June 2023 - Linux-stable-mirror

[PATCH 6.1] xfs: verify buffer contents when we skip log replay

by Amir Goldstein

From: "Darrick J. Wong" <djwong(a)kernel.org> commit 22ed903eee23a5b174e240f1cdfa9acf393a5210 upstream. syzbot detected a crash during log recovery: XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 XFS (loop0): Torn write (CRC failure) detected at log block 0x180. Truncating head block from 0x200. XFS (loop0): Starting recovery (logdev: internal) ================================================================== BUG: KASAN: slab-out-of-bounds in xfs_btree_lookup_get_block+0x15c/0x6d0 fs/xfs/libxfs/xfs_btree.c:1813 Read of size 8 at addr ffff88807e89f258 by task syz-executor132/5074 CPU: 0 PID: 5074 Comm: syz-executor132 Not tainted 6.2.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106 print_address_description+0x74/0x340 mm/kasan/report.c:306 print_report+0x107/0x1f0 mm/kasan/report.c:417 kasan_report+0xcd/0x100 mm/kasan/report.c:517 xfs_btree_lookup_get_block+0x15c/0x6d0 fs/xfs/libxfs/xfs_btree.c:1813 xfs_btree_lookup+0x346/0x12c0 fs/xfs/libxfs/xfs_btree.c:1913 xfs_btree_simple_query_range+0xde/0x6a0 fs/xfs/libxfs/xfs_btree.c:4713 xfs_btree_query_range+0x2db/0x380 fs/xfs/libxfs/xfs_btree.c:4953 xfs_refcount_recover_cow_leftovers+0x2d1/0xa60 fs/xfs/libxfs/xfs_refcount.c:1946 xfs_reflink_recover_cow+0xab/0x1b0 fs/xfs/xfs_reflink.c:930 xlog_recover_finish+0x824/0x920 fs/xfs/xfs_log_recover.c:3493 xfs_log_mount_finish+0x1ec/0x3d0 fs/xfs/xfs_log.c:829 xfs_mountfs+0x146a/0x1ef0 fs/xfs/xfs_mount.c:933 xfs_fs_fill_super+0xf95/0x11f0 fs/xfs/xfs_super.c:1666 get_tree_bdev+0x400/0x620 fs/super.c:1282 vfs_get_tree+0x88/0x270 fs/super.c:1489 do_new_mount+0x289/0xad0 fs/namespace.c:3145 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f89fa3f4aca Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fffd5fb5ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f89fa3f4aca RDX: 0000000020000100 RSI: 0000000020009640 RDI: 00007fffd5fb5f10 RBP: 00007fffd5fb5f10 R08: 00007fffd5fb5f50 R09: 000000000000970d R10: 0000000000200800 R11: 0000000000000206 R12: 0000000000000004 R13: 0000555556c6b2c0 R14: 0000000000200800 R15: 00007fffd5fb5f50 </TASK> The fuzzed image contains an AGF with an obviously garbage agf_refcount_level value of 32, and a dirty log with a buffer log item for that AGF. The ondisk AGF has a higher LSN than the recovered log item. xlog_recover_buf_commit_pass2 reads the buffer, compares the LSNs, and decides to skip replay because the ondisk buffer appears to be newer. Unfortunately, the ondisk buffer is corrupt, but recovery just read the buffer with no buffer ops specified: error = xfs_buf_read(mp->m_ddev_targp, buf_f->blf_blkno, buf_f->blf_len, buf_flags, &bp, NULL); Skipping the buffer leaves its contents in memory unverified. This sets us up for a kernel crash because xfs_refcount_recover_cow_leftovers reads the buffer (which is still around in XBF_DONE state, so no read verification) and creates a refcountbt cursor of height 32. This is impossible so we run off the end of the cursor object and crash. Fix this by invoking the verifier on all skipped buffers and aborting log recovery if the ondisk buffer is corrupt. It might be smarter to force replay the log item atop the buffer and then see if it'll pass the write verifier (like ext4 does) but for now let's go with the conservative option where we stop immediately. Link: https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> Reviewed-by: Dave Chinner <dchinner(a)redhat.com> Signed-off-by: Dave Chinner <david(a)fromorbit.com> Reported-by: Danila Chernetsov <listdansp(a)mail.ru> Link: https://lore.kernel.org/linux-xfs/20230601164439.15404-1-listdansp@mail.ru Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> Acked-by: Darrick J. Wong <djwong(a)kernel.org> --- Greg, This is the backport proposed by Danila for 5.10.y. I've already tested it on 6.1.y as well as 5.10.y, but waiting for Leah to test 5.15.y before requesting apply to 5.10.y. Thanks, Amir. fs/xfs/xfs_buf_item_recover.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/fs/xfs/xfs_buf_item_recover.c b/fs/xfs/xfs_buf_item_recover.c index ffa94102094d..43167f543afc 100644 --- a/fs/xfs/xfs_buf_item_recover.c +++ b/fs/xfs/xfs_buf_item_recover.c @@ -943,6 +943,16 @@ xlog_recover_buf_commit_pass2( if (lsn && lsn != -1 && XFS_LSN_CMP(lsn, current_lsn) >= 0) { trace_xfs_log_recover_buf_skip(log, buf_f); xlog_recover_validate_buf_type(mp, bp, buf_f, NULLCOMMITLSN); + + /* + * We're skipping replay of this buffer log item due to the log + * item LSN being behind the ondisk buffer. Verify the buffer + * contents since we aren't going to run the write verifier. + */ + if (bp->b_ops) { + bp->b_ops->verify_read(bp); + error = bp->b_error; + } goto out_release; } -- 2.34.1

1 year, 10 months

2
5
0 0

[PATCH 5.15 000/159] 5.15.116-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.116 release. There are 159 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 09 Jun 2023 20:07:31 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.116-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.116-rc1 Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Do not generate SW completions for NOPs Shiraz Saleem <shiraz.saleem(a)intel.com> RDMA/irdma: Fix drain SQ hang with no completion Arnd Bergmann <arnd(a)arndb.de> ARM: defconfig: drop CONFIG_DRM_RCAR_LVDS Theodore Ts'o <tytso(a)mit.edu> ext4: enable the lazy init thread when remounting read/write Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: join: skip if MPTCP is not supported Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: simult flows: skip if MPTCP is not supported Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: diag: skip if MPTCP is not supported Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> drm/amdgpu/gfx10: Disable gfxoff before disabling powergating. Ben Hutchings <benh(a)debian.org> scsi: dpt_i2o: Do not process completions with invalid addresses Ben Hutchings <benh(a)debian.org> scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD) Arnd Bergmann <arnd(a)arndb.de> drm/rcar: stop using 'imply' for dependencies Lino Sanfilippo <l.sanfilippo(a)kunbus.com> tpm, tpm_tis: Request threaded interrupt handler Jim Wylder <jwylder(a)google.com> regmap: Account for register length when chunking Roberto Sassu <roberto.sassu(a)huawei.com> KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix incorrect AllocationSize set in smb2_get_info Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix credit count leakage Sean Christopherson <seanjc(a)google.com> KVM: x86: Account fastpath-only VM-Exits in vCPU stats Mirsad Goran Todorovac <mirsad.todorovac(a)alu.unizg.hr> test_firmware: fix the memory leak of the allocated firmware buffer Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() Helge Deller <deller(a)gmx.de> fbcon: Fix null-ptr-deref in soft_cursor Theodore Ts'o <tytso(a)mit.edu> ext4: add lockdep annotations for i_data_sem for ea_inode's Theodore Ts'o <tytso(a)mit.edu> ext4: disallow ea_inodes with extended attributes Theodore Ts'o <tytso(a)mit.edu> ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() Theodore Ts'o <tytso(a)mit.edu> ext4: add EA_INODE checking to ext4_iget() Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: sockopt: skip if MPTCP is not supported Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: pm nl: skip if MPTCP is not supported Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: connect: skip if MPTCP is not supported Pietro Borrello <borrello(a)diag.uniroma1.it> tracing/probe: trace_probe_primary_from_call(): checked list_first_entry Paul Moore <paul(a)paul-moore.com> selinux: don't use make's grouped targets feature yet Damien Le Moal <dlemoal(a)kernel.org> block: fix revalidate performance regression Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM Frank Li <Frank.Li(a)nxp.com> usb: cdns3: allocate TX FIFO size according to composite EP number Jon Pan-Doh <pandoh(a)google.com> iommu/amd: Fix domain flush size when syncing iotlb Gaurav Batra <gbatra(a)linux.vnet.ibm.com> powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall pengfuyuan <pengfuyuan(a)kylinos.cn> btrfs: fix csum_tree_block page iteration to avoid tripping on -Werror=array-bounds Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK Marek Vasut <marex(a)denx.de> mmc: pwrseq: sd8787: Fix WILC CHIP_EN and RESETN toggling order Deren Wu <deren.wu(a)mediatek.com> mmc: vub300: fix invalid response handling Jiri Slaby (SUSE) <jirislaby(a)kernel.org> block/blk-iocost (gcc13): keep large values in a new enum Kees Cook <keescook(a)chromium.org> ath6kl: Use struct_group() to avoid size-mismatched casting Kees Cook <keescook(a)chromium.org> x86/boot: Wrap literal addresses in absolute_pointer() Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: reverse mclk and fclk clocks levels for renoir Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: reverse mclk and fclk clocks levels for vangogh Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Use correct device no in ata_find_dev() Bart Van Assche <bvanassche(a)acm.org> scsi: stex: Fix gcc 13 warnings Richard Acayan <mailingradian(a)gmail.com> misc: fastrpc: reject new invocations during device removal Richard Acayan <mailingradian(a)gmail.com> misc: fastrpc: return -EPIPE to invocations on device removal Yu Kuai <yukuai3(a)huawei.com> md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> usb: gadget: f_fs: Add unbind event before functionfs_unbind Marek Vasut <marex(a)denx.de> dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type Sebastian Krzyszkowiak <sebastian.krzyszkowiak(a)puri.sm> net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 Lukas Bulwahn <lukas.bulwahn(a)gmail.com> iio: dac: build ad5758 driver when AD5758 is selected Paul Cercueil <paul(a)crapouillou.net> iio: adc: ad7192: Change "shorted" channels to differential Marek Vasut <marex(a)denx.de> iio: dac: mcp4725: Fix i2c_master_send() return value handling Masahiro Honda <honda(a)mechatrax.com> iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag Frank Li <Frank.Li(a)nxp.com> iio: light: vcnl4035: fixed chip ID check Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: fix timestamp reset Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> HID: wacom: avoid integer overflow in wacom_intuos_inout() Sung-Chi Li <lschyi(a)chromium.org> HID: google: add jewel USB id Jiakai Luo <jkluo(a)hust.edu.cn> iio: adc: mxs-lradc: fix the order of two cleanup operations Hans de Goede <hdegoede(a)redhat.com> iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: uvcvideo: Don't expose unsupported formats to userspace Dan Carpenter <dan.carpenter(a)linaro.org> mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() Daniel Smith <dansmith(a)ds.gy> nvme-pci: Add quirk for Teamgroup MP33 SSD Guchun Chen <guchun.chen(a)amd.com> drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged Arnd Bergmann <arnd(a)arndb.de> atm: hide unused procfs functions Rob Clark <robdclark(a)chromium.org> drm/msm: Be more shouty if per-process pgtables aren't working Arnd Bergmann <arnd(a)arndb.de> ALSA: oss: avoid missing-prototype warnings Christoph Hellwig <hch(a)lst.de> nvme-multipath: don't call blk_mark_disk_dead in nvme_mpath_remove_disk Tom Rix <trix(a)redhat.com> netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT Arnd Bergmann <arnd(a)arndb.de> wifi: b43: fix incorrect __packed annotation Wenchao Hao <haowenchao2(a)huawei.com> scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: simplify chanctx allocation Linus Walleij <linus.walleij(a)linaro.org> arm64: vdso: Pass (void *) to virt_to_page() Min-Hua Chen <minhuadotchen(a)gmail.com> arm64/mm: mark private VM_FAULT_X defines as vm_fault_t Dario Binacchi <dario.binacchi(a)amarulasolutions.com> ARM: dts: stm32: add pin map for CAN controller on stm32f7 Yun Lu <luyun(a)kylinos.cn> wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value Rubén Gómez <mrgommer(a)proton.me> ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P Alexander Gordeev <agordeev(a)linux.ibm.com> s390/topology: honour nr_cpu_ids when adding CPUs Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: zeroize key blobs Hyunwoo Kim <v4bel(a)theori.io> media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 Takashi Iwai <tiwai(a)suse.de> media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() Hyunwoo Kim <imv4bel(a)gmail.com> media: dvb-core: Fix use-after-free due to race at dvb_register_device() Hyunwoo Kim <imv4bel(a)gmail.com> media: dvb-core: Fix use-after-free due on race condition at dvb_net Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table Hyunwoo Kim <imv4bel(a)gmail.com> media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() YongSu Yoo <yongsuyoo0215(a)gmail.com> media: dvb_ca_en50221: fix a size write bug Wei Chen <harperchen1110(a)gmail.com> media: netup_unidvb: fix irq init by register it at the end of probe Wei Chen <harperchen1110(a)gmail.com> media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address Wei Chen <harperchen1110(a)gmail.com> media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() Zhang Shurong <zhang_shurong(a)foxmail.com> media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer Wei Chen <harperchen1110(a)gmail.com> media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() Wei Chen <harperchen1110(a)gmail.com> media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() Wei Chen <harperchen1110(a)gmail.com> media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() YongSu Yoo <yongsuyoo0215(a)gmail.com> media: dvb_demux: fix a bug for the continuity counter Paweł Anikiel <pan(a)semihalf.com> ASoC: ssm2602: Add workaround for playback distortions Martin Povišer <povik+lin(a)cutebit.org> ASoC: dt-bindings: Adjust #sound-dai-cells on TI's single-DAI codecs Benedict Wong <benedictwong(a)google.com> xfrm: Check if_id in inbound policy/secpath match Johannes Berg <johannes.berg(a)intel.com> um: harddog: fix modular build Maxim Kochetkov <fido_max(a)inbox.ru> ASoC: dwc: limit the number of overrun messages Hristo Venev <hristo(a)venev.name> nvme-pci: add quirk for missing secondary temperature thresholds Sagi Grimberg <sagi(a)grimberg.me> nvme-pci: add NVME_QUIRK_BOGUS_NID for HS-SSD-FUTURE 2048G Guoqing Jiang <guoqing.jiang(a)linux.dev> block/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE Ivan Orlov <ivan.orlov0322(a)gmail.com> nbd: Fix debugfs_create_dir error checking Helge Deller <deller(a)gmx.de> fbdev: stifb: Fix info entry in sti_struct on error path Helge Deller <deller(a)gmx.de> fbdev: modedb: Add 1920x1080 at 60 Hz video mode Zheng Wang <zyytlz.wz(a)163.com> fbdev: imsttfb: Fix use after free bug in imsttfb_probe Bob Peterson <rpeterso(a)redhat.com> gfs2: Don't deref jdesc in evict Julian Winkler <julian.winkler1(a)web.de> platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE Haibo Li <haibo.li(a)mediatek.com> ARM: 9295/1: unwind:fix unwind abort for uleb128 case Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction when sibling keys check fails for leaves Jammy Huang <jammy_huang(a)aspeedtech.com> drm/ast: Fix ARM compatibility Lee Jones <lee(a)kernel.org> mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() lyndonli <Lyndon.Li(a)amd.com> drm/amdgpu: Use the default reset when loading or reloading the driver jasontao <jasontao(a)glenfly.com> ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs. Johannes Thumshirn <jth(a)kernel.org> watchdog: menz069_wdt: fix watchdog initialisation Chong Li <chongli2(a)amd.com> drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" Xin Long <lucien.xin(a)gmail.com> rtnetlink: call validate_linkmsg in rtnl_create_link Chris Packham <chris.packham(a)alliedtelesis.co.nz> mtd: rawnand: marvell: don't set the NAND frequency select Chris Packham <chris.packham(a)alliedtelesis.co.nz> mtd: rawnand: marvell: ensure timing values are written Andreas Svensson <andreas.svensson(a)axis.com> net: dsa: mv88e6xxx: Increase wait after reset deactivation Hangyu Hua <hbh25y(a)gmail.com> net/sched: flower: fix possible OOB write in fl_set_geneve_opt() Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Read embedded cpu after init bit cleared Saeed Mahameed <saeedm(a)nvidia.com> net/mlx5e: Fix error handling in mlx5e_refresh_tirs Vladislav Efanov <VEfanov(a)ispras.ru> udp6: Fix race condition in udp6_sendmsg & connect Pedro Tammela <pctammela(a)mojatatu.com> net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report Zhengchao Shao <shaozhengchao(a)huawei.com> net: sched: fix NULL pointer dereference in mq_attach Peilin Ye <peilin.ye(a)bytedance.com> net/sched: Prohibit regrafting ingress or clsact Qdiscs Peilin Ye <peilin.ye(a)bytedance.com> net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs Peilin Ye <peilin.ye(a)bytedance.com> net/sched: sch_clsact: Only create under TC_H_CLSACT Peilin Ye <peilin.ye(a)bytedance.com> net/sched: sch_ingress: Only create under TC_H_INGRESS Cambda Zhu <cambda(a)linux.alibaba.com> tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set Eric Dumazet <edumazet(a)google.com> tcp: deny tcp_disconnect() when threads are waiting Eric Dumazet <edumazet(a)google.com> af_packet: do not use READ_ONCE() in packet_bind() Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Fix Local Invalidate fencing Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Prevent QP use after free Mustafa Ismail <mustafa.ismail(a)intel.com> RDMA/irdma: Add SW mechanism to generate completions on error Arnd Bergmann <arnd(a)arndb.de> mtd: rawnand: ingenic: fix empty stub helper definitions Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: fix the false linkup in xgbe_phy_status Kuniyuki Iwashima <kuniyu(a)amazon.com> af_packet: Fix data-races of pkt_sk(sk)->num. Eric Dumazet <edumazet(a)google.com> netrom: fix info-leak in nr_write_internal() Thomas Bogendoerfer <tbogendoerfer(a)suse.de> net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure Dmytro Linkin <dlinkin(a)nvidia.com> net/mlx5e: Don't attach netdev profile while handling internal error Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Fix event handling Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix unused variable warning when BUILTIN_DTB is set Randy Dunlap <rdunlap(a)infradead.org> dmaengine: pl330: rename _start to prevent build error Joao Martins <joao.m.martins(a)oracle.com> iommu/amd: Don't block updates to GATag if guest mode is on Chao Wang <D202280639(a)hust.edu.cn> iommu/rockchip: Fix unwind goto issue Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix a possible memory leak Dan Carpenter <dan.carpenter(a)linaro.org> dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() Tudor Ambarus <tudor.ambarus(a)microchip.com> dmaengine: at_xdmac: Move the free desc to the tail of the desc list Yangyang Li <liyangyang20(a)huawei.com> RDMA/hns: Modify the value of long message loopback slice Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix base address table allocation Yonatan Nachum <ynachum(a)amazon.com> RDMA/efa: Fix unsupported page sizes in device Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the page_size used during the MR creation ------------- Diffstat: .../bindings/iio/adc/renesas,rcar-gyroadc.yaml | 2 +- .../devicetree/bindings/sound/tas2562.yaml | 6 +- .../devicetree/bindings/sound/tas2764.yaml | 6 +- .../devicetree/bindings/sound/tas2770.yaml | 6 +- .../devicetree/bindings/usb/snps,dwc3.yaml | 2 +- Makefile | 4 +- arch/arm/boot/dts/stm32f7-pinctrl.dtsi | 82 ++++++ arch/arm/configs/multi_v7_defconfig | 1 - arch/arm/kernel/unwind.c | 25 +- arch/arm64/kernel/vdso.c | 2 +- arch/arm64/mm/fault.c | 4 +- arch/powerpc/platforms/pseries/iommu.c | 13 +- arch/riscv/mm/init.c | 2 +- arch/s390/kernel/topology.c | 32 +-- arch/um/drivers/Makefile | 4 +- arch/um/drivers/harddog.h | 9 + arch/um/drivers/harddog_kern.c | 7 +- arch/um/drivers/harddog_user.c | 1 + arch/um/drivers/harddog_user_exp.c | 9 + arch/x86/boot/boot.h | 36 ++- arch/x86/boot/main.c | 2 +- arch/x86/kvm/x86.c | 3 + block/blk-iocost.c | 2 + block/blk-settings.c | 3 +- crypto/asymmetric_keys/public_key.c | 38 +-- drivers/acpi/resource.c | 12 + drivers/ata/libata-scsi.c | 34 ++- drivers/base/regmap/regmap.c | 6 +- drivers/block/nbd.c | 4 +- drivers/block/rnbd/rnbd-proto.h | 2 +- drivers/char/tpm/tpm_tis_core.c | 7 +- drivers/dma/at_xdmac.c | 26 +- drivers/dma/pl330.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 39 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 8 +- drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 10 +- drivers/gpu/drm/amd/pm/swsmu/smu12/renoir_ppt.c | 5 +- .../gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c | 5 +- drivers/gpu/drm/ast/ast_main.c | 9 +- drivers/gpu/drm/msm/msm_iommu.c | 7 +- drivers/gpu/drm/rcar-du/Kconfig | 25 +- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-ids.h | 1 + drivers/hid/wacom_wac.c | 2 +- drivers/iio/accel/st_accel_core.c | 4 +- drivers/iio/adc/ad7192.c | 8 +- drivers/iio/adc/ad_sigma_delta.c | 4 + drivers/iio/adc/mxs-lradc-adc.c | 10 +- drivers/iio/dac/Makefile | 2 +- drivers/iio/dac/mcp4725.c | 16 +- drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c | 10 +- drivers/iio/light/vcnl4035.c | 3 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 4 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 11 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 12 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 7 +- drivers/infiniband/hw/efa/efa_verbs.c | 2 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 8 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 43 ++++ drivers/infiniband/hw/irdma/hw.c | 31 ++- drivers/infiniband/hw/irdma/utils.c | 150 +++++++++++ drivers/infiniband/hw/irdma/verbs.c | 66 +++-- drivers/infiniband/hw/irdma/verbs.h | 13 +- drivers/iommu/amd/iommu.c | 5 +- drivers/iommu/rockchip-iommu.c | 14 +- drivers/mailbox/mailbox-test.c | 13 +- drivers/md/raid5.c | 2 +- drivers/media/dvb-core/dvb_ca_en50221.c | 49 +++- drivers/media/dvb-core/dvb_demux.c | 4 +- drivers/media/dvb-core/dvb_frontend.c | 16 +- drivers/media/dvb-core/dvb_net.c | 38 ++- drivers/media/dvb-core/dvbdev.c | 84 +++++-- drivers/media/dvb-frontends/mn88443x.c | 2 +- drivers/media/pci/netup_unidvb/netup_unidvb_core.c | 17 +- drivers/media/platform/rcar-vin/rcar-dma.c | 4 +- drivers/media/usb/dvb-usb-v2/ce6230.c | 8 + drivers/media/usb/dvb-usb-v2/ec168.c | 12 + drivers/media/usb/dvb-usb-v2/rtl28xxu.c | 20 ++ drivers/media/usb/dvb-usb/az6027.c | 12 + drivers/media/usb/dvb-usb/digitv.c | 4 + drivers/media/usb/dvb-usb/dw2102.c | 2 +- drivers/media/usb/ttusb-dec/ttusb_dec.c | 3 +- drivers/media/usb/uvc/uvc_driver.c | 16 +- drivers/misc/fastrpc.c | 7 +- drivers/mmc/core/pwrseq_sd8787.c | 34 ++- drivers/mmc/host/vub300.c | 3 + drivers/mtd/nand/raw/ingenic/ingenic_ecc.h | 8 +- drivers/mtd/nand/raw/marvell_nand.c | 10 +- drivers/net/dsa/mv88e6xxx/chip.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 12 +- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 2 +- .../net/ethernet/mellanox/mlx5/core/en_common.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 35 ++- drivers/net/ethernet/mellanox/mlx5/core/main.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_rx.c | 13 +- drivers/net/usb/qmi_wwan.c | 2 +- drivers/net/wireless/ath/ath6kl/htc.h | 15 +- drivers/net/wireless/ath/ath6kl/htc_mbox.c | 15 +- drivers/net/wireless/broadcom/b43/b43.h | 2 +- .../net/wireless/broadcom/b43legacy/b43legacy.h | 2 +- drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 1 + .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 4 +- drivers/nvme/host/hwmon.c | 4 +- drivers/nvme/host/multipath.c | 1 - drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 6 + drivers/platform/x86/intel_scu_pcidrv.c | 1 + drivers/s390/crypto/pkey_api.c | 3 + drivers/scsi/Kconfig | 2 +- drivers/scsi/dpt_i2o.c | 278 +-------------------- drivers/scsi/dpti.h | 1 - drivers/scsi/scsi_lib.c | 2 + drivers/scsi/stex.c | 4 + drivers/tty/serial/8250/8250_tegra.c | 4 +- drivers/tty/serial/fsl_lpuart.c | 44 ++-- drivers/usb/cdns3/cdns3-gadget.c | 60 ++++- drivers/usb/cdns3/cdns3-gadget.h | 9 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/video/fbdev/core/bitblit.c | 3 + drivers/video/fbdev/core/modedb.c | 5 + drivers/video/fbdev/imsttfb.c | 15 +- drivers/video/fbdev/stifb.c | 1 + drivers/watchdog/menz69_wdt.c | 16 +- fs/btrfs/ctree.c | 2 + fs/btrfs/disk-io.c | 2 +- fs/ext4/ext4.h | 5 +- fs/ext4/inode.c | 34 ++- fs/ext4/super.c | 24 +- fs/ext4/xattr.c | 41 +-- fs/gfs2/super.c | 8 + fs/ksmbd/smb2pdu.c | 27 +- include/media/dvb_net.h | 4 + include/media/dvbdev.h | 15 ++ include/net/sock.h | 4 + kernel/trace/trace_probe.h | 2 +- lib/test_firmware.c | 19 +- net/atm/resources.c | 2 + net/core/rtnetlink.c | 8 +- net/core/sock.c | 2 +- net/ipv4/af_inet.c | 2 + net/ipv4/inet_connection_sock.c | 1 + net/ipv4/tcp.c | 9 +- net/mac80211/chan.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 4 + net/netlink/af_netlink.c | 2 +- net/netrom/nr_subr.c | 7 +- net/packet/af_packet.c | 8 +- net/packet/diag.c | 2 +- net/sched/cls_flower.c | 3 + net/sched/sch_api.c | 16 +- net/sched/sch_ingress.c | 16 +- net/xfrm/xfrm_policy.c | 11 +- security/selinux/Makefile | 6 +- sound/core/oss/pcm_plugin.h | 16 +- sound/pci/hda/hda_intel.c | 21 ++ sound/pci/hda/patch_hdmi.c | 22 ++ sound/soc/codecs/ssm2602.c | 15 ++ sound/soc/dwc/dwc-i2s.c | 4 +- tools/testing/selftests/net/mptcp/Makefile | 2 +- tools/testing/selftests/net/mptcp/diag.sh | 4 + tools/testing/selftests/net/mptcp/mptcp_connect.sh | 4 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 + tools/testing/selftests/net/mptcp/mptcp_lib.sh | 40 +++ tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 4 + tools/testing/selftests/net/mptcp/pm_netlink.sh | 4 + tools/testing/selftests/net/mptcp/simult_flows.sh | 4 + 167 files changed, 1544 insertions(+), 779 deletions(-)

1 year, 10 months

13
177
0 0

stable-rc/linux-4.14.y build: 195 builds: 2 failed, 193 passed, 28 warnings (v4.14.317-18-gc9b693dad96c3)

by kernelci.org bot

stable-rc/linux-4.14.y build: 195 builds: 2 failed, 193 passed, 28 warnings (v4.14.317-18-gc9b693dad96c3) Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.14.y/kernel/v4.14.317-1… Tree: stable-rc Branch: linux-4.14.y Git Describe: v4.14.317-18-gc9b693dad96c3 Git Commit: c9b693dad96c3d46d0c40a25eca0b2f68cb2090a Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 6 unique architectures Build Failures Detected: mips: ip27_defconfig: (gcc-10) FAIL ip28_defconfig: (gcc-10) FAIL Warnings Detected: arc: arm64: arm: mini2440_defconfig (gcc-10): 1 warning omap1_defconfig (gcc-10): 1 warning s3c2410_defconfig (gcc-10): 1 warning i386: allnoconfig (gcc-10): 3 warnings i386_defconfig (gcc-10): 3 warnings tinyconfig (gcc-10): 3 warnings mips: malta_qemu_32r6_defconfig (gcc-10): 1 warning mtx1_defconfig (gcc-10): 3 warnings x86_64: allnoconfig (gcc-10): 3 warnings tinyconfig (gcc-10): 3 warnings x86_64_defconfig (gcc-10): 3 warnings x86_64_defconfig+x86-chromebook (gcc-10): 3 warnings Warnings summary: 7 ld: warning: creating DT_TEXTREL in a PIE 4 ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' 4 Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' 3 ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' 3 arch/x86/entry/entry_32.S:480: Warning: no instruction mnemonic suffix given and no register operands; using default for `btr' 2 sound/pci/echoaudio/echoaudio_dsp.c:647:9: warning: iteration 1073741824 invokes undefined behavior [-Waggressive-loop-optimizations] 2 drivers/tty/serial/samsung.c:1790:34: warning: array ‘s3c24xx_uart_dt_match’ assumed to have one element 1 {standard input}:30: Warning: macro instruction expanded into multiple instructions 1 sound/pci/echoaudio/echoaudio_dsp.c:658:9: warning: iteration 1073741824 invokes undefined behavior [-Waggressive-loop-optimizations] 1 drivers/gpio/gpio-omap.c:1152:34: warning: array ‘omap_gpio_match’ assumed to have one element Section mismatches summary: 13 WARNING: modpost: Found 1 section mismatch(es). ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- 32r2el_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- acs5k_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- acs5k_tiny_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- allnoconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (i386, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: arch/x86/entry/entry_32.S:480: Warning: no instruction mnemonic suffix given and no register operands; using default for `btr' ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- am200epdkit_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ar7_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- aspeed_g4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- aspeed_g5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- assabet_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- at91_dt_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath25_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath79_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axm55xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axs103_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axs103_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- badge4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm2835_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm47xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm63xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bigsur_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_be_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_stb_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- capcella_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cavium_octeon_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cerfcube_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ci20_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cm_x2xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cm_x300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cobalt_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- colibri_pxa270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- colibri_pxa300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- collie_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- corgi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- davinci_all_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- db1xxx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- decstation_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- defconfig+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- dove_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- e55_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ebsa110_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- efm32_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- em_x270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ep93xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- eseries_pxa_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- exynos_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ezx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- footbridge_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- fuloong2e_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gemini_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gpr_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- h3600_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- h5000_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hackkit_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- haps_hs_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- haps_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hisi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hsdk_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig (i386, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: arch/x86/entry/entry_32.S:480: Warning: no instruction mnemonic suffix given and no register operands; using default for `btr' ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- imote2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imx_v4_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imx_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- integrator_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- iop13xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- iop32x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- iop33x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip22_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip27_defconfig (mips, gcc-10) — FAIL, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip28_defconfig (mips, gcc-10) — FAIL, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip32_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ixp4xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jazz_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jmr3927_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jornada720_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- keystone_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ks8695_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lart_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lasat_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lemote2f_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson1b_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson1c_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson3_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpc18xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpc32xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpd270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lubbock_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- magician_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mainstone_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_kvm_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_kvm_guest_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_qemu_32r6_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: {standard input}:30: Warning: macro instruction expanded into multiple instructions -------------------------------------------------------------------------------- maltaaprp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_eva_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaup_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaup_xpa_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- markeins_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mini2440_defconfig (arm, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/tty/serial/samsung.c:1790:34: warning: array ‘s3c24xx_uart_dt_match’ assumed to have one element -------------------------------------------------------------------------------- mips_paravirt_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mmp2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- moxart_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mpc30x_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mps2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- msp71xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mtx1_defconfig (mips, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: sound/pci/echoaudio/echoaudio_dsp.c:647:9: warning: iteration 1073741824 invokes undefined behavior [-Waggressive-loop-optimizations] sound/pci/echoaudio/echoaudio_dsp.c:658:9: warning: iteration 1073741824 invokes undefined behavior [-Waggressive-loop-optimizations] sound/pci/echoaudio/echoaudio_dsp.c:647:9: warning: iteration 1073741824 invokes undefined behavior [-Waggressive-loop-optimizations] -------------------------------------------------------------------------------- multi_v4t_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- multi_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mvebu_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mvebu_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mxs_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- neponset_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- netwinder_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- netx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- nhk8815_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- nlm_xlp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nlm_xlr_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsim_hs_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsim_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsimosci_hs_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsimosci_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nuc910_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nuc950_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nuc960_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omap1_defconfig (arm, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/gpio/gpio-omap.c:1152:34: warning: array ‘omap_gpio_match’ assumed to have one element -------------------------------------------------------------------------------- omap2plus_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omega2p_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- orion5x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- palmz72_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pcm027_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pic32mzda_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pistachio_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pleb_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pnx8335_stb225_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- prima2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa168_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa255-idp_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa3xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa910_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- qcom_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- qi_lb60_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- raumfeld_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rb532_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rbtx49xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- realview_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rm200_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rt305x_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- s3c2410_defconfig (arm, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/tty/serial/samsung.c:1790:34: warning: array ‘s3c24xx_uart_dt_match’ assumed to have one element -------------------------------------------------------------------------------- s3c6400_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- s5pv210_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- sama5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sb1250_swarm_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- shannon_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- shmobile_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- simpad_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- socfpga_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear13xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear3xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- spear6xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- spitz_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- stm32_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sunxi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tango4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0219_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0226_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0287_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tct_hammer_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tegra_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- tinyconfig (i386, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: arch/x86/entry/entry_32.S:480: Warning: no instruction mnemonic suffix given and no register operands; using default for `btr' ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- trizeps4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- u300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- u8500_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vdk_hs38_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vdk_hs38_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- versatile_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- vexpress_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- viper_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vocore2_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vt8500_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- workpad_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- x86_64_defconfig+x86-chromebook (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- xcep_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- xilfpga_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- zeus_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- zx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

1 year, 10 months

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: fix Null pointer dereference error in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2a1eb1a343208ce7d6839b73d62aece343e693ff # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023061259-commodity-reflected-be84@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2a1eb1a343208ce7d6839b73d62aece343e693ff Mon Sep 17 00:00:00 2001 From: Horatio Zhang <Hongkun.Zhang(a)amd.com> Date: Mon, 29 May 2023 14:23:37 -0400 Subject: [PATCH] drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram Use the function of amdgpu_bo_vm_destroy to handle the resource release of shadow bo. During the amdgpu_mes_self_test, shadow bo released, but vmbo->shadow_list was not, which caused a null pointer reference error in amdgpu_device_recover_vram when GPU reset. Fixes: 6c032c37ac3e ("drm/amdgpu: Fix vram recover doesn't work after whole GPU reset (v2)") Signed-off-by: xinhui pan <xinhui.pan(a)amd.com> Signed-off-by: Horatio Zhang <Hongkun.Zhang(a)amd.com> Acked-by: Feifei Xu <Feifei.Xu(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c index 2bd1a54ee866..3b225be89cb7 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c @@ -79,9 +79,10 @@ static void amdgpu_bo_user_destroy(struct ttm_buffer_object *tbo) static void amdgpu_bo_vm_destroy(struct ttm_buffer_object *tbo) { struct amdgpu_device *adev = amdgpu_ttm_adev(tbo->bdev); - struct amdgpu_bo *bo = ttm_to_amdgpu_bo(tbo); + struct amdgpu_bo *shadow_bo = ttm_to_amdgpu_bo(tbo), *bo; struct amdgpu_bo_vm *vmbo; + bo = shadow_bo->parent; vmbo = to_amdgpu_bo_vm(bo); /* in case amdgpu_device_recover_vram got NULL of bo->parent */ if (!list_empty(&vmbo->shadow_list)) { @@ -694,11 +695,6 @@ int amdgpu_bo_create_vm(struct amdgpu_device *adev, return r; *vmbo_ptr = to_amdgpu_bo_vm(bo_ptr); - INIT_LIST_HEAD(&(*vmbo_ptr)->shadow_list); - /* Set destroy callback to amdgpu_bo_vm_destroy after vmbo->shadow_list - * is initialized. - */ - bo_ptr->tbo.destroy = &amdgpu_bo_vm_destroy; return r; } @@ -715,6 +711,8 @@ void amdgpu_bo_add_to_shadow_list(struct amdgpu_bo_vm *vmbo) mutex_lock(&adev->shadow_list_lock); list_add_tail(&vmbo->shadow_list, &adev->shadow_list); + vmbo->shadow->parent = amdgpu_bo_ref(&vmbo->bo); + vmbo->shadow->tbo.destroy = &amdgpu_bo_vm_destroy; mutex_unlock(&adev->shadow_list_lock); } diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c index df63dc3bca18..051c7194ab4f 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c @@ -564,7 +564,6 @@ int amdgpu_vm_pt_create(struct amdgpu_device *adev, struct amdgpu_vm *vm, return r; } - (*vmbo)->shadow->parent = amdgpu_bo_ref(bo); amdgpu_bo_add_to_shadow_list(*vmbo); return 0;

1 year, 10 months

1
0
0 0

[PATCH] binfmt_elf: dynamically allocate note.data in parse_elf_properties

by Christian Marangi

Dynamically allocate note.data in parse_elf_properties to fix compilation warning on some arch. On some arch note.data exceed the stack limit for a single function and this cause the following compilation warning: fs/binfmt_elf.c: In function 'parse_elf_properties.isra': fs/binfmt_elf.c:821:1: error: the frame size of 1040 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] 821 | } | ^ cc1: all warnings being treated as errors Fix this by dynamically allocating the array. Update the sizeof of the union to the biggest element allocated. Fixes: 00e19ceec80b ("ELF: Add ELF program property parsing support") Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Cc: stable(a)vger.kernel.org # v5.8+ --- fs/binfmt_elf.c | 36 +++++++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 44b4c42ab8e8..90daa623ca13 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -768,7 +768,7 @@ static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr, { union { struct elf_note nhdr; - char data[NOTE_DATA_SZ]; + char *data; } note; loff_t pos; ssize_t n; @@ -785,29 +785,41 @@ static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr, return -ENOEXEC; /* If the properties are crazy large, that's too bad (for now): */ - if (phdr->p_filesz > sizeof(note)) + if (phdr->p_filesz > sizeof(*note.data) * NOTE_DATA_SZ) return -ENOEXEC; + note.data = kcalloc(NOTE_DATA_SZ, sizeof(*note.data), GFP_KERNEL); + if (!note.data) + return -ENOMEM; + pos = phdr->p_offset; n = kernel_read(f, &note, phdr->p_filesz, &pos); - BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ); - if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ) - return -EIO; + BUILD_BUG_ON(sizeof(*note.data) * NOTE_DATA_SZ < sizeof(note.nhdr) + NOTE_NAME_SZ); + if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ) { + ret = -EIO; + goto exit; + } if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 || note.nhdr.n_namesz != NOTE_NAME_SZ || strncmp(note.data + sizeof(note.nhdr), - GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr))) - return -ENOEXEC; + GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr))) { + ret = -ENOEXEC; + goto exit; + } off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ, ELF_GNU_PROPERTY_ALIGN); - if (off > n) - return -ENOEXEC; + if (off > n) { + ret = -ENOEXEC; + goto exit; + } - if (note.nhdr.n_descsz > n - off) - return -ENOEXEC; + if (note.nhdr.n_descsz > n - off) { + ret = -ENOEXEC; + goto exit; + } datasz = off + note.nhdr.n_descsz; have_prev_type = false; @@ -817,6 +829,8 @@ static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr, have_prev_type = true; } while (!ret); +exit: + kfree(note.data); return ret == -ENOENT ? 0 : ret; } -- 2.39.2

1 year, 10 months

3
4
0 0

[PATCH] arm64: dts: renesas: Fix txdv-skew-psec typo in RZ/G2L family smarc-som.dtsi files

by Chris Paterson

It looks like txdv-skew-psec is a typo from a copy+paste. txdv-skew-psec is not present in the PHY bindings nor is it in the driver. Correct to txen-skew-psec which is clearly what it was meant to be. Given that the default for txen-skew-psec is 0, and the device tree is only trying to set it to 0 anyway, there should not be any functional change from this fix. Fixes: 361b0dcbd7f9 ("arm64: dts: renesas: rzg2l-smarc-som: Enable Ethernet") Fixes: 6494e4f90503 ("arm64: dts: renesas: rzg2ul-smarc-som: Enable Ethernet on SMARC platform") Fixes: ce0c63b6a5ef ("arm64: dts: renesas: Add initial device tree for RZ/G2LC SMARC EVK") Cc: stable(a)vger.kernel.org # 6.1.y Reported-by: Tomohiro Komagata <tomohiro.komagata.aj(a)renesas.com> Signed-off-by: Chris Paterson <chris.paterson2(a)renesas.com> --- I've put all three fixes into a single patch to save on churn. If it is preferred that each dtsi is fixed in a separate commit I'm happy to make the change. Let me know. Thanks! --- arch/arm64/boot/dts/renesas/rzg2l-smarc-som.dtsi | 4 ++-- arch/arm64/boot/dts/renesas/rzg2lc-smarc-som.dtsi | 2 +- arch/arm64/boot/dts/renesas/rzg2ul-smarc-som.dtsi | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/arm64/boot/dts/renesas/rzg2l-smarc-som.dtsi b/arch/arm64/boot/dts/renesas/rzg2l-smarc-som.dtsi index fbbb4f03440b..d0515769e66d 100644 --- a/arch/arm64/boot/dts/renesas/rzg2l-smarc-som.dtsi +++ b/arch/arm64/boot/dts/renesas/rzg2l-smarc-som.dtsi @@ -100,7 +100,7 @@ phy0: ethernet-phy@7 { rxc-skew-psec = <2400>; txc-skew-psec = <2400>; rxdv-skew-psec = <0>; - txdv-skew-psec = <0>; + txen-skew-psec = <0>; rxd0-skew-psec = <0>; rxd1-skew-psec = <0>; rxd2-skew-psec = <0>; @@ -128,7 +128,7 @@ phy1: ethernet-phy@7 { rxc-skew-psec = <2400>; txc-skew-psec = <2400>; rxdv-skew-psec = <0>; - txdv-skew-psec = <0>; + txen-skew-psec = <0>; rxd0-skew-psec = <0>; rxd1-skew-psec = <0>; rxd2-skew-psec = <0>; diff --git a/arch/arm64/boot/dts/renesas/rzg2lc-smarc-som.dtsi b/arch/arm64/boot/dts/renesas/rzg2lc-smarc-som.dtsi index 8a0d56872de7..79279ffb4099 100644 --- a/arch/arm64/boot/dts/renesas/rzg2lc-smarc-som.dtsi +++ b/arch/arm64/boot/dts/renesas/rzg2lc-smarc-som.dtsi @@ -77,7 +77,7 @@ phy0: ethernet-phy@7 { rxc-skew-psec = <2400>; txc-skew-psec = <2400>; rxdv-skew-psec = <0>; - txdv-skew-psec = <0>; + txen-skew-psec = <0>; rxd0-skew-psec = <0>; rxd1-skew-psec = <0>; rxd2-skew-psec = <0>; diff --git a/arch/arm64/boot/dts/renesas/rzg2ul-smarc-som.dtsi b/arch/arm64/boot/dts/renesas/rzg2ul-smarc-som.dtsi index 49ecd33aeeb8..97cdad2a12e2 100644 --- a/arch/arm64/boot/dts/renesas/rzg2ul-smarc-som.dtsi +++ b/arch/arm64/boot/dts/renesas/rzg2ul-smarc-som.dtsi @@ -83,7 +83,7 @@ phy0: ethernet-phy@7 { rxc-skew-psec = <2400>; txc-skew-psec = <2400>; rxdv-skew-psec = <0>; - txdv-skew-psec = <0>; + txen-skew-psec = <0>; rxd0-skew-psec = <0>; rxd1-skew-psec = <0>; rxd2-skew-psec = <0>; @@ -112,7 +112,7 @@ phy1: ethernet-phy@7 { rxc-skew-psec = <2400>; txc-skew-psec = <2400>; rxdv-skew-psec = <0>; - txdv-skew-psec = <0>; + txen-skew-psec = <0>; rxd0-skew-psec = <0>; rxd1-skew-psec = <0>; rxd2-skew-psec = <0>; -- 2.40.1

1 year, 10 months

2
1
0 0

FAILED: patch "[PATCH] ksmbd: check the validation of pdu_size in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 368ba06881c395f1c9a7ba22203cf8d78b4addc0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023061233-omnivore-cardigan-93f8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 368ba06881c395f1c9a7ba22203cf8d78b4addc0 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Tue, 30 May 2023 23:10:31 +0900 Subject: [PATCH] ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop The length field of netbios header must be greater than the SMB header sizes(smb1 or smb2 header), otherwise the packet is an invalid SMB packet. If `pdu_size` is 0, ksmbd allocates a 4 bytes chunk to `conn->request_buf`. In the function `get_smb2_cmd_val` ksmbd will read cmd from `rcv_hdr->Command`, which is `conn->request_buf + 12`, causing the KASAN detector to print the following error message: [ 7.205018] BUG: KASAN: slab-out-of-bounds in get_smb2_cmd_val+0x45/0x60 [ 7.205423] Read of size 2 at addr ffff8880062d8b50 by task ksmbd:42632/248 ... [ 7.207125] <TASK> [ 7.209191] get_smb2_cmd_val+0x45/0x60 [ 7.209426] ksmbd_conn_enqueue_request+0x3a/0x100 [ 7.209712] ksmbd_server_process_request+0x72/0x160 [ 7.210295] ksmbd_conn_handler_loop+0x30c/0x550 [ 7.212280] kthread+0x160/0x190 [ 7.212762] ret_from_fork+0x1f/0x30 [ 7.212981] </TASK> Cc: stable(a)vger.kernel.org Reported-by: Chih-Yen Chang <cc85nod(a)gmail.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/connection.c b/fs/smb/server/connection.c index 4882a812ea86..e11d4a1e63d7 100644 --- a/fs/smb/server/connection.c +++ b/fs/smb/server/connection.c @@ -294,6 +294,9 @@ bool ksmbd_conn_alive(struct ksmbd_conn *conn) return true; } +#define SMB1_MIN_SUPPORTED_HEADER_SIZE (sizeof(struct smb_hdr)) +#define SMB2_MIN_SUPPORTED_HEADER_SIZE (sizeof(struct smb2_hdr) + 4) + /** * ksmbd_conn_handler_loop() - session thread to listen on new smb requests * @p: connection instance @@ -350,6 +353,9 @@ int ksmbd_conn_handler_loop(void *p) if (pdu_size > MAX_STREAM_PROT_LEN) break; + if (pdu_size < SMB1_MIN_SUPPORTED_HEADER_SIZE) + break; + /* 4 for rfc1002 length field */ /* 1 for implied bcc[0] */ size = pdu_size + 4 + 1; @@ -377,6 +383,12 @@ int ksmbd_conn_handler_loop(void *p) continue; } + if (((struct smb2_hdr *)smb2_get_msg(conn->request_buf))->ProtocolId == + SMB2_PROTO_NUMBER) { + if (pdu_size < SMB2_MIN_SUPPORTED_HEADER_SIZE) + break; + } + if (!default_conn_ops.process_fn) { pr_err("No connection request callback\n"); break;

1 year, 10 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: fix posix_acls and acls dereferencing possible" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 25933573ef48f3586f559c2cac6c436c62dcf63f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023061218-empathy-feisty-77b1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25933573ef48f3586f559c2cac6c436c62dcf63f Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Tue, 30 May 2023 21:42:34 +0900 Subject: [PATCH] ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() Dan reported the following error message: fs/smb/server/smbacl.c:1296 smb_check_perm_dacl() error: 'posix_acls' dereferencing possible ERR_PTR() fs/smb/server/vfs.c:1323 ksmbd_vfs_make_xattr_posix_acl() error: 'posix_acls' dereferencing possible ERR_PTR() fs/smb/server/vfs.c:1830 ksmbd_vfs_inherit_posix_acl() error: 'acls' dereferencing possible ERR_PTR() __get_acl() returns a mix of error pointers and NULL. This change it with IS_ERR_OR_NULL(). Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable(a)vger.kernel.org Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smbacl.c b/fs/smb/server/smbacl.c index 6d6cfb6957a9..0a5862a61c77 100644 --- a/fs/smb/server/smbacl.c +++ b/fs/smb/server/smbacl.c @@ -1290,7 +1290,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, const struct path *path, if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) { posix_acls = get_inode_acl(d_inode(path->dentry), ACL_TYPE_ACCESS); - if (posix_acls && !found) { + if (!IS_ERR_OR_NULL(posix_acls) && !found) { unsigned int id = -1; pa_entry = posix_acls->a_entries; @@ -1314,7 +1314,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, const struct path *path, } } } - if (posix_acls) + if (!IS_ERR_OR_NULL(posix_acls)) posix_acl_release(posix_acls); } diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c index 6f302919e9f7..f9fb778247e7 100644 --- a/fs/smb/server/vfs.c +++ b/fs/smb/server/vfs.c @@ -1321,7 +1321,7 @@ static struct xattr_smb_acl *ksmbd_vfs_make_xattr_posix_acl(struct mnt_idmap *id return NULL; posix_acls = get_inode_acl(inode, acl_type); - if (!posix_acls) + if (IS_ERR_OR_NULL(posix_acls)) return NULL; smb_acl = kzalloc(sizeof(struct xattr_smb_acl) + @@ -1830,7 +1830,7 @@ int ksmbd_vfs_inherit_posix_acl(struct mnt_idmap *idmap, return -EOPNOTSUPP; acls = get_inode_acl(parent_inode, ACL_TYPE_DEFAULT); - if (!acls) + if (IS_ERR_OR_NULL(acls)) return -ENOENT; pace = acls->a_entries;

1 year, 10 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: fix posix_acls and acls dereferencing possible" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 25933573ef48f3586f559c2cac6c436c62dcf63f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023061217-serve-hummus-0f0a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25933573ef48f3586f559c2cac6c436c62dcf63f Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Tue, 30 May 2023 21:42:34 +0900 Subject: [PATCH] ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() Dan reported the following error message: fs/smb/server/smbacl.c:1296 smb_check_perm_dacl() error: 'posix_acls' dereferencing possible ERR_PTR() fs/smb/server/vfs.c:1323 ksmbd_vfs_make_xattr_posix_acl() error: 'posix_acls' dereferencing possible ERR_PTR() fs/smb/server/vfs.c:1830 ksmbd_vfs_inherit_posix_acl() error: 'acls' dereferencing possible ERR_PTR() __get_acl() returns a mix of error pointers and NULL. This change it with IS_ERR_OR_NULL(). Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: stable(a)vger.kernel.org Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smbacl.c b/fs/smb/server/smbacl.c index 6d6cfb6957a9..0a5862a61c77 100644 --- a/fs/smb/server/smbacl.c +++ b/fs/smb/server/smbacl.c @@ -1290,7 +1290,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, const struct path *path, if (IS_ENABLED(CONFIG_FS_POSIX_ACL)) { posix_acls = get_inode_acl(d_inode(path->dentry), ACL_TYPE_ACCESS); - if (posix_acls && !found) { + if (!IS_ERR_OR_NULL(posix_acls) && !found) { unsigned int id = -1; pa_entry = posix_acls->a_entries; @@ -1314,7 +1314,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, const struct path *path, } } } - if (posix_acls) + if (!IS_ERR_OR_NULL(posix_acls)) posix_acl_release(posix_acls); } diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c index 6f302919e9f7..f9fb778247e7 100644 --- a/fs/smb/server/vfs.c +++ b/fs/smb/server/vfs.c @@ -1321,7 +1321,7 @@ static struct xattr_smb_acl *ksmbd_vfs_make_xattr_posix_acl(struct mnt_idmap *id return NULL; posix_acls = get_inode_acl(inode, acl_type); - if (!posix_acls) + if (IS_ERR_OR_NULL(posix_acls)) return NULL; smb_acl = kzalloc(sizeof(struct xattr_smb_acl) + @@ -1830,7 +1830,7 @@ int ksmbd_vfs_inherit_posix_acl(struct mnt_idmap *idmap, return -EOPNOTSUPP; acls = get_inode_acl(parent_inode, ACL_TYPE_DEFAULT); - if (!acls) + if (IS_ERR_OR_NULL(acls)) return -ENOENT; pace = acls->a_entries;

1 year, 10 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: validate smb request protocol id" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1c1bcf2d3ea061613119b534f57507c377df20f9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023061222-comic-platypus-831e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1c1bcf2d3ea061613119b534f57507c377df20f9 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Wed, 31 May 2023 17:59:32 +0900 Subject: [PATCH] ksmbd: validate smb request protocol id This patch add the validation for smb request protocol id. If it is not one of the four ids(SMB1_PROTO_NUMBER, SMB2_PROTO_NUMBER, SMB2_TRANSFORM_PROTO_NUM, SMB2_COMPRESSION_TRANSFORM_ID), don't allow processing the request. And this will fix the following KASAN warning also. [ 13.905265] BUG: KASAN: slab-out-of-bounds in init_smb2_rsp_hdr+0x1b9/0x1f0 [ 13.905900] Read of size 16 at addr ffff888005fd2f34 by task kworker/0:2/44 ... [ 13.908553] Call Trace: [ 13.908793] <TASK> [ 13.908995] dump_stack_lvl+0x33/0x50 [ 13.909369] print_report+0xcc/0x620 [ 13.910870] kasan_report+0xae/0xe0 [ 13.911519] kasan_check_range+0x35/0x1b0 [ 13.911796] init_smb2_rsp_hdr+0x1b9/0x1f0 [ 13.912492] handle_ksmbd_work+0xe5/0x820 Cc: stable(a)vger.kernel.org Reported-by: Chih-Yen Chang <cc85nod(a)gmail.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/connection.c b/fs/smb/server/connection.c index e11d4a1e63d7..2a717d158f02 100644 --- a/fs/smb/server/connection.c +++ b/fs/smb/server/connection.c @@ -364,8 +364,6 @@ int ksmbd_conn_handler_loop(void *p) break; memcpy(conn->request_buf, hdr_buf, sizeof(hdr_buf)); - if (!ksmbd_smb_request(conn)) - break; /* * We already read 4 bytes to find out PDU size, now @@ -383,6 +381,9 @@ int ksmbd_conn_handler_loop(void *p) continue; } + if (!ksmbd_smb_request(conn)) + break; + if (((struct smb2_hdr *)smb2_get_msg(conn->request_buf))->ProtocolId == SMB2_PROTO_NUMBER) { if (pdu_size < SMB2_MIN_SUPPORTED_HEADER_SIZE) diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index af0c2a9b8529..569e5eecdf3d 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -158,7 +158,19 @@ int ksmbd_verify_smb_message(struct ksmbd_work *work) */ bool ksmbd_smb_request(struct ksmbd_conn *conn) { - return conn->request_buf[0] == 0; + __le32 *proto = (__le32 *)smb2_get_msg(conn->request_buf); + + if (*proto == SMB2_COMPRESSION_TRANSFORM_ID) { + pr_err_ratelimited("smb2 compression not support yet"); + return false; + } + + if (*proto != SMB1_PROTO_NUMBER && + *proto != SMB2_PROTO_NUMBER && + *proto != SMB2_TRANSFORM_PROTO_NUM) + return false; + + return true; } static bool supported_protocol(int idx)

1 year, 10 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror June 2023