August 2023 - Linux-stable-mirror

[PATCH OLK-5.10 v2 1/2] net: tun_chr_open(): set sk_uid from current_fsuid()

by Dong Chenchen

From: Laszlo Ersek <lersek(a)redhat.com> stable inclusion from stable-v5.10.189 commit 5ea23f1cb67e4468db7ff651627892c9217fec24 category: bugfix bugzilla: 189104, https://gitee.com/src-openeuler/kernel/issues/I7QXHX CVE: CVE-2023-4194 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- commit 9bc3047374d5bec163e83e743709e23753376f0c upstream. Commit a096ccca6e50 initializes the "sk_uid" field in the protocol socket (struct sock) from the "/dev/net/tun" device node's owner UID. Per original commit 86741ec25462 ("net: core: Add a UID field to struct sock.", 2016-11-04), that's wrong: the idea is to cache the UID of the userspace process that creates the socket. Commit 86741ec25462 mentions socket() and accept(); with "tun", the action that creates the socket is open("/dev/net/tun"). Therefore the device node's owner UID is irrelevant. In most cases, "/dev/net/tun" will be owned by root, so in practice, commit a096ccca6e50 has no observable effect: - before, "sk_uid" would be zero, due to undefined behavior (CVE-2023-1076), - after, "sk_uid" would be zero, due to "/dev/net/tun" being owned by root. What matters is the (fs)UID of the process performing the open(), so cache that in "sk_uid". Cc: Eric Dumazet <edumazet(a)google.com> Cc: Lorenzo Colitti <lorenzo(a)google.com> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Pietro Borrello <borrello(a)diag.uniroma1.it> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org Fixes: a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid") Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2173435 Signed-off-by: Laszlo Ersek <lersek(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> --- drivers/net/tun.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/tun.c b/drivers/net/tun.c index f8feec522b32..50c2ce392cd1 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -3456,7 +3456,7 @@ static int tun_chr_open(struct inode *inode, struct file * file) tfile->socket.file = file; tfile->socket.ops = &tun_socket_ops; - sock_init_data_uid(&tfile->socket, &tfile->sk, inode->i_uid); + sock_init_data_uid(&tfile->socket, &tfile->sk, current_fsuid()); tfile->sk.sk_write_space = tun_sock_write_space; tfile->sk.sk_sndbuf = INT_MAX; -- 2.25.1

1 year, 4 months

2
1
0 0

[PATCH OLK-5.10 v2 2/2] net: tap_open(): set sk_uid from current_fsuid()

by Dong Chenchen

From: Laszlo Ersek <lersek(a)redhat.com> stable inclusion from stable-v5.10.189 commit 33a339e717be2c88b7ad11375165168d5b40e38e category: bugfix bugzilla: 189104, https://gitee.com/src-openeuler/kernel/issues/I7QXHX CVE: CVE-2023-4194 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- commit 5c9241f3ceab3257abe2923a59950db0dc8bb737 upstream. Commit 66b2c338adce initializes the "sk_uid" field in the protocol socket (struct sock) from the "/dev/tapX" device node's owner UID. Per original commit 86741ec25462 ("net: core: Add a UID field to struct sock.", 2016-11-04), that's wrong: the idea is to cache the UID of the userspace process that creates the socket. Commit 86741ec25462 mentions socket() and accept(); with "tap", the action that creates the socket is open("/dev/tapX"). Therefore the device node's owner UID is irrelevant. In most cases, "/dev/tapX" will be owned by root, so in practice, commit 66b2c338adce has no observable effect: - before, "sk_uid" would be zero, due to undefined behavior (CVE-2023-1076), - after, "sk_uid" would be zero, due to "/dev/tapX" being owned by root. What matters is the (fs)UID of the process performing the open(), so cache that in "sk_uid". Cc: Eric Dumazet <edumazet(a)google.com> Cc: Lorenzo Colitti <lorenzo(a)google.com> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Pietro Borrello <borrello(a)diag.uniroma1.it> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org Fixes: 66b2c338adce ("tap: tap_open(): correctly initialize socket uid") Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2173435 Signed-off-by: Laszlo Ersek <lersek(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> --- drivers/net/tap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/tap.c b/drivers/net/tap.c index d9018d9fe310..2c9ae02ada3e 100644 --- a/drivers/net/tap.c +++ b/drivers/net/tap.c @@ -523,7 +523,7 @@ static int tap_open(struct inode *inode, struct file *file) q->sock.state = SS_CONNECTED; q->sock.file = file; q->sock.ops = &tap_socket_ops; - sock_init_data_uid(&q->sock, &q->sk, inode->i_uid); + sock_init_data_uid(&q->sock, &q->sk, current_fsuid()); q->sk.sk_write_space = tap_sock_write_space; q->sk.sk_destruct = tap_sock_destruct; q->flags = IFF_VNET_HDR | IFF_NO_PI | IFF_TAP; -- 2.25.1

1 year, 4 months

1
0
0 0

[PATCH] pinctrl: qcom: lpass-lpi: fix concurrent register updates

by Krzysztof Kozlowski

The Qualcomm LPASS LPI pin controller driver uses one lock for guarding Read-Modify-Write code for slew rate registers. However the pin configuration and muxing registers have exactly the same RMW code but are not protected. Pin controller framework does not provide locking here, thus it is possible to trigger simultaneous change of pin configuration registers resulting in non-atomic changes. Protect from concurrent access by re-using the same lock used to cover the slew rate register. Using the same lock instead of adding second one will make more sense, once we add support for newer Qualcomm SoC, where slew rate is configured in the same register as pin configuration/muxing. Fixes: 6e261d1090d6 ("pinctrl: qcom: Add sm8250 lpass lpi pinctrl driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/pinctrl/qcom/pinctrl-lpass-lpi.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c b/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c index e5a418026ba3..0b2839d27fd6 100644 --- a/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c +++ b/drivers/pinctrl/qcom/pinctrl-lpass-lpi.c @@ -32,7 +32,8 @@ struct lpi_pinctrl { char __iomem *tlmm_base; char __iomem *slew_base; struct clk_bulk_data clks[MAX_LPI_NUM_CLKS]; - struct mutex slew_access_lock; + /* Protects from concurrent register updates */ + struct mutex lock; DECLARE_BITMAP(ever_gpio, MAX_NR_GPIO); const struct lpi_pinctrl_variant_data *data; }; @@ -103,6 +104,7 @@ static int lpi_gpio_set_mux(struct pinctrl_dev *pctldev, unsigned int function, if (WARN_ON(i == g->nfuncs)) return -EINVAL; + mutex_lock(&pctrl->lock); val = lpi_gpio_read(pctrl, pin, LPI_GPIO_CFG_REG); /* @@ -128,6 +130,7 @@ static int lpi_gpio_set_mux(struct pinctrl_dev *pctldev, unsigned int function, u32p_replace_bits(&val, i, LPI_GPIO_FUNCTION_MASK); lpi_gpio_write(pctrl, pin, LPI_GPIO_CFG_REG, val); + mutex_unlock(&pctrl->lock); return 0; } @@ -233,14 +236,14 @@ static int lpi_config_set(struct pinctrl_dev *pctldev, unsigned int group, if (slew_offset == LPI_NO_SLEW) break; - mutex_lock(&pctrl->slew_access_lock); + mutex_lock(&pctrl->lock); sval = ioread32(pctrl->slew_base + LPI_SLEW_RATE_CTL_REG); sval &= ~(LPI_SLEW_RATE_MASK << slew_offset); sval |= arg << slew_offset; iowrite32(sval, pctrl->slew_base + LPI_SLEW_RATE_CTL_REG); - mutex_unlock(&pctrl->slew_access_lock); + mutex_unlock(&pctrl->lock); break; default: return -EINVAL; @@ -256,6 +259,7 @@ static int lpi_config_set(struct pinctrl_dev *pctldev, unsigned int group, lpi_gpio_write(pctrl, group, LPI_GPIO_VALUE_REG, val); } + mutex_lock(&pctrl->lock); val = lpi_gpio_read(pctrl, group, LPI_GPIO_CFG_REG); u32p_replace_bits(&val, pullup, LPI_GPIO_PULL_MASK); @@ -264,6 +268,7 @@ static int lpi_config_set(struct pinctrl_dev *pctldev, unsigned int group, u32p_replace_bits(&val, output_enabled, LPI_GPIO_OE_MASK); lpi_gpio_write(pctrl, group, LPI_GPIO_CFG_REG, val); + mutex_unlock(&pctrl->lock); return 0; } @@ -461,7 +466,7 @@ int lpi_pinctrl_probe(struct platform_device *pdev) pctrl->chip.label = dev_name(dev); pctrl->chip.can_sleep = false; - mutex_init(&pctrl->slew_access_lock); + mutex_init(&pctrl->lock); pctrl->ctrl = devm_pinctrl_register(dev, &pctrl->desc, pctrl); if (IS_ERR(pctrl->ctrl)) { @@ -483,7 +488,7 @@ int lpi_pinctrl_probe(struct platform_device *pdev) return 0; err_pinctrl: - mutex_destroy(&pctrl->slew_access_lock); + mutex_destroy(&pctrl->lock); clk_bulk_disable_unprepare(MAX_LPI_NUM_CLKS, pctrl->clks); return ret; @@ -495,7 +500,7 @@ int lpi_pinctrl_remove(struct platform_device *pdev) struct lpi_pinctrl *pctrl = platform_get_drvdata(pdev); int i; - mutex_destroy(&pctrl->slew_access_lock); + mutex_destroy(&pctrl->lock); clk_bulk_disable_unprepare(MAX_LPI_NUM_CLKS, pctrl->clks); for (i = 0; i < pctrl->data->npins; i++) -- 2.34.1

1 year, 4 months

2
1
0 0

[PATCH] tty/sysrq: replace smp_processor_id() with get_cpu()

by Muhammad Usama Anjum

The smp_processor_id() shouldn't be called from preemptible code. Instead use get_cpu() and put_cpu() which disables preemption in addition to getting the processor id. This fixes the following bug: [ 119.143590] sysrq: Show backtrace of all active CPUs [ 119.143902] BUG: using smp_processor_id() in preemptible [00000000] code: bash/873 [ 119.144586] caller is debug_smp_processor_id+0x20/0x30 [ 119.144827] CPU: 6 PID: 873 Comm: bash Not tainted 5.10.124-dirty #3 [ 119.144861] Hardware name: QEMU QEMU Virtual Machine, BIOS 2023.05-1 07/22/2023 [ 119.145053] Call trace: [ 119.145093] dump_backtrace+0x0/0x1a0 [ 119.145122] show_stack+0x18/0x70 [ 119.145141] dump_stack+0xc4/0x11c [ 119.145159] check_preemption_disabled+0x100/0x110 [ 119.145175] debug_smp_processor_id+0x20/0x30 [ 119.145195] sysrq_handle_showallcpus+0x20/0xc0 [ 119.145211] __handle_sysrq+0x8c/0x1a0 [ 119.145227] write_sysrq_trigger+0x94/0x12c [ 119.145247] proc_reg_write+0xa8/0xe4 [ 119.145266] vfs_write+0xec/0x280 [ 119.145282] ksys_write+0x6c/0x100 [ 119.145298] __arm64_sys_write+0x20/0x30 [ 119.145315] el0_svc_common.constprop.0+0x78/0x1e4 [ 119.145332] do_el0_svc+0x24/0x8c [ 119.145348] el0_svc+0x10/0x20 [ 119.145364] el0_sync_handler+0x134/0x140 [ 119.145381] el0_sync+0x180/0x1c0 Fixes: 47cab6a722d4 ("debug lockups: Improve lockup detection, fix generic arch fallback") Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- I've reproduced the bug on arm64. This patch fixes the bug. --- drivers/tty/sysrq.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c index 23198e3f1461a..6b4a28bcf2f5f 100644 --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c @@ -262,13 +262,14 @@ static void sysrq_handle_showallcpus(u8 key) if (in_hardirq()) regs = get_irq_regs(); - pr_info("CPU%d:\n", smp_processor_id()); + pr_info("CPU%d:\n", get_cpu()); if (regs) show_regs(regs); else show_stack(NULL, NULL, KERN_INFO); schedule_work(&sysrq_showallcpus); + put_cpu(); } } -- 2.40.1

1 year, 4 months

2
1
0 0

[GIT PULL] virtio: bugfixes

by Michael S. Tsirkin

All small, fairly safe changes. The following changes since commit 52a93d39b17dc7eb98b6aa3edb93943248e03b2f: Linux 6.5-rc5 (2023-08-06 15:07:51 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost.git tags/for_linus for you to fetch changes up to f55484fd7be923b740e8e1fc304070ba53675cb4: virtio-mem: check if the config changed before fake offlining memory (2023-08-10 15:51:46 -0400) ---------------------------------------------------------------- virtio: bugfixes just a bunch of bugfixes all over the place. Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> ---------------------------------------------------------------- Allen Hubbe (2): pds_vdpa: reset to vdpa specified mac pds_vdpa: alloc irq vectors on DRIVER_OK David Hildenbrand (4): virtio-mem: remove unsafe unplug in Big Block Mode (BBM) virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) virtio-mem: check if the config changed before fake offlining memory Dragos Tatulea (4): vdpa: Enable strict validation for netlinks ops vdpa/mlx5: Correct default number of queues when MQ is on vdpa/mlx5: Fix mr->initialized semantics vdpa/mlx5: Fix crash on shutdown for when no ndev exists Eugenio Pérez (1): vdpa/mlx5: Delete control vq iotlb in destroy_mr only when necessary Feng Liu (1): virtio-pci: Fix legacy device flag setting error in probe Gal Pressman (1): virtio-vdpa: Fix cpumask memory leak in virtio_vdpa_find_vqs() Hawkins Jiawei (1): virtio-net: Zero max_tx_vq field for VIRTIO_NET_CTRL_MQ_HASH_CONFIG case Lin Ma (3): vdpa: Add features attr to vdpa_nl_policy for nlattr length check vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check Maxime Coquelin (1): vduse: Use proper spinlock for IRQ injection Mike Christie (3): vhost-scsi: Fix alignment handling with windows vhost-scsi: Rename vhost_scsi_iov_to_sgl MAINTAINERS: add vhost-scsi entry and myself as a co-maintainer Shannon Nelson (4): pds_vdpa: protect Makefile from unconfigured debugfs pds_vdpa: always allow offering VIRTIO_NET_F_MAC pds_vdpa: clean and reset vqs entries pds_vdpa: fix up debugfs feature bit printing Wolfram Sang (1): virtio-mmio: don't break lifecycle of vm_dev MAINTAINERS | 11 ++- drivers/net/virtio_net.c | 2 +- drivers/vdpa/mlx5/core/mlx5_vdpa.h | 2 + drivers/vdpa/mlx5/core/mr.c | 105 +++++++++++++++------ drivers/vdpa/mlx5/net/mlx5_vnet.c | 26 +++--- drivers/vdpa/pds/Makefile | 3 +- drivers/vdpa/pds/debugfs.c | 15 ++- drivers/vdpa/pds/vdpa_dev.c | 176 ++++++++++++++++++++++++---------- drivers/vdpa/pds/vdpa_dev.h | 5 +- drivers/vdpa/vdpa.c | 9 +- drivers/vdpa/vdpa_user/vduse_dev.c | 8 +- drivers/vhost/scsi.c | 187 ++++++++++++++++++++++++++++++++----- drivers/virtio/virtio_mem.c | 168 ++++++++++++++++++++++----------- drivers/virtio/virtio_mmio.c | 5 +- drivers/virtio/virtio_pci_common.c | 2 - drivers/virtio/virtio_pci_legacy.c | 1 + drivers/virtio/virtio_vdpa.c | 2 + 17 files changed, 519 insertions(+), 208 deletions(-)

1 year, 4 months

2
1
0 0

[PATCH 4.14 00/26] 4.14.323-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.323 release. There are 26 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 15 Aug 2023 21:16:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.323-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.323-rc1 Masahiro Yamada <masahiroy(a)kernel.org> alpha: remove __init annotation from exported page_is_ram() Zhu Wang <wangzhu9(a)huawei.com> scsi: core: Fix possible memory leak if device_add() fails Zhu Wang <wangzhu9(a)huawei.com> scsi: snic: Fix possible memory leak if device_add() fails Alexandra Diupina <adiupina(a)astralinux.ru> scsi: 53c700: Check that command slot is not NULL Michael Kelley <mikelley(a)microsoft.com> scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Tony Battersby <tonyb(a)cybernetics.com> scsi: core: Fix legacy /proc parsing buffer overflow Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: report use refcount overflow Christoph Hellwig <hch(a)lst.de> btrfs: don't stop integrity writeback too early Douglas Miller <doug.miller(a)cornelisnetworks.com> IB/hfi1: Fix possible panic during hotplug remove Andrew Kanner <andrew.kanner(a)gmail.com> drivers: net: prevent tun_build_skb() to exceed the packet size limit Eric Dumazet <edumazet(a)google.com> dccp: fix data-race around dp->dccps_mss_cache Ziyang Xuan <william.xuanziyang(a)huawei.com> bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves Eric Dumazet <edumazet(a)google.com> net/packet: annotate data-races around tp->status Karol Herbst <kherbst(a)redhat.com> drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes Arnd Bergmann <arnd(a)arndb.de> x86: Move gds_ucode_mitigated() declaration to header Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/mm: Fix VDSO and VVAR placement on 5-level paging machines Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: dwc3: Properly handle processing of pending events Alan Stern <stern(a)rowland.harvard.edu> usb-storage: alauda: Fix uninit-value in alauda_check_media() Yiyuan Guo <yguoaz(a)gmail.com> iio: cros_ec: Fix the allocation size for cros_ec_command Mirsad Goran Todorovac <mirsad.todorovac(a)alu.unizg.hr> test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput Colin Ian King <colin.i.king(a)gmail.com> radix tree test suite: fix incorrect allocation size for pthreads Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> dmaengine: pl330: Return DMA_PAUSED when transaction is paused Maciej Żenczykowski <maze(a)google.com> ipv6: adjust ndisc_is_useropt() to also return true for PIO Sergei Antonov <saproj(a)gmail.com> mmc: moxart: read scr register without changing byte order Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> sparc: fix up arch_cpu_finalize_init() build breakage. ------------- Diffstat: Makefile | 4 +- arch/alpha/kernel/setup.c | 3 +- arch/sparc/Kconfig | 2 +- arch/x86/entry/vdso/vma.c | 4 +- arch/x86/include/asm/processor.h | 2 + arch/x86/kvm/x86.c | 2 - drivers/dma/pl330.c | 18 ++- drivers/gpu/drm/nouveau/nouveau_connector.c | 2 +- .../common/cros_ec_sensors/cros_ec_sensors_core.c | 2 +- drivers/infiniband/hw/hfi1/chip.c | 1 + drivers/mmc/host/moxart-mmc.c | 8 +- drivers/net/bonding/bond_main.c | 4 +- drivers/net/tun.c | 2 +- drivers/scsi/53c700.c | 2 +- drivers/scsi/raid_class.c | 1 + drivers/scsi/scsi_proc.c | 30 +++-- drivers/scsi/snic/snic_disc.c | 1 + drivers/scsi/storvsc_drv.c | 4 - drivers/usb/dwc3/gadget.c | 9 +- drivers/usb/storage/alauda.c | 9 +- fs/btrfs/extent_io.c | 7 +- fs/nilfs2/inode.c | 8 ++ fs/nilfs2/segment.c | 2 + fs/nilfs2/the_nilfs.h | 2 + include/net/netfilter/nf_tables.h | 27 +++- lib/test_firmware.c | 8 +- net/dccp/output.c | 2 +- net/dccp/proto.c | 10 +- net/ipv6/ndisc.c | 3 +- net/netfilter/nf_tables_api.c | 143 +++++++++++++-------- net/netfilter/nft_objref.c | 8 +- net/packet/af_packet.c | 16 ++- tools/testing/radix-tree/regression1.c | 2 +- 33 files changed, 228 insertions(+), 120 deletions(-)

1 year, 4 months

5
30
0 0

A small bug in file access control that all have neglected

by Xuancong Wang

Dear all, I found in all versions of Linux (at least for kernel version 4/5/6), the following bug exists: When a user is granted full access to a file of which he is not the owner, he can read/write/delete the file, but cannot "change only its last modification date". In particular, `touch -m` fails and Python's `os.utime()` also fails with "Operation not permitted", but `touch` without -m works. This applies to both FACL extended permission as well as basic Linux file permission. Thank you for fixing this in the future! Cheers, Xuancong

1 year, 4 months

1
0
0 0

[PATCH] tpm/tpm_tis: Disable interrupts categorically for Lenovo

by Jarkko Sakkinen

By large most of the entries in tpm_tis_dmi_table[] are for Lenovo laptops, and they keep on coming. Therefore, disable IRQs categorically for Lenovo. Fixes: e644b2f498d2 ("tpm, tpm_tis: Enable interrupt test") Cc: <stable(a)vger.kernel.org> # v6.4+ Reported-by: "Takashi Iwai" <tiwai(a)suse.de> Closes: https://lore.kernel.org/linux-integrity/87il9qhxjq.wl-tiwai@suse.de/ Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- This will be included into v6.5-rc6 PR, as long as Takashi ack's it. I'm planning to send tomorrow morning (GMT+3). BR, Jarkko drivers/char/tpm/tpm_tis.c | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c index 3c0f68b9e44f..dd0f52d35073 100644 --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -132,42 +132,8 @@ static const struct dmi_system_id tpm_tis_dmi_table[] = { }, { .callback = tpm_tis_disable_irq, - .ident = "ThinkPad T490s", .matches = { DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), - DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad T490s"), - }, - }, - { - .callback = tpm_tis_disable_irq, - .ident = "ThinkStation P360 Tiny", - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), - DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkStation P360 Tiny"), - }, - }, - { - .callback = tpm_tis_disable_irq, - .ident = "ThinkPad L490", - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), - DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad L490"), - }, - }, - { - .callback = tpm_tis_disable_irq, - .ident = "ThinkPad L590", - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), - DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad L590"), - }, - }, - { - .callback = tpm_tis_disable_irq, - .ident = "ThinkStation P620", - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), - DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkStation P620"), }, }, { -- 2.39.2

1 year, 4 months

3
7
0 0

[withdrawn] watchdog-fix-lockdep-warning.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: watchdog: Fix lockdep warning has been removed from the -mm tree. Its filename was watchdog-fix-lockdep-warning.patch This patch was dropped because it was withdrawn ------------------------------------------------------ From: Helge Deller <deller(a)gmx.de> Subject: watchdog: Fix lockdep warning Date: Fri, 11 Aug 2023 19:11:46 +0200 Fully initialize detector_work work struct to avoid this kernel warning when lockdep is enabled: ===================================== WARNING: bad unlock balance detected! 6.5.0-rc5+ #687 Not tainted ------------------------------------- swapper/0/1 is trying to release lock (detector_work) at: [<000000004037e554>] __flush_work+0x60/0x658 but there are no more locks to release! other info that might help us debug this: no locks held by swapper/0/1. stack backtrace: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.5.0-rc5+ #687 Hardware name: 9000/785/C3700 Backtrace: [<0000000041455d5c>] print_unlock_imbalance_bug.part.0+0x20c/0x230 [<000000004040d5e8>] lock_release+0x2e8/0x3f8 [<000000004037e5cc>] __flush_work+0xd8/0x658 [<000000004037eb7c>] flush_work+0x30/0x60 [<000000004011f140>] lockup_detector_check+0x54/0x128 [<0000000040306430>] do_one_initcall+0x9c/0x408 [<0000000040102d44>] kernel_init_freeable+0x688/0x7f0 [<000000004146df68>] kernel_init+0x64/0x3a8 [<0000000040302020>] ret_from_kernel_thread+0x20/0x28 Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/watchdog.c | 1 + 1 file changed, 1 insertion(+) --- a/kernel/watchdog.c~watchdog-fix-lockdep-warning +++ a/kernel/watchdog.c @@ -1022,5 +1022,6 @@ void __init lockup_detector_init(void) else allow_lockup_detector_init_retry = true; + INIT_WORK(&detector_work, lockup_detector_delay_init); lockup_detector_setup(); } _ Patches currently in -mm which might be from deller(a)gmx.de are

1 year, 4 months

1
0
0 0

[withdrawn] init-add-lockdep-annotation-to-kthreadd_done-completer.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: init: add lockdep annotation to kthreadd_done completer has been removed from the -mm tree. Its filename was init-add-lockdep-annotation-to-kthreadd_done-completer.patch This patch was dropped because it was withdrawn ------------------------------------------------------ From: Helge Deller <deller(a)gmx.de> Subject: init: add lockdep annotation to kthreadd_done completer Date: Fri, 11 Aug 2023 18:04:22 +0200 Add the missing lockdep annotation to avoid this warning: INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.5.0-rc5+ #681 Hardware name: 9000/785/C3700 Backtrace: [<000000004030bcd0>] show_stack+0x74/0xb0 [<0000000041469c7c>] dump_stack_lvl+0x104/0x180 [<0000000041469d2c>] dump_stack+0x34/0x48 [<000000004040e5b4>] register_lock_class+0xd24/0xd30 [<000000004040c21c>] __lock_acquire.isra.0+0xb4/0xac8 [<000000004040cd60>] lock_acquire+0x130/0x298 [<000000004146df54>] _raw_spin_lock_irq+0x60/0xb8 [<0000000041472044>] wait_for_completion+0xa0/0x2d0 [<000000004146b544>] kernel_init+0x48/0x3a8 [<0000000040302020>] ret_from_kernel_thread+0x20/0x28 Link: https://lkml.kernel.org/r/ZNZcBkiVkm87+Tvr@p100 Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- init/main.c | 2 ++ 1 file changed, 2 insertions(+) --- a/init/main.c~init-add-lockdep-annotation-to-kthreadd_done-completer +++ a/init/main.c @@ -682,6 +682,8 @@ noinline void __ref __noreturn rest_init struct task_struct *tsk; int pid; + init_completion(&kthreadd_done); + rcu_scheduler_starting(); /* * We need to spawn init first so that it obtains pid 1, however _ Patches currently in -mm which might be from deller(a)gmx.de are watchdog-fix-lockdep-warning.patch

1 year, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2023