May 2024 - Linux-stable-mirror

FAILED: patch "[PATCH] tty: n_gsm: fix possible out-of-bounds in gsm0_receive()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 47388e807f85948eefc403a8a5fdc5b406a65d5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052539-pacific-rejoin-8bca@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47388e807f85948eefc403a8a5fdc5b406a65d5a Mon Sep 17 00:00:00 2001 From: Daniel Starke <daniel.starke(a)siemens.com> Date: Wed, 24 Apr 2024 07:48:41 +0200 Subject: [PATCH] tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size. Reported-by: j51569436(a)gmail.com Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218708 Tested-by: j51569436(a)gmail.com Fixes: e1eaea46bb40 ("tty: n_gsm line discipline") Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Starke <daniel.starke(a)siemens.com> Link: https://lore.kernel.org/r/20240424054842.7741-1-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index 4036566febcb..72b82bf1c280 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -2913,7 +2913,10 @@ static void gsm0_receive(struct gsm_mux *gsm, u8 c) break; case GSM_DATA: /* Data */ gsm->buf[gsm->count++] = c; - if (gsm->count == gsm->len) { + if (gsm->count >= MAX_MRU) { + gsm->bad_size++; + gsm->state = GSM_SEARCH; + } else if (gsm->count >= gsm->len) { /* Calculate final FCS for UI frames over all data */ if ((gsm->control & ~PF) != UIH) { gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, @@ -3026,7 +3029,7 @@ static void gsm1_receive(struct gsm_mux *gsm, u8 c) gsm->state = GSM_DATA; break; case GSM_DATA: /* Data */ - if (gsm->count > gsm->mru) { /* Allow one for the FCS */ + if (gsm->count > gsm->mru || gsm->count > MAX_MRU) { /* Allow one for the FCS */ gsm->state = GSM_OVERRUN; gsm->bad_size++; } else

7 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] tty: n_gsm: fix possible out-of-bounds in gsm0_receive()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 47388e807f85948eefc403a8a5fdc5b406a65d5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052538-octagon-unleash-663f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47388e807f85948eefc403a8a5fdc5b406a65d5a Mon Sep 17 00:00:00 2001 From: Daniel Starke <daniel.starke(a)siemens.com> Date: Wed, 24 Apr 2024 07:48:41 +0200 Subject: [PATCH] tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size. Reported-by: j51569436(a)gmail.com Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218708 Tested-by: j51569436(a)gmail.com Fixes: e1eaea46bb40 ("tty: n_gsm line discipline") Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Starke <daniel.starke(a)siemens.com> Link: https://lore.kernel.org/r/20240424054842.7741-1-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index 4036566febcb..72b82bf1c280 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -2913,7 +2913,10 @@ static void gsm0_receive(struct gsm_mux *gsm, u8 c) break; case GSM_DATA: /* Data */ gsm->buf[gsm->count++] = c; - if (gsm->count == gsm->len) { + if (gsm->count >= MAX_MRU) { + gsm->bad_size++; + gsm->state = GSM_SEARCH; + } else if (gsm->count >= gsm->len) { /* Calculate final FCS for UI frames over all data */ if ((gsm->control & ~PF) != UIH) { gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, @@ -3026,7 +3029,7 @@ static void gsm1_receive(struct gsm_mux *gsm, u8 c) gsm->state = GSM_DATA; break; case GSM_DATA: /* Data */ - if (gsm->count > gsm->mru) { /* Allow one for the FCS */ + if (gsm->count > gsm->mru || gsm->count > MAX_MRU) { /* Allow one for the FCS */ gsm->state = GSM_OVERRUN; gsm->bad_size++; } else

7 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] tty: n_gsm: fix possible out-of-bounds in gsm0_receive()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 47388e807f85948eefc403a8a5fdc5b406a65d5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052537-payday-enjoyably-a5a8@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47388e807f85948eefc403a8a5fdc5b406a65d5a Mon Sep 17 00:00:00 2001 From: Daniel Starke <daniel.starke(a)siemens.com> Date: Wed, 24 Apr 2024 07:48:41 +0200 Subject: [PATCH] tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size. Reported-by: j51569436(a)gmail.com Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218708 Tested-by: j51569436(a)gmail.com Fixes: e1eaea46bb40 ("tty: n_gsm line discipline") Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Starke <daniel.starke(a)siemens.com> Link: https://lore.kernel.org/r/20240424054842.7741-1-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index 4036566febcb..72b82bf1c280 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -2913,7 +2913,10 @@ static void gsm0_receive(struct gsm_mux *gsm, u8 c) break; case GSM_DATA: /* Data */ gsm->buf[gsm->count++] = c; - if (gsm->count == gsm->len) { + if (gsm->count >= MAX_MRU) { + gsm->bad_size++; + gsm->state = GSM_SEARCH; + } else if (gsm->count >= gsm->len) { /* Calculate final FCS for UI frames over all data */ if ((gsm->control & ~PF) != UIH) { gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, @@ -3026,7 +3029,7 @@ static void gsm1_receive(struct gsm_mux *gsm, u8 c) gsm->state = GSM_DATA; break; case GSM_DATA: /* Data */ - if (gsm->count > gsm->mru) { /* Allow one for the FCS */ + if (gsm->count > gsm->mru || gsm->count > MAX_MRU) { /* Allow one for the FCS */ gsm->state = GSM_OVERRUN; gsm->bad_size++; } else

7 months, 2 weeks

1
0
0 0

Linux 6.8.11

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.11 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/stable/sysfs-block | 10 + Documentation/admin-guide/hw-vuln/core-scheduling.rst | 4 Documentation/admin-guide/mm/damon/usage.rst | 2 Documentation/sphinx/kernel_include.py | 1 Makefile | 2 block/genhd.c | 15 +- block/partitions/core.c | 5 drivers/android/binder.c | 2 drivers/android/binder_internal.h | 2 drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 - drivers/net/ethernet/intel/ice/ice_virtchnl.c | 22 +-- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 3 drivers/net/ethernet/micrel/ks8851_common.c | 18 -- drivers/net/usb/ax88179_178a.c | 37 +++-- drivers/remoteproc/mtk_scp.c | 10 + drivers/tty/serial/kgdboc.c | 30 ++++ drivers/usb/dwc3/gadget.c | 4 drivers/usb/typec/tipd/core.c | 51 +++++-- drivers/usb/typec/tipd/tps6598x.h | 11 + drivers/usb/typec/ucsi/displayport.c | 4 fs/erofs/internal.h | 7 - fs/erofs/super.c | 124 +++++++----------- include/linux/blkdev.h | 13 + include/net/bluetooth/hci.h | 9 + include/net/bluetooth/hci_core.h | 1 net/bluetooth/hci_conn.c | 71 +++++++--- net/bluetooth/hci_event.c | 31 ++-- net/bluetooth/iso.c | 2 net/bluetooth/l2cap_core.c | 38 +---- net/bluetooth/sco.c | 6 security/keys/trusted-keys/trusted_tpm2.c | 25 ++- 31 files changed, 338 insertions(+), 229 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 AngeloGioacchino Del Regno (1): remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Baokun Li (1): erofs: get rid of erofs_fs_context Carlos Llamas (1): binder: fix max_thread type inconsistency Christian Brauner (1): erofs: reliably distinguish block based and fscache mode Christoph Hellwig (2): block: add a disk_has_partscan helper block: add a partscan sysfs attribute for disks Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Greg Kroah-Hartman (1): Linux 6.8.11 Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Jacob Keller (2): ice: pass VSI pointer into ice_vc_isvalid_q_id ice: remove unnecessary duplicate checks for VF VSI ID Jarkko Sakkinen (2): KEYS: trusted: Fix memory leak in tpm2_key_encode() KEYS: trusted: Do not use WARN when encode fails Javier Carrasco (2): usb: typec: tipd: fix event checking for tps25750 usb: typec: tipd: fix event checking for tps6598x Jose Fernandez (1): drm/amd/display: Fix division by zero in setup_dsc_config Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: fix link status when link is set to down/up Prashanth K (1): usb: dwc3: Wait unconditionally after issuing EndXfer command Ronald Wahl (1): net: ks8851: Fix another TX stall caused by wrong ISR flag handling SeongJae Park (1): Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file Sungwoo Kim (2): Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() Thomas Weißschuh (1): admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET

7 months, 2 weeks

1
1
0 0

Linux 6.6.32

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.32 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/stable/sysfs-block | 10 Documentation/admin-guide/hw-vuln/core-scheduling.rst | 4 Documentation/admin-guide/mm/damon/usage.rst | 2 Documentation/sphinx/kernel_include.py | 1 Makefile | 2 block/genhd.c | 15 block/partitions/core.c | 5 drivers/android/binder.c | 2 drivers/android/binder_internal.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 drivers/mmc/core/mmc.c | 9 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 22 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 3 drivers/net/ethernet/micrel/ks8851_common.c | 18 drivers/net/usb/ax88179_178a.c | 37 drivers/remoteproc/mtk_scp.c | 10 drivers/tty/serial/kgdboc.c | 30 drivers/usb/dwc3/gadget.c | 4 drivers/usb/typec/tipd/core.c | 45 drivers/usb/typec/tipd/tps6598x.h | 11 drivers/usb/typec/ucsi/displayport.c | 4 fs/erofs/internal.h | 7 fs/erofs/super.c | 124 - fs/smb/client/Makefile | 2 fs/smb/client/cached_dir.c | 24 fs/smb/client/cifs_debug.c | 38 fs/smb/client/cifsfs.c | 10 fs/smb/client/cifsglob.h | 93 - fs/smb/client/cifsproto.h | 39 fs/smb/client/cifssmb.c | 18 fs/smb/client/connect.c | 57 fs/smb/client/dir.c | 14 fs/smb/client/file.c | 39 fs/smb/client/fs_context.c | 43 fs/smb/client/fs_context.h | 13 fs/smb/client/fscache.c | 7 fs/smb/client/inode.c | 235 +-- fs/smb/client/ioctl.c | 6 fs/smb/client/link.c | 41 fs/smb/client/misc.c | 47 fs/smb/client/ntlmssp.h | 4 fs/smb/client/readdir.c | 32 fs/smb/client/reparse.c | 532 ++++++ fs/smb/client/reparse.h | 113 + fs/smb/client/sess.c | 73 fs/smb/client/smb1ops.c | 80 - fs/smb/client/smb2glob.h | 27 fs/smb/client/smb2inode.c | 1396 +++++++++++------- fs/smb/client/smb2maperror.c | 2 fs/smb/client/smb2misc.c | 10 fs/smb/client/smb2ops.c | 589 ++----- fs/smb/client/smb2pdu.c | 336 +++- fs/smb/client/smb2pdu.h | 46 fs/smb/client/smb2proto.h | 37 fs/smb/client/smb2status.h | 2 fs/smb/client/smb2transport.c | 2 fs/smb/client/smbdirect.c | 4 fs/smb/client/smbencrypt.c | 7 fs/smb/client/trace.h | 137 + fs/smb/common/smb2pdu.h | 116 - fs/smb/common/smbfsctl.h | 6 fs/smb/server/auth.c | 14 fs/smb/server/ksmbd_netlink.h | 36 fs/smb/server/mgmt/user_session.c | 28 fs/smb/server/mgmt/user_session.h | 3 fs/smb/server/misc.c | 1 fs/smb/server/oplock.c | 96 + fs/smb/server/oplock.h | 7 fs/smb/server/smb2misc.c | 26 fs/smb/server/smb2ops.c | 6 fs/smb/server/smb2pdu.c | 338 +++- fs/smb/server/smb2pdu.h | 31 fs/smb/server/transport_tcp.c | 2 fs/smb/server/vfs.c | 28 fs/smb/server/vfs_cache.c | 137 + fs/smb/server/vfs_cache.h | 9 include/linux/blkdev.h | 13 include/linux/bpf_types.h | 3 include/net/bluetooth/hci.h | 9 include/net/bluetooth/hci_core.h | 1 net/bluetooth/hci_conn.c | 71 net/bluetooth/hci_event.c | 31 net/bluetooth/iso.c | 2 net/bluetooth/l2cap_core.c | 38 net/bluetooth/sco.c | 6 security/keys/trusted-keys/trusted_tpm2.c | 25 tools/testing/selftests/kselftest.h | 14 88 files changed, 3907 insertions(+), 1722 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 Alexey Dobriyan (1): smb: client: delete "true", "false" defines AngeloGioacchino Del Regno (1): remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Baokun Li (1): erofs: get rid of erofs_fs_context Bharath SM (2): cifs: defer close file handles having RH lease cifs: remove redundant variable assignment Carlos Llamas (1): binder: fix max_thread type inconsistency Christian Brauner (1): erofs: reliably distinguish block based and fscache mode Christoph Hellwig (2): block: add a disk_has_partscan helper block: add a partscan sysfs attribute for disks Colin Ian King (2): cifs: remove redundant variable tcon_exist ksmbd: Fix spelling mistake "connction" -> "connection" Dan Carpenter (1): smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code David Howells (2): cifs: Pass unbyteswapped eof value into SMB2_set_eof() cifs: Add tracing for the cifs_tcon struct refcounting Enzo Matsumiya (3): smb: client: negotiate compression algorithms smb: common: fix fields sizes in compression_pattern_payload_v1 smb: common: simplify compression headers Eric Biggers (1): smb: use crypto_shash_digest() in symlink_hash() Greg Kroah-Hartman (1): Linux 6.6.32 Gustavo A. R. Silva (1): smb: smb2pdu.h: Avoid -Wflex-array-member-not-at-end warnings Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Jacob Keller (2): ice: pass VSI pointer into ice_vc_isvalid_q_id ice: remove unnecessary duplicate checks for VF VSI ID Jarkko Sakkinen (2): KEYS: trusted: Fix memory leak in tpm2_key_encode() KEYS: trusted: Do not use WARN when encode fails Javier Carrasco (1): usb: typec: tipd: fix event checking for tps6598x Jiri Olsa (1): bpf: Add missing BPF_LINK_TYPE invocations Jose Fernandez (1): drm/amd/display: Fix division by zero in setup_dsc_config Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: fix link status when link is set to down/up Marios Makassikis (1): ksmbd: fix possible null-deref in smb_lazy_parent_lease_break_close Mark Brown (1): kselftest: Add a ksft_perror() helper Markus Elfring (1): smb3: Improve exception handling in allocate_mr_list() Meetakshi Setiya (4): cifs: Add client version details to NTLM authenticate message smb: client: reuse file lease key in compound operations smb: client: retry compound request without reusing lease cifs: fixes for get_inode_info Mengqi Zhang (1): mmc: core: Add HS400 tuning in HS400es initialization Namjae Jeon (5): ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session ksmbd: add support for durable handles v1/v2 ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() ksmbd: fix potencial out-of-bounds when buffer offset is invalid ksmbd: add continuous availability share parameter Paulo Alcantara (17): smb: client: allow creating symlinks via reparse points smb: client: cleanup smb2_query_reparse_point() smb: client: handle special files and symlinks in SMB3 POSIX cifs: get rid of dup length check in parse_reparse_point() smb: client: don't clobber ->i_rdev from cached reparse points smb: client: handle path separator of created SMB symlinks smb: client: get rid of smb311_posix_query_path_info() smb: client: introduce reparse mount option smb: client: move most of reparse point handling code to common file smb: client: fix potential broken compound request smb: client: reduce number of parameters in smb2_compound_op() smb: client: add support for WSL reparse points smb: client: parse uid, gid, mode and dev from WSL reparse points smb: client: set correct d_type for reparse DFS/DFSR and mount point smb: client: return reparse type in /proc/mounts smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file() smb: client: instantiate when creating SFU files Pierre Mariani (1): smb: client: Fix minor whitespace errors and warnings Prashanth K (1): usb: dwc3: Wait unconditionally after issuing EndXfer command Randy Dunlap (2): ksmbd: auth: fix most kernel-doc warnings ksmbd: vfs: fix all kernel-doc warnings Ritvik Budhiraja (1): cifs: fix use after free for iface while disabling secondary channels Ronald Wahl (1): net: ks8851: Fix another TX stall caused by wrong ISR flag handling SeongJae Park (1): Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file Shyam Prasad N (6): cifs: print server capabilities in DebugData cifs: pick channel for tcon and tdis cifs: new nt status codes from MS-SMB2 cifs: new mount option called retrans cifs: commands that are retried should have replay flag set cifs: set replay flag for retries of write command Srinivasan Shanmugam (1): drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Steve French (23): SMB3: clarify some of the unused CreateOption flags Add definition for new smb3.1.1 command type smb3: minor RDMA cleanup smb3: more minor cleanups for session handling routines smb3: minor cleanup of session handling code Missing field not being returned in ioctl CIFS_IOC_GET_MNT_INFO smb: client: introduce cifs_sfu_make_node() smb: client: extend smb2_compound_op() to accept more commands smb: client: allow creating special files via reparse points smb: client: optimise reparse point querying cifs: fix in logging in cifs_chan_update_iface cifs: remove unneeded return statement cifs: minor comment cleanup cifs: update the same create_guid on replay smb3: update allocation size more accurately on write completion smb: client: parse owner/group when creating reparse points smb: client: do not defer close open handles to deleted files smb: client: introduce SMB2_OP_QUERY_WSL_EA smb3: add dynamic trace point for ioctls cifs: Move some extern decls from .c files to .h smb311: correct incorrect offset field in compression header smb311: additional compression flag defined in updated protocol spec smb3: add trace event for mknod Sungwoo Kim (2): Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() Thomas Weißschuh (1): admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET Yang Li (2): smb: Fix some kernel-doc comments ksmbd: Add kernel-doc for ksmbd_extract_sharename() function

7 months, 2 weeks

1
1
0 0

Linux 6.1.92

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.92 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/core-scheduling.rst | 4 Documentation/sphinx/kernel_include.py | 1 Makefile | 2 arch/arm64/Kconfig | 1 arch/arm64/include/asm/lse.h | 1 drivers/android/binder.c | 2 drivers/android/binder_internal.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 drivers/mfd/stpmic1.c | 5 drivers/mmc/core/mmc.c | 9 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 22 - drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 3 drivers/net/ethernet/micrel/ks8851_common.c | 18 - drivers/net/usb/ax88179_178a.c | 37 +- drivers/pinctrl/core.c | 14 drivers/remoteproc/mtk_scp.c | 10 drivers/tty/serial/kgdboc.c | 30 ++ drivers/usb/dwc3/gadget.c | 4 drivers/usb/typec/tipd/core.c | 45 ++- drivers/usb/typec/tipd/tps6598x.h | 11 drivers/usb/typec/ucsi/displayport.c | 4 fs/iomap/buffered-io.c | 254 +++++++++++++++++- fs/iomap/iter.c | 19 + fs/nfs/callback.c | 9 fs/nfsd/nfs4proc.c | 5 fs/nfsd/nfssvc.c | 12 fs/xfs/libxfs/xfs_bmap.c | 8 fs/xfs/libxfs/xfs_errortag.h | 12 fs/xfs/libxfs/xfs_refcount.c | 146 +++++++++- fs/xfs/libxfs/xfs_sb.c | 7 fs/xfs/xfs_aops.c | 37 +- fs/xfs/xfs_bmap_util.c | 10 fs/xfs/xfs_bmap_util.h | 2 fs/xfs/xfs_buf.c | 1 fs/xfs/xfs_buf_item.c | 2 fs/xfs/xfs_error.c | 27 + fs/xfs/xfs_file.c | 2 fs/xfs/xfs_fsops.c | 4 fs/xfs/xfs_icache.c | 6 fs/xfs/xfs_inode.c | 16 - fs/xfs/xfs_ioctl.c | 4 fs/xfs/xfs_iomap.c | 177 +++++++----- fs/xfs/xfs_iomap.h | 6 fs/xfs/xfs_log.c | 53 +-- fs/xfs/xfs_mount.c | 15 + fs/xfs/xfs_pnfs.c | 6 include/linux/iomap.h | 47 ++- net/sunrpc/svc_xprt.c | 16 - security/keys/trusted-keys/trusted_tpm2.c | 25 + 50 files changed, 865 insertions(+), 298 deletions(-) Aidan MacDonald (1): mfd: stpmic1: Fix swapped mask/unmask in irq chip Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 AngeloGioacchino Del Regno (1): remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Carlos Llamas (1): binder: fix max_thread type inconsistency Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Darrick J. Wong (8): xfs: fix incorrect error-out in xfs_remove xfs: invalidate block device page cache during unmount xfs: attach dquots to inode before reading data/cow fork mappings xfs: hoist refcount record merge predicates xfs: estimate post-merge refcounts correctly xfs: invalidate xfs_bufs when allocating cow extents xfs: allow inode inactivation during a ro mount log recovery xfs: fix log recovery when unknown rocompat bits are set Dave Chinner (10): xfs: write page faults in iomap are not buffered writes xfs: punching delalloc extents on write failure is racy xfs: use byte ranges for write cleanup ranges xfs,iomap: move delalloc punching to iomap iomap: buffered write failure should not truncate the page cache xfs: xfs_bmap_punch_delalloc_range() should take a byte range iomap: write iomap validity checks xfs: use iomap_valid method to detect stale cached iomaps xfs: drop write error injection is unfixable, remove it xfs: fix off-by-one-block in xfs_discard_folio() Eric Sandeen (1): xfs: short circuit xfs_growfs_data_private() if delta is zero Greg Kroah-Hartman (1): Linux 6.1.92 Guo Xuenan (2): xfs: wait iclog complete before tearing down AIL xfs: fix super block buf log item UAF during force shutdown Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Hironori Shiina (1): xfs: get root inode correctly at bulkstat Jacob Keller (2): ice: pass VSI pointer into ice_vc_isvalid_q_id ice: remove unnecessary duplicate checks for VF VSI ID Jarkko Sakkinen (2): KEYS: trusted: Fix memory leak in tpm2_key_encode() KEYS: trusted: Do not use WARN when encode fails Javier Carrasco (1): usb: typec: tipd: fix event checking for tps6598x Jose Fernandez (1): drm/amd/display: Fix division by zero in setup_dsc_config Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: fix link status when link is set to down/up Long Li (2): xfs: fix sb write verify for lazysbcount xfs: fix incorrect i_nlink caused by inode racing Mark Rutland (1): arm64: atomics: lse: remove stale dependency on JUMP_LABEL Mengqi Zhang (1): mmc: core: Add HS400 tuning in HS400es initialization NeilBrown (1): nfsd: don't allow nfsd threads to be signalled. Prashanth K (1): usb: dwc3: Wait unconditionally after issuing EndXfer command Ronald Wahl (1): net: ks8851: Fix another TX stall caused by wrong ISR flag handling Sergey Shtylyov (1): pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Srinivasan Shanmugam (1): drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Thomas Weißschuh (1): admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET

7 months, 2 weeks

1
1
0 0

Linux 5.15.160

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.160 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/core-scheduling.rst | 4 Documentation/sphinx/kernel_include.py | 1 Makefile | 2 arch/x86/kvm/x86.c | 11 drivers/android/binder.c | 2 drivers/android/binder_internal.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 - drivers/net/ethernet/broadcom/genet/bcmgenet.h | 2 drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 6 drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 drivers/pinctrl/core.c | 14 - drivers/remoteproc/mtk_scp.c | 10 drivers/tty/serial/kgdboc.c | 30 ++ drivers/usb/typec/ucsi/displayport.c | 4 fs/nfs/callback.c | 9 fs/nfsd/nfs4proc.c | 5 fs/nfsd/nfssvc.c | 12 - include/net/tls.h | 6 net/netlink/af_netlink.c | 23 +- net/sunrpc/svc_xprt.c | 16 - net/tls/tls_sw.c | 199 +++++++++--------- security/keys/trusted-keys/trusted_tpm2.c | 25 +- tools/testing/selftests/vm/map_hugetlb.c | 7 25 files changed, 242 insertions(+), 174 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 AngeloGioacchino Del Regno (1): remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Carlos Llamas (1): binder: fix max_thread type inconsistency Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Doug Berger (2): net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize UMAC_CMD access Eric Dumazet (2): netlink: annotate lockless accesses to nlk->max_recvmsg_len netlink: annotate data-races around sk->sk_err Greg Kroah-Hartman (1): Linux 5.15.160 Harshit Mogalapalli (1): Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Jakub Kicinski (4): tls: rx: simplify async wait net: tls: factor out tls_*crypt_async_wait() tls: fix race between async notify and socket close net: tls: handle backlogging of crypto requests Jarkko Sakkinen (2): KEYS: trusted: Fix memory leak in tpm2_key_encode() KEYS: trusted: Do not use WARN when encode fails Jose Fernandez (1): drm/amd/display: Fix division by zero in setup_dsc_config NeilBrown (1): nfsd: don't allow nfsd threads to be signalled. Sabrina Dubroca (1): tls: extract context alloc/initialization out of tls_set_sw_offload Sean Christopherson (1): KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection Sergey Shtylyov (1): pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Srinivasan Shanmugam (1): drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Thomas Weißschuh (1): admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET

7 months, 2 weeks

1
1
0 0

Linux 5.10.218

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.218 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/sphinx/kernel_include.py | 1 Makefile | 2 - arch/x86/entry/entry_64.S | 17 +++++------ arch/x86/include/asm/irqflags.h | 7 ---- arch/x86/include/asm/paravirt.h | 5 --- arch/x86/include/asm/paravirt_types.h | 8 ----- arch/x86/kernel/asm-offsets_64.c | 2 - arch/x86/kernel/paravirt.c | 5 --- arch/x86/kernel/paravirt_patch.c | 4 -- arch/x86/kvm/x86.c | 11 ++++++- arch/x86/xen/enlighten_pv.c | 1 arch/x86/xen/xen-asm.S | 21 -------------- arch/x86/xen/xen-ops.h | 2 - drivers/firmware/arm_scmi/reset.c | 6 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 ++ drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 2 + drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 6 ++++ drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 ++ drivers/pinctrl/core.c | 14 +++++++-- drivers/tty/serial/kgdboc.c | 30 ++++++++++++++++++++- drivers/usb/typec/ucsi/displayport.c | 4 -- fs/btrfs/volumes.c | 1 net/mptcp/protocol.c | 2 + net/netlink/af_netlink.c | 15 ++++++---- security/integrity/ima/ima_policy.c | 29 ++++++++++++++------ tools/testing/selftests/vm/map_hugetlb.c | 7 ---- 27 files changed, 122 insertions(+), 99 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 Cristian Marussi (1): firmware: arm_scmi: Harden accesses to the reset domains Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Doug Berger (2): net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize UMAC_CMD access Eric Dumazet (1): netlink: annotate lockless accesses to nlk->max_recvmsg_len Greg Kroah-Hartman (1): Linux 5.10.218 Harshit Mogalapalli (1): Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Juergen Gross (1): x86/xen: Drop USERGS_SYSRET64 paravirt call Paolo Abeni (1): mptcp: ensure snd_nxt is properly initialized on connect Sean Christopherson (1): KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection Sergey Shtylyov (1): pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Srinivasan Shanmugam (1): drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() liqiong (1): ima: fix deadlock when traversing "ima_default_rules".

7 months, 2 weeks

1
1
0 0

Linux 5.4.277

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.277 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/sphinx/kernel_include.py | 1 Makefile | 2 arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 +- drivers/firmware/arm_scmi/reset.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 22 ++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 2 drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 12 ++- drivers/net/ethernet/broadcom/genet/bcmmii.c | 43 ++--------- drivers/pinctrl/core.c | 14 ++- drivers/tty/serial/kgdboc.c | 30 +++++++ drivers/usb/typec/ucsi/displayport.c | 4 - fs/btrfs/volumes.c | 1 fs/cifs/smb2ops.c | 4 - fs/cifs/smb2pdu.c | 81 +++++++++++++-------- fs/cifs/smb2proto.h | 10 +- fs/ext4/extents.c | 10 +- tools/testing/selftests/vm/map_hugetlb.c | 7 - 18 files changed, 161 insertions(+), 99 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 Baokun Li (1): ext4: fix bug_on in __es_tree_search Cristian Marussi (1): firmware: arm_scmi: Harden accesses to the reset domains Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Doug Berger (5): Revert "net: bcmgenet: use RGMII loopback for MAC reset" net: bcmgenet: keep MAC in reset until PHY is up net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() net: bcmgenet: synchronize UMAC_CMD access Greg Kroah-Hartman (1): Linux 5.4.277 Harshit Mogalapalli (1): Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Paulo Alcantara (1): smb: client: fix potential OOBs in smb2_parse_contexts() Rob Herring (1): arm64: dts: qcom: Fix 'interrupt-map' parent address cells Sergey Shtylyov (1): pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Srinivasan Shanmugam (1): drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()

7 months, 2 weeks

1
1
0 0

Linux 4.19.315

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.315 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/sphinx/kernel_include.py | 1 Makefile | 2 drivers/md/dm-core.h | 2 drivers/md/dm-ioctl.c | 3 drivers/md/dm-table.c | 9 drivers/tty/serial/kgdboc.c | 30 fs/btrfs/volumes.c | 1 include/linux/string.h | 20 include/linux/trace_events.h | 2 kernel/trace/Kconfig | 4 kernel/trace/Makefile | 1 kernel/trace/trace.c | 26 kernel/trace/trace_dynevent.c | 210 ++++++ kernel/trace/trace_dynevent.h | 119 +++ kernel/trace/trace_events.c | 32 kernel/trace/trace_events_hist.c | 1048 ++++++++++++++++++------------- kernel/trace/trace_probe.c | 2 kernel/trace/trace_stack.c | 2 tools/testing/selftests/vm/map_hugetlb.c | 7 19 files changed, 1050 insertions(+), 471 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Greg Kroah-Hartman (1): Linux 4.19.315 Harshit Mogalapalli (1): Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Masami Hiramatsu (4): tracing: Simplify creation and deletion of synthetic events tracing: Add unified dynamic event framework tracing: Use dyn_event framework for synthetic events tracing: Remove unneeded synth_event_mutex Mikulas Patocka (1): dm: limit the number of targets and parameter size area Steven Rostedt (VMware) (5): tracing: Consolidate trace_add/remove_event_call back to the nolock functions string.h: Add str_has_prefix() helper function tracing: Use str_has_prefix() helper for histogram code tracing: Use str_has_prefix() instead of using fixed sizes tracing: Have the historgram use the result of str_has_prefix() for len of prefix Tom Zanussi (4): tracing: Refactor hist trigger action code tracing: Split up onmatch action data tracing: Generalize hist trigger onmax and save action tracing: Remove unnecessary var_ref destroy in track_data_destroy()

7 months, 2 weeks

1
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2024