ethernet/intel/igc/igc_hw.h | 1 drivers/net/ethernet/intel/igc/igc_main.c | 18 drivers/net/ethernet/intel/igc/igc_phy.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 7 drivers/net/ethernet/qlogic/qla3xxx.c | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 4 drivers/net/ipa/gsi.c | 6 drivers/net/vmxnet3/vmxnet3_drv.c | 6 drivers/nvme/host/core.c | 1 drivers/nvme/host/multipath.c | 25 drivers/nvme/host/nvme.h | 4 drivers/nvme/host/pci.c | 5 drivers/pci/pci.c | 10 drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 14 drivers/platform/chrome/cros_ec_debugfs.c | 12 drivers/rtc/class.c | 9 drivers/rtc/rtc-mc146818-lib.c | 16 drivers/rtc/rtc-pcf2127.c | 3 drivers/rtc/rtc-sun6i.c | 14 drivers/scsi/qla2xxx/qla_target.c | 3 drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/vhost/net.c | 15 drivers/vhost/vdpa.c | 5 fs/afs/inode.c | 14 fs/gfs2/file.c | 4 fs/io_uring.c | 6 fs/ioctl.c | 2 fs/nilfs2/btnode.c | 23 fs/nilfs2/btnode.h | 1 fs/nilfs2/btree.c | 27 fs/nilfs2/dat.c | 4 fs/nilfs2/gcinode.c | 7 fs/nilfs2/inode.c | 159 ++++- fs/nilfs2/mdt.c | 43 - fs/nilfs2/mdt.h | 6 fs/nilfs2/nilfs.h | 16 fs/nilfs2/page.c | 7 fs/nilfs2/segment.c | 9 fs/nilfs2/super.c | 5 include/linux/ceph/osd_client.h | 3 include/linux/dma-mapping.h | 8 include/linux/mc146818rtc.h | 2 include/net/ip.h | 1 include/net/netns/xfrm.h | 3 include/net/xfrm.h | 36 - include/uapi/linux/dma-buf.h | 4 include/uapi/linux/xfrm.h | 14 kernel/dma/swiotlb.c | 12 kernel/events/core.c | 14 kernel/module.c | 18 net/bridge/br_input.c | 7 net/ceph/osd_client.c | 302 +++------- net/ipv4/route.c | 29 net/key/af_key.c | 6 net/mac80211/rx.c | 3 net/nfc/nci/data.c | 2 net/nfc/nci/hci.c | 4 net/sched/act_pedit.c | 4 net/wireless/nl80211.c | 18 net/xfrm/xfrm_policy.c | 20 net/xfrm/xfrm_user.c | 88 ++ security/selinux/nlmsgtab.c | 4 security/selinux/ss/hashtab.c | 3 sound/isa/wavefront/wavefront_synth.c | 3 sound/pci/hda/patch_realtek.c | 9 sound/usb/quirks-table.h | 9 tools/perf/bench/numa.c | 2 tools/testing/selftests/net/fcnal-test.sh | 12 tools/virtio/Makefile | 3 112 files changed, 997 insertions(+), 494 deletions(-) Al Viro (1): Fix double fget() in vhost_net_set_backend() Alex Elder (1): net: ipa: record proper RX transaction count Andre Przywara (1): rtc: sun6i: Fix time overflow handling Andreas Gruenbacher (1): gfs2: Disable page faults during lockless buffered reads Andrew Lunn (1): net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. Anton Eidelman (1): nvme-multipath: fix hang when disk goes live over reconnect Ard Biesheuvel (2): ARM: 9196/1: spectre-bhb: enable for Cortex-A15 ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 Catalin Marinas (1): arm64: mte: Ensure the cleared tags are visible before setting the PTE Christophe JAILLET (2): net: systemport: Fix an error handling path in bcm_sysport_probe() net/qla3xxx: Fix a test in ql_reset_work() Codrin Ciubotariu (1): clk: at91: generated: consider range when calculating best rate David Gow (1): um: Cleanup syscall_handler_t definition/cast, fix warning David Howells (1): afs: Fix afs_getattr() to refetch file status if callback break occurred Duoming Zhou (1): NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc Eugene Syromiatnikov (1): include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage Eyal Birger (1): xfrm: fix "disable_policy" flag use when arriving from different devices Felix Fietkau (1): mac80211: fix rx reordering with non explicit / psmp ack policy Gleb Chesnokov (1): scsi: qla2xxx: Fix missed DMA unmap for aborted commands Grant Grundler (4): net: atlantic: fix "frag[0] not initialized" net: atlantic: reduce scope of is_rsc_complete net: atlantic: add check for MAX_SKB_FRAGS net: atlantic: verify hw_head_ lies within TX buffer ring Greg Kroah-Hartman (1): Linux 5.10.118 Greg Thelen (1): Revert "drm/i915/opregion: check port number bounds for SWSCI display power state" Guo Xuenan (1): fs: fix an infinite loop in iomap_fiemap Haibo Chen (1): gpio: gpio-vf610: do not touch other bits when set the target bit Hangyu Hua (1): drm/dp/mst: fix a possible memory leak in fetch_monitor_name() Harini Katakam (1): net: macb: Increment rx bd head after allocating skb and buffer Hugo Villeneuve (1): rtc: pcf2127: fix bug when reading alarm registers Ilya Dryomov (1): libceph: fix potential use-after-free on linger ping and resends Jae Hyun Yoo (4): ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group Jakob Koschel (1): drbd: remove usage of list iterator variable after loop Jeff LaBundy (1): Input: add bounds checking to input_set_capability() Jens Axboe (1): io_uring: always grab file table for deferred statx Jessica Yu (2): module: treat exit sections the same as init sections when !CONFIG_MODULE_UNLOAD module: check for exit sections in layout_sections() instead of module_init_section() Jiasheng Jiang (1): net: af_key: add check for pfkey_broadcast in function pfkey_process Johannes Berg (1): nl80211: fix locking in nl80211_set_tx_bitrate_mask() Jérôme Pouiller (1): dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace Kai-Heng Feng (1): ALSA: hda/realtek: Enable headset mic on Lenovo P360 Kevin Mitchell (1): igb: skip phy status check where unavailable Kieran Frewen (1): nl80211: validate S1G channel width Krzysztof Kozlowski (1): riscv: dts: sifive: fu540-c000: align dma node name with dtschema Linus Torvalds (1): Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" Marek Vasut (1): Input: ili210x - fix reset timing Mario Limonciello (1): rtc: mc146818-lib: Fix the AltCentury for AMD platforms Maxim Mikityanskiy (1): net/mlx5e: Properly block LRO when XDP is enabled Michael S. Tsirkin (1): tools/virtio: compile with -pthread Monish Kumar R (1): nvme-pci: add quirks for Samsung X5 SSDs Nicolas Dichtel (5): xfrm: make user policy API complete xfrm: notify default policy on update xfrm: fix dflt policy check when there is no policy configured xfrm: rework default policy structure selftests: add ping test with ping_group_range tuned Niklas Schnelle (1): s390/pci: improve zpci_dev reference counting Ondrej Mosnacek (2): selinux: fix bad cleanup on error in hashtab_duplicate() crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ Paolo Abeni (1): net/sched: act_pedit: sanitize shift argument before usage Paul Greenwalt (1): ice: fix possible under reporting of ethtool Tx and Rx statistics Pavel Skripkin (1): net: xfrm: fix shift-out-of-bounce Peter Zijlstra (2): crypto: x86/chacha20 - Avoid spurious jumps to other functions perf: Fix sys_perf_event_open() race against self Prakruthi Deepak Heragu (1): arm64: paravirt: Use RCU read locks to guard stolen_time Rafael J. Wysocki (1): PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold Ryusuke Konishi (2): nilfs2: fix lockdep warnings in page operations for btree nodes nilfs2: fix lockdep warnings during disk space reclamation Sasha Levin (1): Revert "swiotlb: fix info leak with DMA_FROM_DEVICE" Sasha Neftin (3): igc: Remove _I_PHY_ID checking igc: Remove phy->type checking igc: Update I226_K device ID Schspa Shi (1): usb: gadget: fix race when gadget driver register via ioctl Sean Christopherson (1): KVM: x86/mmu: Update number of zapped pages even if page list is stable Shreyas K K (1): arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs Steffen Klassert (1): xfrm: Add possibility to set the default to block if we have no policy Takashi Iwai (2): ALSA: usb-audio: Restore Rane SL-1 quirk ALSA: wavefront: Proper check of get_user() error Thomas Richter (1): perf bench numa: Address compiler error on s390 Tzung-Bi Shih (1): platform/chrome: cros_ec_debugfs: detach log reader wq from devm Uwe Kleine-König (1): gpio: mvebu/pwm: Refuse requests with inverted polarity Vincent Bernat (1): net: evaluate net.ipvX.conf.all.disable_policy and disable_xfrm Vincent Whitchurch (1): rtc: fix use-after-free on device removal Werner Sembach (1): ALSA: hda/realtek: Add quirk for TongFang devices with pop noise Willy Tarreau (1): floppy: use a statically allocated error counter Xiaoke Wang (1): MIPS: lantiq: check the return value of kzalloc() Yang Yingliang (3): ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() Zheng Yongjun (2): Input: stmfts - fix reference leak in stmfts_input_open crypto: stm32 - fix reference leak in stm32_crc_remove Zhu Lingshan (1): vhost_vdpa: don't setup irq offloading when irq_num < 0 Zixuan Fu (2): net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() linyujun (1): ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()

2 years, 7 months

1
1
0 0

Linux 5.4.196

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.196 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/DMA-attributes.txt | 10 Makefile | 2 arch/arm/boot/dts/aspeed-g6-pinctrl.dtsi | 9 arch/arm/boot/dts/imx7-colibri.dtsi | 4 arch/arm/boot/dts/imx7-mba7.dtsi | 2 arch/arm/boot/dts/imx7d-nitrogen7.dts | 2 arch/arm/boot/dts/imx7d-pico-hobbit.dts | 4 arch/arm/boot/dts/imx7d-pico-pi.dts | 4 arch/arm/boot/dts/imx7d-sdb.dts | 2 arch/arm/boot/dts/imx7s-warp.dts | 4 arch/arm/kernel/entry-armv.S | 2 arch/arm/kernel/stacktrace.c | 10 arch/arm/mm/proc-v7-bugs.c | 1 arch/mips/lantiq/falcon/sysctrl.c | 2 arch/mips/lantiq/xway/gptu.c | 2 arch/mips/lantiq/xway/sysctrl.c | 46 ++-- arch/x86/crypto/chacha-avx512vl-x86_64.S | 4 arch/x86/kvm/mmu.c | 10 arch/x86/um/shared/sysdep/syscalls_64.h | 5 arch/x86/xen/smp_pv.c | 3 arch/x86/xen/xen-head.S | 18 + block/bfq-iosched.c | 3 block/blk-merge.c | 15 - block/elevator.c | 3 block/mq-deadline.c | 2 drivers/base/firmware_loader/main.c | 17 + drivers/block/drbd/drbd_main.c | 7 drivers/block/floppy.c | 20 - drivers/clk/at91/clk-generated.c | 4 drivers/crypto/qcom-rng.c | 1 drivers/crypto/stm32/stm32-crc32.c | 4 drivers/gpio/gpio-mvebu.c | 3 drivers/gpio/gpio-vf610.c | 8 drivers/gpu/drm/drm_dp_mst_topology.c | 1 drivers/i2c/busses/i2c-mt7621.c | 10 drivers/input/input.c | 19 + drivers/input/touchscreen/ili210x.c | 4 drivers/input/touchscreen/stmfts.c | 8 drivers/mmc/core/block.c | 6 drivers/mmc/core/mmc_ops.c | 25 +- drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 7 drivers/net/ethernet/cadence/macb_main.c | 2 drivers/net/ethernet/dec/tulip/tulip_core.c | 5 drivers/net/ethernet/intel/ice/ice_main.c | 7 drivers/net/ethernet/intel/igb/igb_main.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 7 drivers/net/ethernet/qlogic/qla3xxx.c | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 5 drivers/net/vmxnet3/vmxnet3_drv.c | 6 drivers/nvme/host/core.c | 1 drivers/nvme/host/multipath.c | 25 ++ drivers/nvme/host/nvme.h | 4 drivers/pci/pci.c | 10 drivers/platform/chrome/cros_ec_debugfs.c | 12 - drivers/rtc/class.c | 9 drivers/rtc/rtc-mc146818-lib.c | 16 + drivers/scsi/qla2xxx/qla_target.c | 3 drivers/vhost/net.c | 15 - fs/afs/inode.c | 14 + fs/file_table.c | 1 fs/nilfs2/btnode.c | 23 +- fs/nilfs2/btnode.h | 1 fs/nilfs2/btree.c | 27 +- fs/nilfs2/dat.c | 4 fs/nilfs2/gcinode.c | 7 fs/nilfs2/inode.c | 159 ++++++++++++-- fs/nilfs2/mdt.c | 43 ++- fs/nilfs2/mdt.h | 6 fs/nilfs2/nilfs.h | 16 - fs/nilfs2/page.c | 7 fs/nilfs2/segment.c | 9 fs/nilfs2/super.c | 5 include/linux/blkdev.h | 16 + include/linux/dma-mapping.h | 8 include/linux/mc146818rtc.h | 2 include/linux/stmmac.h | 1 include/linux/sunrpc/xprtsock.h | 1 include/uapi/linux/dma-buf.h | 4 kernel/dma/swiotlb.c | 13 - kernel/events/core.c | 14 + net/bridge/br_input.c | 7 net/key/af_key.c | 6 net/mac80211/rx.c | 3 net/nfc/nci/data.c | 2 net/nfc/nci/hci.c | 4 net/sched/act_pedit.c | 4 net/sunrpc/xprt.c | 34 +- net/sunrpc/xprtsock.c | 36 ++- sound/isa/wavefront/wavefront_synth.c | 3 sound/pci/hda/patch_realtek.c | 1 tools/objtool/check.c | 1 tools/perf/bench/numa.c | 2 tools/testing/selftests/net/fcnal-test.sh | 12 + 94 files changed, 681 insertions(+), 263 deletions(-) Abel Vesa (1): ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk Al Viro (1): Fix double fget() in vhost_net_set_backend() Andrew Lunn (1): net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. Anton Eidelman (1): nvme-multipath: fix hang when disk goes live over reconnect Ard Biesheuvel (2): ARM: 9196/1: spectre-bhb: enable for Cortex-A15 ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 Christophe JAILLET (1): net/qla3xxx: Fix a test in ql_reset_work() Codrin Ciubotariu (1): clk: at91: generated: consider range when calculating best rate David Gow (1): um: Cleanup syscall_handler_t definition/cast, fix warning David Howells (1): afs: Fix afs_getattr() to refetch file status if callback break occurred Duoming Zhou (1): NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc Felix Fietkau (1): mac80211: fix rx reordering with non explicit / psmp ack policy Gleb Chesnokov (1): scsi: qla2xxx: Fix missed DMA unmap for aborted commands Grant Grundler (1): net: atlantic: verify hw_head_ lies within TX buffer ring Greg Kroah-Hartman (1): Linux 5.4.196 Haibo Chen (1): gpio: gpio-vf610: do not touch other bits when set the target bit Hangyu Hua (1): drm/dp/mst: fix a possible memory leak in fetch_monitor_name() Harini Katakam (1): net: macb: Increment rx bd head after allocating skb and buffer Jae Hyun Yoo (2): ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group Jakob Koschel (1): drbd: remove usage of list iterator variable after loop Jeff LaBundy (1): Input: add bounds checking to input_set_capability() Jiasheng Jiang (1): net: af_key: add check for pfkey_broadcast in function pfkey_process Juergen Gross (1): x86/xen: fix booting 32-bit pv guest Jérôme Pouiller (1): dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace Kai-Heng Feng (1): ALSA: hda/realtek: Enable headset mic on Lenovo P360 Kevin Mitchell (1): igb: skip phy status check where unavailable Linus Torvalds (1): Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" Marek Vasut (1): Input: ili210x - fix reset timing Mario Limonciello (1): rtc: mc146818-lib: Fix the AltCentury for AMD platforms Maxim Mikityanskiy (1): net/mlx5e: Properly block LRO when XDP is enabled Meena Shanmugam (4): SUNRPC: Clean up scheduling of autoclose SUNRPC: Prevent immediate close+reconnect SUNRPC: Don't call connect() more than once on a TCP socket SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() Ming Lei (1): block: return ELEVATOR_DISCARD_MERGE if possible Miroslav Benes (2): x86/xen: Make the boot CPU idle task reliable x86/xen: Make the secondary CPU idle tasks reliable Nicolas Dichtel (1): selftests: add ping test with ping_group_range tuned Ondrej Mosnacek (1): crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ Paolo Abeni (1): net/sched: act_pedit: sanitize shift argument before usage Paul Greenwalt (1): ice: fix possible under reporting of ethtool Tx and Rx statistics Peter Zijlstra (3): crypto: x86/chacha20 - Avoid spurious jumps to other functions perf: Fix sys_perf_event_open() race against self x86/xen: Mark cpu_bringup_and_idle() as dead_end_function Rafael J. Wysocki (1): PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold Ryusuke Konishi (2): nilfs2: fix lockdep warnings in page operations for btree nodes nilfs2: fix lockdep warnings during disk space reclamation Sean Christopherson (1): KVM: x86/mmu: Update number of zapped pages even if page list is stable Takashi Iwai (1): ALSA: wavefront: Proper check of get_user() error Tan Tee Min (1): net: stmmac: disable Split Header (SPH) for Intel platforms Thiébaud Weksteen (1): firmware_loader: use kernel credentials when reading firmware Thomas Richter (1): perf bench numa: Address compiler error on s390 Tzung-Bi Shih (1): platform/chrome: cros_ec_debugfs: detach log reader wq from devm Ulf Hansson (3): mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() Uwe Kleine-König (1): gpio: mvebu/pwm: Refuse requests with inverted polarity Vincent Whitchurch (1): rtc: fix use-after-free on device removal Willy Tarreau (1): floppy: use a statically allocated error counter Xiaoke Wang (1): MIPS: lantiq: check the return value of kzalloc() Yang Yingliang (3): ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() Zheng Yongjun (2): Input: stmfts - fix reference leak in stmfts_input_open crypto: stm32 - fix reference leak in stm32_crc_remove Zixuan Fu (2): net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() linyujun (1): ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()

2 years, 7 months

1
1
0 0

Linux 4.19.245

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.245 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/kernel/entry-armv.S | 2 arch/arm/kernel/stacktrace.c | 10 arch/arm/mm/proc-v7-bugs.c | 1 arch/mips/lantiq/falcon/sysctrl.c | 2 arch/mips/lantiq/xway/gptu.c | 2 arch/mips/lantiq/xway/sysctrl.c | 46 ++-- arch/x86/um/shared/sysdep/syscalls_64.h | 5 drivers/block/drbd/drbd_main.c | 7 drivers/block/floppy.c | 17 - drivers/clk/at91/clk-generated.c | 4 drivers/crypto/qcom-rng.c | 1 drivers/crypto/stm32/stm32_crc32.c | 4 drivers/gpio/gpio-mvebu.c | 3 drivers/gpio/gpio-vf610.c | 8 drivers/gpu/drm/drm_dp_mst_topology.c | 1 drivers/input/input.c | 19 + drivers/input/touchscreen/stmfts.c | 8 drivers/mmc/core/block.c | 8 drivers/mmc/core/card.h | 6 drivers/mmc/core/mmc.c | 6 drivers/mmc/core/mmc_ops.c | 110 ++------- drivers/mmc/core/mmc_ops.h | 3 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 7 drivers/net/ethernet/cadence/macb_main.c | 2 drivers/net/ethernet/dec/tulip/tulip_core.c | 5 drivers/net/ethernet/intel/igb/igb_main.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 7 drivers/net/ethernet/qlogic/qla3xxx.c | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 4 drivers/net/vmxnet3/vmxnet3_drv.c | 6 drivers/pci/pci.c | 10 drivers/scsi/qla2xxx/qla_target.c | 3 drivers/vhost/net.c | 15 - fs/afs/inode.c | 14 + fs/nilfs2/btnode.c | 23 +- fs/nilfs2/btnode.h | 1 fs/nilfs2/btree.c | 27 +- fs/nilfs2/dat.c | 4 fs/nilfs2/gcinode.c | 7 fs/nilfs2/inode.c | 159 ++++++++++++-- fs/nilfs2/mdt.c | 43 ++- fs/nilfs2/mdt.h | 6 fs/nilfs2/nilfs.h | 16 - fs/nilfs2/page.c | 7 fs/nilfs2/segment.c | 9 fs/nilfs2/super.c | 5 kernel/dma/swiotlb.c | 12 - kernel/events/core.c | 14 + net/bridge/br_input.c | 7 net/key/af_key.c | 6 net/mac80211/rx.c | 3 net/nfc/nci/data.c | 2 net/nfc/nci/hci.c | 4 net/sched/act_pedit.c | 4 sound/isa/wavefront/wavefront_synth.c | 3 tools/perf/bench/numa.c | 2 57 files changed, 482 insertions(+), 236 deletions(-) Al Viro (1): Fix double fget() in vhost_net_set_backend() Andrew Lunn (1): net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. Ard Biesheuvel (2): ARM: 9196/1: spectre-bhb: enable for Cortex-A15 ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 Christophe JAILLET (1): net/qla3xxx: Fix a test in ql_reset_work() Codrin Ciubotariu (1): clk: at91: generated: consider range when calculating best rate David Gow (1): um: Cleanup syscall_handler_t definition/cast, fix warning David Howells (1): afs: Fix afs_getattr() to refetch file status if callback break occurred Duoming Zhou (1): NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc Felix Fietkau (1): mac80211: fix rx reordering with non explicit / psmp ack policy Gleb Chesnokov (1): scsi: qla2xxx: Fix missed DMA unmap for aborted commands Grant Grundler (1): net: atlantic: verify hw_head_ lies within TX buffer ring Greg Kroah-Hartman (1): Linux 4.19.245 Haibo Chen (1): gpio: gpio-vf610: do not touch other bits when set the target bit Halil Pasic (1): swiotlb: fix info leak with DMA_FROM_DEVICE Hangyu Hua (1): drm/dp/mst: fix a possible memory leak in fetch_monitor_name() Harini Katakam (1): net: macb: Increment rx bd head after allocating skb and buffer Jakob Koschel (1): drbd: remove usage of list iterator variable after loop Jeff LaBundy (1): Input: add bounds checking to input_set_capability() Jiasheng Jiang (1): net: af_key: add check for pfkey_broadcast in function pfkey_process Kevin Mitchell (1): igb: skip phy status check where unavailable Linus Torvalds (1): Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" Maxim Mikityanskiy (1): net/mlx5e: Properly block LRO when XDP is enabled Ondrej Mosnacek (1): crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ Paolo Abeni (1): net/sched: act_pedit: sanitize shift argument before usage Peter Zijlstra (1): perf: Fix sys_perf_event_open() race against self Rafael J. Wysocki (1): PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold Ryusuke Konishi (2): nilfs2: fix lockdep warnings in page operations for btree nodes nilfs2: fix lockdep warnings during disk space reclamation Takashi Iwai (1): ALSA: wavefront: Proper check of get_user() error Thomas Richter (1): perf bench numa: Address compiler error on s390 Ulf Hansson (4): mmc: core: Cleanup BKOPS support mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() Uwe Kleine-König (1): gpio: mvebu/pwm: Refuse requests with inverted polarity Willy Tarreau (1): floppy: use a statically allocated error counter Xiaoke Wang (1): MIPS: lantiq: check the return value of kzalloc() Yang Yingliang (2): ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() Zheng Yongjun (2): Input: stmfts - fix reference leak in stmfts_input_open crypto: stm32 - fix reference leak in stm32_crc_remove Zixuan Fu (2): net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() linyujun (1): ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()

2 years, 7 months

1
1
0 0

[REGRESSION] Laptop with Ryzen 4600H fails to resume video since 5.17.4 (works 5.17.3)

by Christian Casteyde

#regzbot introduced v5.17.3..v5.17.4 #regzbot introduced: 001828fb3084379f3c3e228b905223c50bc237f9 Hello Since 5.17.4 my laptop doesn't resume from suspend anymore. At resume, symptoms are variable: - either the laptop freezes; - either the screen keeps blank; - either the screen is OK but mouse is frozen; - either display lags with several logs in dmesg: [ 228.275492] [drm] Fence fallback timer expired on ring gfx [ 228.395466] [drm:amdgpu_dm_atomic_commit_tail] *ERROR* Waiting for fences timed out! [ 228.779490] [drm] Fence fallback timer expired on ring gfx [ 229.283484] [drm] Fence fallback timer expired on ring sdma0 [ 229.283485] [drm] Fence fallback timer expired on ring gfx [ 229.787487] [drm] Fence fallback timer expired on ring gfx ... I've bisected the problem. Please note this laptop has a strange behaviour on suspend: The first suspend request always fails (this point has never been fixed and plagues us when trying to diagnose another regression on touchpad not resuming in the past). The screen goes blank and I can get it OK when pressing the power button, this seems to reset it. After that all suspend/resume works OK. Since 5.17.4, it is not possible anymore to get the laptop working again after the first suspend failure. HW : HP Pavilion / Ryzen 4600H with AMD graphics integrated + NVidia 1650Ti (turned off with ACPI call in order to get more battery, I'm not using NVidia driver).

2 years, 7 months

6
28
0 0

Linux 4.14.281

by Greg Kroah-Hartman

I'm announcing the release of the 4.14.281 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/kernel/entry-armv.S | 2 arch/arm/kernel/stacktrace.c | 10 +-- arch/arm/mm/proc-v7-bugs.c | 1 arch/mips/lantiq/falcon/sysctrl.c | 2 arch/mips/lantiq/xway/gptu.c | 2 arch/mips/lantiq/xway/sysctrl.c | 46 +++++++++----- arch/x86/um/shared/sysdep/syscalls_64.h | 5 - drivers/block/drbd/drbd_main.c | 7 +- drivers/block/floppy.c | 17 ++--- drivers/clk/at91/clk-generated.c | 4 + drivers/gpio/gpio-mvebu.c | 3 drivers/gpio/gpio-vf610.c | 8 +- drivers/gpu/drm/drm_dp_mst_topology.c | 1 drivers/input/input.c | 19 +++++ drivers/input/touchscreen/stmfts.c | 8 +- drivers/mmc/core/block.c | 6 - drivers/mmc/core/mmc_ops.c | 27 ++++---- drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 7 ++ drivers/net/ethernet/dec/tulip/tulip_core.c | 5 + drivers/net/ethernet/intel/igb/igb_main.c | 3 drivers/net/ethernet/qlogic/qla3xxx.c | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 4 - drivers/net/vmxnet3/vmxnet3_drv.c | 6 + drivers/scsi/qla2xxx/qla_target.c | 3 kernel/events/core.c | 14 ++++ lib/swiotlb.c | 12 ++- net/bridge/br_input.c | 7 ++ net/key/af_key.c | 6 + net/mac80211/rx.c | 3 net/nfc/nci/data.c | 2 net/nfc/nci/hci.c | 4 - sound/isa/wavefront/wavefront_synth.c | 3 tools/perf/bench/numa.c | 2 34 files changed, 176 insertions(+), 78 deletions(-) Andrew Lunn (1): net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. Ard Biesheuvel (2): ARM: 9196/1: spectre-bhb: enable for Cortex-A15 ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 Christophe JAILLET (1): net/qla3xxx: Fix a test in ql_reset_work() Codrin Ciubotariu (1): clk: at91: generated: consider range when calculating best rate David Gow (1): um: Cleanup syscall_handler_t definition/cast, fix warning Duoming Zhou (1): NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc Felix Fietkau (1): mac80211: fix rx reordering with non explicit / psmp ack policy Gleb Chesnokov (1): scsi: qla2xxx: Fix missed DMA unmap for aborted commands Grant Grundler (1): net: atlantic: verify hw_head_ lies within TX buffer ring Greg Kroah-Hartman (1): Linux 4.14.281 Haibo Chen (1): gpio: gpio-vf610: do not touch other bits when set the target bit Halil Pasic (1): swiotlb: fix info leak with DMA_FROM_DEVICE Hangyu Hua (1): drm/dp/mst: fix a possible memory leak in fetch_monitor_name() Jakob Koschel (1): drbd: remove usage of list iterator variable after loop Jeff LaBundy (1): Input: add bounds checking to input_set_capability() Jiasheng Jiang (1): net: af_key: add check for pfkey_broadcast in function pfkey_process Kevin Mitchell (1): igb: skip phy status check where unavailable Linus Torvalds (1): Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" Peter Zijlstra (1): perf: Fix sys_perf_event_open() race against self Takashi Iwai (1): ALSA: wavefront: Proper check of get_user() error Thomas Richter (1): perf bench numa: Address compiler error on s390 Ulf Hansson (3): mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() Uwe Kleine-König (1): gpio: mvebu/pwm: Refuse requests with inverted polarity Willy Tarreau (1): floppy: use a statically allocated error counter Xiaoke Wang (1): MIPS: lantiq: check the return value of kzalloc() Yang Yingliang (2): ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() Zheng Yongjun (1): Input: stmfts - fix reference leak in stmfts_input_open Zixuan Fu (2): net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() linyujun (1): ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()

2 years, 7 months

1
1
0 0

Linux 4.9.316

by Greg Kroah-Hartman

I'm announcing the release of the 4.9.316 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/arm/kernel/entry-armv.S | 2 - arch/arm/kernel/stacktrace.c | 10 ++--- arch/arm/mm/proc-v7-bugs.c | 1 arch/mips/lantiq/falcon/sysctrl.c | 2 + arch/mips/lantiq/xway/gptu.c | 2 + arch/mips/lantiq/xway/sysctrl.c | 46 +++++++++++++++-------- arch/x86/um/shared/sysdep/syscalls_64.h | 5 +- drivers/block/drbd/drbd_main.c | 7 ++- drivers/block/floppy.c | 19 ++++----- drivers/gpu/drm/drm_dp_mst_topology.c | 1 drivers/input/input.c | 19 +++++++++ drivers/mmc/card/block.c | 6 +-- drivers/mmc/core/core.c | 5 ++ drivers/mmc/core/mmc_ops.c | 9 ++-- drivers/net/ethernet/dec/tulip/tulip_core.c | 5 ++ drivers/net/ethernet/intel/igb/igb_main.c | 3 + drivers/net/ethernet/qlogic/qla3xxx.c | 3 + drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 4 -- drivers/net/vmxnet3/vmxnet3_drv.c | 6 +++ drivers/scsi/qla2xxx/qla_target.c | 3 + kernel/events/core.c | 14 +++++++ net/key/af_key.c | 6 ++- net/mac80211/rx.c | 3 - net/nfc/nci/data.c | 2 - net/nfc/nci/hci.c | 4 +- sound/isa/wavefront/wavefront_synth.c | 3 + tools/perf/bench/numa.c | 2 - 28 files changed, 133 insertions(+), 61 deletions(-) Ard Biesheuvel (2): ARM: 9196/1: spectre-bhb: enable for Cortex-A15 ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 Christophe JAILLET (1): net/qla3xxx: Fix a test in ql_reset_work() David Gow (1): um: Cleanup syscall_handler_t definition/cast, fix warning Duoming Zhou (1): NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc Felix Fietkau (1): mac80211: fix rx reordering with non explicit / psmp ack policy Gleb Chesnokov (1): scsi: qla2xxx: Fix missed DMA unmap for aborted commands Greg Kroah-Hartman (1): Linux 4.9.316 Hangyu Hua (1): drm/dp/mst: fix a possible memory leak in fetch_monitor_name() Jakob Koschel (1): drbd: remove usage of list iterator variable after loop Jeff LaBundy (1): Input: add bounds checking to input_set_capability() Jiasheng Jiang (1): net: af_key: add check for pfkey_broadcast in function pfkey_process Kevin Mitchell (1): igb: skip phy status check where unavailable Peter Zijlstra (1): perf: Fix sys_perf_event_open() race against self Takashi Iwai (1): ALSA: wavefront: Proper check of get_user() error Thomas Richter (1): perf bench numa: Address compiler error on s390 Ulf Hansson (3): mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() Willy Tarreau (1): floppy: use a statically allocated error counter Xiaoke Wang (1): MIPS: lantiq: check the return value of kzalloc() Yang Yingliang (2): ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() Zixuan Fu (2): net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() linyujun (1): ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()

2 years, 7 months

1
1
0 0

FAILED: patch "[PATCH] lockdown: also lock down previous kgdb use" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From eadb2f47a3ced5c64b23b90fd2a3463f63726066 Mon Sep 17 00:00:00 2001 From: Daniel Thompson <daniel.thompson(a)linaro.org> Date: Mon, 23 May 2022 19:11:02 +0100 Subject: [PATCH] lockdown: also lock down previous kgdb use KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port (for example, via a hypervisor console, which some cloud vendors provide over the network) could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. Fix this by integrating lockdown into kdb's existing permissions mechanism. Unfortunately kgdb does not have any permissions mechanism (although it certainly could be added later) so, for now, kgdb is simply and brutally disabled by immediately exiting the gdb stub without taking any action. For lockdowns established early in the boot (e.g. the normal case) then this should be fine but on systems where kgdb has set breakpoints before the lockdown is enacted than "bad things" will happen. CVE: CVE-2022-21499 Co-developed-by: Stephen Brennan <stephen.s.brennan(a)oracle.com> Signed-off-by: Stephen Brennan <stephen.s.brennan(a)oracle.com> Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Daniel Thompson <daniel.thompson(a)linaro.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/include/linux/security.h b/include/linux/security.h index 25b3ef71f495..7fc4e9f49f54 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -121,10 +121,12 @@ enum lockdown_reason { LOCKDOWN_DEBUGFS, LOCKDOWN_XMON_WR, LOCKDOWN_BPF_WRITE_USER, + LOCKDOWN_DBG_WRITE_KERNEL, LOCKDOWN_INTEGRITY_MAX, LOCKDOWN_KCORE, LOCKDOWN_KPROBES, LOCKDOWN_BPF_READ_KERNEL, + LOCKDOWN_DBG_READ_KERNEL, LOCKDOWN_PERF, LOCKDOWN_TRACEFS, LOCKDOWN_XMON_RW, diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c index da06a5553835..7beceb447211 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c @@ -53,6 +53,7 @@ #include <linux/vmacache.h> #include <linux/rcupdate.h> #include <linux/irq.h> +#include <linux/security.h> #include <asm/cacheflush.h> #include <asm/byteorder.h> @@ -752,6 +753,29 @@ cpu_master_loop: continue; kgdb_connected = 0; } else { + /* + * This is a brutal way to interfere with the debugger + * and prevent gdb being used to poke at kernel memory. + * This could cause trouble if lockdown is applied when + * there is already an active gdb session. For now the + * answer is simply "don't do that". Typically lockdown + * *will* be applied before the debug core gets started + * so only developers using kgdb for fairly advanced + * early kernel debug can be biten by this. Hopefully + * they are sophisticated enough to take care of + * themselves, especially with help from the lockdown + * message printed on the console! + */ + if (security_locked_down(LOCKDOWN_DBG_WRITE_KERNEL)) { + if (IS_ENABLED(CONFIG_KGDB_KDB)) { + /* Switch back to kdb if possible... */ + dbg_kdb_mode = 1; + continue; + } else { + /* ... otherwise just bail */ + break; + } + } error = gdb_serial_stub(ks); } diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c index 0852a537dad4..ead4da947127 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -45,6 +45,7 @@ #include <linux/proc_fs.h> #include <linux/uaccess.h> #include <linux/slab.h> +#include <linux/security.h> #include "kdb_private.h" #undef MODULE_PARAM_PREFIX @@ -166,10 +167,62 @@ struct task_struct *kdb_curr_task(int cpu) } /* - * Check whether the flags of the current command and the permissions - * of the kdb console has allow a command to be run. + * Update the permissions flags (kdb_cmd_enabled) to match the + * current lockdown state. + * + * Within this function the calls to security_locked_down() are "lazy". We + * avoid calling them if the current value of kdb_cmd_enabled already excludes + * flags that might be subject to lockdown. Additionally we deliberately check + * the lockdown flags independently (even though read lockdown implies write + * lockdown) since that results in both simpler code and clearer messages to + * the user on first-time debugger entry. + * + * The permission masks during a read+write lockdown permits the following + * flags: INSPECT, SIGNAL, REBOOT (and ALWAYS_SAFE). + * + * The INSPECT commands are not blocked during lockdown because they are + * not arbitrary memory reads. INSPECT covers the backtrace family (sometimes + * forcing them to have no arguments) and lsmod. These commands do expose + * some kernel state but do not allow the developer seated at the console to + * choose what state is reported. SIGNAL and REBOOT should not be controversial, + * given these are allowed for root during lockdown already. + */ +static void kdb_check_for_lockdown(void) +{ + const int write_flags = KDB_ENABLE_MEM_WRITE | + KDB_ENABLE_REG_WRITE | + KDB_ENABLE_FLOW_CTRL; + const int read_flags = KDB_ENABLE_MEM_READ | + KDB_ENABLE_REG_READ; + + bool need_to_lockdown_write = false; + bool need_to_lockdown_read = false; + + if (kdb_cmd_enabled & (KDB_ENABLE_ALL | write_flags)) + need_to_lockdown_write = + security_locked_down(LOCKDOWN_DBG_WRITE_KERNEL); + + if (kdb_cmd_enabled & (KDB_ENABLE_ALL | read_flags)) + need_to_lockdown_read = + security_locked_down(LOCKDOWN_DBG_READ_KERNEL); + + /* De-compose KDB_ENABLE_ALL if required */ + if (need_to_lockdown_write || need_to_lockdown_read) + if (kdb_cmd_enabled & KDB_ENABLE_ALL) + kdb_cmd_enabled = KDB_ENABLE_MASK & ~KDB_ENABLE_ALL; + + if (need_to_lockdown_write) + kdb_cmd_enabled &= ~write_flags; + + if (need_to_lockdown_read) + kdb_cmd_enabled &= ~read_flags; +} + +/* + * Check whether the flags of the current command, the permissions of the kdb + * console and the lockdown state allow a command to be run. */ -static inline bool kdb_check_flags(kdb_cmdflags_t flags, int permissions, +static bool kdb_check_flags(kdb_cmdflags_t flags, int permissions, bool no_args) { /* permissions comes from userspace so needs massaging slightly */ @@ -1180,6 +1233,9 @@ static int kdb_local(kdb_reason_t reason, int error, struct pt_regs *regs, kdb_curr_task(raw_smp_processor_id()); KDB_DEBUG_STATE("kdb_local 1", reason); + + kdb_check_for_lockdown(); + kdb_go_count = 0; if (reason == KDB_REASON_DEBUG) { /* special case below */ diff --git a/security/security.c b/security/security.c index b7cf5cbfdc67..aaf6566deb9f 100644 --- a/security/security.c +++ b/security/security.c @@ -59,10 +59,12 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { [LOCKDOWN_DEBUGFS] = "debugfs access", [LOCKDOWN_XMON_WR] = "xmon write access", [LOCKDOWN_BPF_WRITE_USER] = "use of bpf to write user RAM", + [LOCKDOWN_DBG_WRITE_KERNEL] = "use of kgdb/kdb to write kernel RAM", [LOCKDOWN_INTEGRITY_MAX] = "integrity", [LOCKDOWN_KCORE] = "/proc/kcore access", [LOCKDOWN_KPROBES] = "use of kprobes", [LOCKDOWN_BPF_READ_KERNEL] = "use of bpf to read kernel RAM", + [LOCKDOWN_DBG_READ_KERNEL] = "use of kgdb/kdb to read kernel RAM", [LOCKDOWN_PERF] = "unsafe use of perf", [LOCKDOWN_TRACEFS] = "use of tracefs", [LOCKDOWN_XMON_RW] = "xmon read and write access",

2 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] lockdown: also lock down previous kgdb use" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From eadb2f47a3ced5c64b23b90fd2a3463f63726066 Mon Sep 17 00:00:00 2001 From: Daniel Thompson <daniel.thompson(a)linaro.org> Date: Mon, 23 May 2022 19:11:02 +0100 Subject: [PATCH] lockdown: also lock down previous kgdb use KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port (for example, via a hypervisor console, which some cloud vendors provide over the network) could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. Fix this by integrating lockdown into kdb's existing permissions mechanism. Unfortunately kgdb does not have any permissions mechanism (although it certainly could be added later) so, for now, kgdb is simply and brutally disabled by immediately exiting the gdb stub without taking any action. For lockdowns established early in the boot (e.g. the normal case) then this should be fine but on systems where kgdb has set breakpoints before the lockdown is enacted than "bad things" will happen. CVE: CVE-2022-21499 Co-developed-by: Stephen Brennan <stephen.s.brennan(a)oracle.com> Signed-off-by: Stephen Brennan <stephen.s.brennan(a)oracle.com> Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Daniel Thompson <daniel.thompson(a)linaro.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/include/linux/security.h b/include/linux/security.h index 25b3ef71f495..7fc4e9f49f54 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -121,10 +121,12 @@ enum lockdown_reason { LOCKDOWN_DEBUGFS, LOCKDOWN_XMON_WR, LOCKDOWN_BPF_WRITE_USER, + LOCKDOWN_DBG_WRITE_KERNEL, LOCKDOWN_INTEGRITY_MAX, LOCKDOWN_KCORE, LOCKDOWN_KPROBES, LOCKDOWN_BPF_READ_KERNEL, + LOCKDOWN_DBG_READ_KERNEL, LOCKDOWN_PERF, LOCKDOWN_TRACEFS, LOCKDOWN_XMON_RW, diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c index da06a5553835..7beceb447211 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c @@ -53,6 +53,7 @@ #include <linux/vmacache.h> #include <linux/rcupdate.h> #include <linux/irq.h> +#include <linux/security.h> #include <asm/cacheflush.h> #include <asm/byteorder.h> @@ -752,6 +753,29 @@ cpu_master_loop: continue; kgdb_connected = 0; } else { + /* + * This is a brutal way to interfere with the debugger + * and prevent gdb being used to poke at kernel memory. + * This could cause trouble if lockdown is applied when + * there is already an active gdb session. For now the + * answer is simply "don't do that". Typically lockdown + * *will* be applied before the debug core gets started + * so only developers using kgdb for fairly advanced + * early kernel debug can be biten by this. Hopefully + * they are sophisticated enough to take care of + * themselves, especially with help from the lockdown + * message printed on the console! + */ + if (security_locked_down(LOCKDOWN_DBG_WRITE_KERNEL)) { + if (IS_ENABLED(CONFIG_KGDB_KDB)) { + /* Switch back to kdb if possible... */ + dbg_kdb_mode = 1; + continue; + } else { + /* ... otherwise just bail */ + break; + } + } error = gdb_serial_stub(ks); } diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c index 0852a537dad4..ead4da947127 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -45,6 +45,7 @@ #include <linux/proc_fs.h> #include <linux/uaccess.h> #include <linux/slab.h> +#include <linux/security.h> #include "kdb_private.h" #undef MODULE_PARAM_PREFIX @@ -166,10 +167,62 @@ struct task_struct *kdb_curr_task(int cpu) } /* - * Check whether the flags of the current command and the permissions - * of the kdb console has allow a command to be run. + * Update the permissions flags (kdb_cmd_enabled) to match the + * current lockdown state. + * + * Within this function the calls to security_locked_down() are "lazy". We + * avoid calling them if the current value of kdb_cmd_enabled already excludes + * flags that might be subject to lockdown. Additionally we deliberately check + * the lockdown flags independently (even though read lockdown implies write + * lockdown) since that results in both simpler code and clearer messages to + * the user on first-time debugger entry. + * + * The permission masks during a read+write lockdown permits the following + * flags: INSPECT, SIGNAL, REBOOT (and ALWAYS_SAFE). + * + * The INSPECT commands are not blocked during lockdown because they are + * not arbitrary memory reads. INSPECT covers the backtrace family (sometimes + * forcing them to have no arguments) and lsmod. These commands do expose + * some kernel state but do not allow the developer seated at the console to + * choose what state is reported. SIGNAL and REBOOT should not be controversial, + * given these are allowed for root during lockdown already. + */ +static void kdb_check_for_lockdown(void) +{ + const int write_flags = KDB_ENABLE_MEM_WRITE | + KDB_ENABLE_REG_WRITE | + KDB_ENABLE_FLOW_CTRL; + const int read_flags = KDB_ENABLE_MEM_READ | + KDB_ENABLE_REG_READ; + + bool need_to_lockdown_write = false; + bool need_to_lockdown_read = false; + + if (kdb_cmd_enabled & (KDB_ENABLE_ALL | write_flags)) + need_to_lockdown_write = + security_locked_down(LOCKDOWN_DBG_WRITE_KERNEL); + + if (kdb_cmd_enabled & (KDB_ENABLE_ALL | read_flags)) + need_to_lockdown_read = + security_locked_down(LOCKDOWN_DBG_READ_KERNEL); + + /* De-compose KDB_ENABLE_ALL if required */ + if (need_to_lockdown_write || need_to_lockdown_read) + if (kdb_cmd_enabled & KDB_ENABLE_ALL) + kdb_cmd_enabled = KDB_ENABLE_MASK & ~KDB_ENABLE_ALL; + + if (need_to_lockdown_write) + kdb_cmd_enabled &= ~write_flags; + + if (need_to_lockdown_read) + kdb_cmd_enabled &= ~read_flags; +} + +/* + * Check whether the flags of the current command, the permissions of the kdb + * console and the lockdown state allow a command to be run. */ -static inline bool kdb_check_flags(kdb_cmdflags_t flags, int permissions, +static bool kdb_check_flags(kdb_cmdflags_t flags, int permissions, bool no_args) { /* permissions comes from userspace so needs massaging slightly */ @@ -1180,6 +1233,9 @@ static int kdb_local(kdb_reason_t reason, int error, struct pt_regs *regs, kdb_curr_task(raw_smp_processor_id()); KDB_DEBUG_STATE("kdb_local 1", reason); + + kdb_check_for_lockdown(); + kdb_go_count = 0; if (reason == KDB_REASON_DEBUG) { /* special case below */ diff --git a/security/security.c b/security/security.c index b7cf5cbfdc67..aaf6566deb9f 100644 --- a/security/security.c +++ b/security/security.c @@ -59,10 +59,12 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { [LOCKDOWN_DEBUGFS] = "debugfs access", [LOCKDOWN_XMON_WR] = "xmon write access", [LOCKDOWN_BPF_WRITE_USER] = "use of bpf to write user RAM", + [LOCKDOWN_DBG_WRITE_KERNEL] = "use of kgdb/kdb to write kernel RAM", [LOCKDOWN_INTEGRITY_MAX] = "integrity", [LOCKDOWN_KCORE] = "/proc/kcore access", [LOCKDOWN_KPROBES] = "use of kprobes", [LOCKDOWN_BPF_READ_KERNEL] = "use of bpf to read kernel RAM", + [LOCKDOWN_DBG_READ_KERNEL] = "use of kgdb/kdb to read kernel RAM", [LOCKDOWN_PERF] = "unsafe use of perf", [LOCKDOWN_TRACEFS] = "use of tracefs", [LOCKDOWN_XMON_RW] = "xmon read and write access",

2 years, 7 months

1
0
0 0

[PATCH AUTOSEL 5.17 01/12] ALSA: usb-audio: Don't get sample rate for MCT Trigger 5 USB-to-HDMI

by Sasha Levin

From: Forest Crossman <cyrozap(a)gmail.com> [ Upstream commit d7be213849232a2accb219d537edf056d29186b4 ] This device doesn't support reading the sample rate, so we need to apply this quirk to avoid a 15-second delay waiting for three timeouts. Signed-off-by: Forest Crossman <cyrozap(a)gmail.com> Link: https://lore.kernel.org/r/20220504002444.114011-2-cyrozap@gmail.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/usb/quirks.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c index ab9f3da49941..fbbe59054c3f 100644 --- a/sound/usb/quirks.c +++ b/sound/usb/quirks.c @@ -1822,6 +1822,8 @@ static const struct usb_audio_quirk_flags_table quirk_flags_table[] = { QUIRK_FLAG_IGNORE_CTL_ERROR), DEVICE_FLG(0x06f8, 0xd002, /* Hercules DJ Console (Macintosh Edition) */ QUIRK_FLAG_IGNORE_CTL_ERROR), + DEVICE_FLG(0x0711, 0x5800, /* MCT Trigger 5 USB-to-HDMI */ + QUIRK_FLAG_GET_SAMPLE_RATE), DEVICE_FLG(0x074d, 0x3553, /* Outlaw RR2150 (Micronas UAC3553B) */ QUIRK_FLAG_GET_SAMPLE_RATE), DEVICE_FLG(0x08bb, 0x2702, /* LineX FM Transmitter */ -- 2.35.1

2 years, 7 months

3
16
0 0

[PATCH 4.14] x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests

by Thomas Gleixner

commit 7e0815b3e09986d2fe651199363e135b9358132a upstream. When a XEN_HVM guest uses the XEN PIRQ/Eventchannel mechanism, then PCI/MSI[-X] masking is solely controlled by the hypervisor, but contrary to XEN_PV guests this does not disable PCI/MSI[-X] masking in the PCI/MSI layer. This can lead to a situation where the PCI/MSI layer masks an MSI[-X] interrupt and the hypervisor grants the write despite the fact that it already requested the interrupt. As a consequence interrupt delivery on the affected device is not happening ever. Set pci_msi_ignore_mask to prevent that like it's done for XEN_PV guests already. Fixes: 809f9267bbab ("xen: map MSIs into pirqs") Reported-by: Jeremi Piotrowski <jpiotrowski(a)linux.microsoft.com> Reported-by: Dusty Mabe <dustymabe(a)redhat.com> Reported-by: Salvatore Bonaccorso <carnil(a)debian.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Noah Meyerhans <noahm(a)debian.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/87tuaduxj5.ffs@tglx [nmeyerha(a)amazon.com: backported to 4.14] Signed-off-by: Noah Meyerhans <nmeyerha(a)amazon.com> --- arch/x86/pci/xen.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c index c4b3646bd04c..7135f35f9de7 100644 --- a/arch/x86/pci/xen.c +++ b/arch/x86/pci/xen.c @@ -442,6 +442,11 @@ void __init xen_msi_init(void) x86_msi.setup_msi_irqs = xen_hvm_setup_msi_irqs; x86_msi.teardown_msi_irq = xen_teardown_msi_irq; + /* + * With XEN PIRQ/Eventchannels in use PCI/MSI[-X] masking is solely + * controlled by the hypervisor. + */ + pci_msi_ignore_mask = 1; } #endif -- 2.25.1

2 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2022