May 2024 - Linux-stable-mirror

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.218 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.218-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.218-rc1 Akira Yokosawa <akiyks(a)gmail.com> docs: kernel_include.py: Cope with docutils 0.21 Daniel Thompson <daniel.thompson(a)linaro.org> serial: kgdboc: Fix NMI-safety problems from keyboard reset code Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: displayport: Fix potential deadlock Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Harden accesses to the reset domains Sean Christopherson <seanjc(a)google.com> KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection Eric Dumazet <edumazet(a)google.com> netlink: annotate lockless accesses to nlk->max_recvmsg_len liqiong <liqiong(a)nfschina.com> ima: fix deadlock when traversing "ima_default_rules". Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Juergen Gross <jgross(a)suse.com> x86/xen: Drop USERGS_SYSRET64 paravirt call Sergey Shtylyov <s.shtylyov(a)omp.ru> pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() ------------- Diffstat: Documentation/sphinx/kernel_include.py | 1 - Makefile | 4 +-- arch/x86/entry/entry_64.S | 17 ++++++------ arch/x86/include/asm/irqflags.h | 7 ----- arch/x86/include/asm/paravirt.h | 5 ---- arch/x86/include/asm/paravirt_types.h | 8 ------ arch/x86/kernel/asm-offsets_64.c | 2 -- arch/x86/kernel/paravirt.c | 5 +--- arch/x86/kernel/paravirt_patch.c | 4 --- arch/x86/kvm/x86.c | 11 ++++++-- arch/x86/xen/enlighten_pv.c | 1 - arch/x86/xen/xen-asm.S | 21 --------------- arch/x86/xen/xen-ops.h | 2 -- drivers/firmware/arm_scmi/reset.c | 6 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 +++ drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 ++++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 2 ++ drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 6 +++++ drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 +++ drivers/pinctrl/core.c | 14 +++++++--- drivers/tty/serial/kgdboc.c | 30 +++++++++++++++++++++- drivers/usb/typec/ucsi/displayport.c | 4 --- fs/btrfs/volumes.c | 1 + net/mptcp/protocol.c | 2 ++ net/netlink/af_netlink.c | 15 ++++++----- security/integrity/ima/ima_policy.c | 29 ++++++++++++++------- tools/testing/selftests/vm/map_hugetlb.c | 7 ----- 27 files changed, 123 insertions(+), 100 deletions(-)

11 months

7
21
0 0

[PATCH v3 2/7] PCI: xilinx-nwl: Fix off-by-one in IRQ handler

by Sean Anderson

MSGF_LEG_MASK is laid out with INTA in bit 0, INTB in bit 1, INTC in bit 2, and INTD in bit 3. Hardware IRQ numbers start at 0, and we register PCI_NUM_INTX irqs. So to enable INTA (aka hwirq 0) we should set bit 0. Remove the subtraction of one. This fixes the following UBSAN error: [ 5.037483] ================================================================================ [ 5.046260] UBSAN: shift-out-of-bounds in ../drivers/pci/controller/pcie-xilinx-nwl.c:389:11 [ 5.054983] shift exponent 18446744073709551615 is too large for 32-bit type 'int' [ 5.062813] CPU: 1 PID: 61 Comm: kworker/u10:1 Not tainted 6.6.20+ #268 [ 5.070008] Hardware name: xlnx,zynqmp (DT) [ 5.074348] Workqueue: events_unbound deferred_probe_work_func [ 5.080410] Call trace: [ 5.082958] dump_backtrace (arch/arm64/kernel/stacktrace.c:235) [ 5.086850] show_stack (arch/arm64/kernel/stacktrace.c:242) [ 5.090292] dump_stack_lvl (lib/dump_stack.c:107) [ 5.094095] dump_stack (lib/dump_stack.c:114) [ 5.097540] __ubsan_handle_shift_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:387) [ 5.103227] nwl_unmask_leg_irq (drivers/pci/controller/pcie-xilinx-nwl.c:389 (discriminator 1)) [ 5.107386] irq_enable (kernel/irq/internals.h:234 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345) [ 5.110838] __irq_startup (kernel/irq/internals.h:239 kernel/irq/chip.c:180 kernel/irq/chip.c:250) [ 5.114552] irq_startup (kernel/irq/chip.c:270) [ 5.118266] __setup_irq (kernel/irq/manage.c:1800) [ 5.121982] request_threaded_irq (kernel/irq/manage.c:2206) [ 5.126412] pcie_pme_probe (include/linux/interrupt.h:168 drivers/pci/pcie/pme.c:348) [ 5.130303] pcie_port_probe_service (drivers/pci/pcie/portdrv.c:528) [ 5.134915] really_probe (drivers/base/dd.c:579 drivers/base/dd.c:658) [ 5.138720] __driver_probe_device (drivers/base/dd.c:800) [ 5.143236] driver_probe_device (drivers/base/dd.c:830) [ 5.147571] __device_attach_driver (drivers/base/dd.c:959) [ 5.152179] bus_for_each_drv (drivers/base/bus.c:457) [ 5.156163] __device_attach (drivers/base/dd.c:1032) [ 5.160147] device_initial_probe (drivers/base/dd.c:1080) [ 5.164488] bus_probe_device (drivers/base/bus.c:532) [ 5.168471] device_add (drivers/base/core.c:3638) [ 5.172098] device_register (drivers/base/core.c:3714) [ 5.175994] pcie_portdrv_probe (drivers/pci/pcie/portdrv.c:309 drivers/pci/pcie/portdrv.c:363 drivers/pci/pcie/portdrv.c:695) [ 5.180338] pci_device_probe (drivers/pci/pci-driver.c:324 drivers/pci/pci-driver.c:392 drivers/pci/pci-driver.c:417 drivers/pci/pci-driver.c:460) [ 5.184410] really_probe (drivers/base/dd.c:579 drivers/base/dd.c:658) [ 5.188213] __driver_probe_device (drivers/base/dd.c:800) [ 5.192729] driver_probe_device (drivers/base/dd.c:830) [ 5.197064] __device_attach_driver (drivers/base/dd.c:959) [ 5.201672] bus_for_each_drv (drivers/base/bus.c:457) [ 5.205657] __device_attach (drivers/base/dd.c:1032) [ 5.209641] device_attach (drivers/base/dd.c:1074) [ 5.213357] pci_bus_add_device (drivers/pci/bus.c:352) [ 5.217518] pci_bus_add_devices (drivers/pci/bus.c:371 (discriminator 2)) [ 5.221774] pci_host_probe (drivers/pci/probe.c:3099) [ 5.225581] nwl_pcie_probe (drivers/pci/controller/pcie-xilinx-nwl.c:938) [ 5.229562] platform_probe (drivers/base/platform.c:1404) [ 5.233367] really_probe (drivers/base/dd.c:579 drivers/base/dd.c:658) [ 5.237169] __driver_probe_device (drivers/base/dd.c:800) [ 5.241685] driver_probe_device (drivers/base/dd.c:830) [ 5.246020] __device_attach_driver (drivers/base/dd.c:959) [ 5.250628] bus_for_each_drv (drivers/base/bus.c:457) [ 5.254612] __device_attach (drivers/base/dd.c:1032) [ 5.258596] device_initial_probe (drivers/base/dd.c:1080) [ 5.262938] bus_probe_device (drivers/base/bus.c:532) [ 5.266920] deferred_probe_work_func (drivers/base/dd.c:124) [ 5.271619] process_one_work (arch/arm64/include/asm/jump_label.h:21 include/linux/jump_label.h:207 include/trace/events/workqueue.h:108 kernel/workqueue.c:2632) [ 5.275788] worker_thread (kernel/workqueue.c:2694 (discriminator 2) kernel/workqueue.c:2781 (discriminator 2)) [ 5.279686] kthread (kernel/kthread.c:388) [ 5.283048] ret_from_fork (arch/arm64/kernel/entry.S:862) [ 5.286765] ================================================================================ Fixes: 9a181e1093af ("PCI: xilinx-nwl: Modify IRQ chip for legacy interrupts") Cc: <stable(a)vger.kernel.org> Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> --- Changes in v3: - Expand commit message drivers/pci/controller/pcie-xilinx-nwl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/pcie-xilinx-nwl.c b/drivers/pci/controller/pcie-xilinx-nwl.c index 0408f4d612b5..437927e3bcca 100644 --- a/drivers/pci/controller/pcie-xilinx-nwl.c +++ b/drivers/pci/controller/pcie-xilinx-nwl.c @@ -371,7 +371,7 @@ static void nwl_mask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val & (~mask)), MSGF_LEG_MASK); @@ -385,7 +385,7 @@ static void nwl_unmask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val | mask), MSGF_LEG_MASK); -- 2.35.1.1320.gc452695387.dirty

11 months

3
4
0 0

[PATCH 3/3] KVM: arm64: AArch32: Fix spurious trapping of conditional instructions

by Marc Zyngier

We recently upgraded the view of ESR_EL2 to 64bit, in keeping with the requirements of the architecture. However, the AArch32 emulation code was left unaudited, and the (already dodgy) code that triages whether a trap is spurious or not (because the condition code failed) broke in a subtle way: If ESR_EL2.ISS2 is ever non-zero (unlikely, but hey, this is the ARM architecture we're talking about), the hack that tests the top bits of ESR_EL2.EC will break in an interesting way. Instead, use kvm_vcpu_trap_get_class() to obtain the EC, and list all the possible ECs that can fail a condition code check. While we're at it, add SMC32 to the list, as it is explicitly listed as being allowed to trap despite failing a condition code check (as described in the HCR_EL2.TSC documentation). Fixes: 0b12620fddb8 ("KVM: arm64: Treat ESR_EL2 as a 64-bit register") Signed-off-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kvm/hyp/aarch32.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/aarch32.c b/arch/arm64/kvm/hyp/aarch32.c index 8d9670e6615d..449fa58cf3b6 100644 --- a/arch/arm64/kvm/hyp/aarch32.c +++ b/arch/arm64/kvm/hyp/aarch32.c @@ -50,9 +50,23 @@ bool kvm_condition_valid32(const struct kvm_vcpu *vcpu) u32 cpsr_cond; int cond; - /* Top two bits non-zero? Unconditional. */ - if (kvm_vcpu_get_esr(vcpu) >> 30) + /* + * These are the exception classes that could fire with a + * conditional instruction. + */ + switch (kvm_vcpu_trap_get_class(vcpu)) { + case ESR_ELx_EC_CP15_32: + case ESR_ELx_EC_CP15_64: + case ESR_ELx_EC_CP14_MR: + case ESR_ELx_EC_CP14_LS: + case ESR_ELx_EC_FP_ASIMD: + case ESR_ELx_EC_CP10_ID: + case ESR_ELx_EC_CP14_64: + case ESR_ELx_EC_SVC32: + break; + default: return true; + } /* Is condition field valid? */ cond = kvm_vcpu_get_condition(vcpu); -- 2.39.2

11 months

1
0
0 0

Re: [BUG] Linux 6.8.10 NPE

by Paul Grandperrin

> I am using vanilla Linux 6.8.10, and I've just noticed this BUG in my dmesg log. I have no idea what triggered it, and especially since I have not even mounted any NFS filesystems?! Hi all, I have the exact same bug. I'm using the NixOS kernel but as soon as it was updated to 6.8.10 my server has gone in a crash-reboot-loop. The server is hosting an NFS deamon and it crashes about 10 seconds after the tty login prompt is displayed. Dowgrading to 6.8.9 fixes the issue. Regards, Paul Grandperrin

11 months

3
3
0 0

Kernel 6.8.4 regression: aacraid controller not initialized any more, system boot hangs

by Peter Schneider

Hi all, I am running a dual Xeon machine as my personal virtualization server at home, using Proxmox VE, and with their latest update 8.2 which brings kernel 6.8.4-2-pve, I am seeing a serious regression which breaks my setup because it does not boot any more. The last message I see displayed during boot is: "Timed out for waiting the udev queue being empty.", and then it hangs indefinitely. Previous kernel 6.5.13-5-pve worked fine, with the following caveat: I had similar problems initially with earlier kernels too, so from the very beginning with this machine using PVE, I had to set grub parameter rootdelay=60. With that, everything was fine, the busses settled and RAID controller and root device was found and system booted. With the newer 6.8.4 kernel, not any more, although I even tried to increase rootdelay parameter to 120. I was able to reproduce and bisect this regression also with mainline kernels (also with stable 6.8.8 and 6.9-rc), so I thought it would be a good idea to report it upstream to you guys. This is an older server machine: 2-socket Ivy Bridge Xeon E5-2697 v2 (24C/48T) in an Asus Z9PE-D16/2L motherboard (Intel C-602A chipset); BIOS patched to the latest available from Asus. All memory slots occupied, so 256 GB RAM in total. It also has Asus ASMB6 iKVM BMC, which supplies virtual storage devices (seel below dmesg) to which ISO images can be attached via network to boot/install OS from. Storage config: I have two single M4 256 GiB SATA SSD drives attached to internal mainboard SATA ports; one of them is my root device and PVE installation drive. The other one I use for storing ISO images. My main VM storage is attached to a battery backed-up Adaptec 5805 SATA/SAS RAID controller (w/ latest FW build 18948) attached to SATA/SAS enclosure of my Supermicro server casing, having eight disk drives in total: I have one RAID1 Array, consisting of two Samsung 1 TiB SATA SSDs for VM root disk images, and one RAID5 Array, consisting of 6 Hitachi 1 TiB HDDs which I use for storing VM data disk images. On both arrays, I use a LVM thin pool as PVE storage location. When everything boots up, the system is running just fine and smoothly with ~15 VMs at the same time (and has for years!). Although this is "only" a homelab server, I love it dearly and use it for many private projects VMs, among them runing Windows Server VM with MS SQL Server, and Linux server VMs running Oracle Database Server (I'm a database guy). I attach dmesg output of previous working kernel 6.5.13-5-pve, my git bisect log and output of lspci -v. The last successful kernel messages I see from the failing kernels version is this: ... [ 5.540424] usb-storage 1-1.3.4:1.0: USB Mass Storage device detected [ 5.540670] scsi host10: usb-storage 1-1.3.4:1.0 [ 5.947794] scsi 8:0:0:0: CD-ROM AMI Virtual CDROM0 1.00 PQ: 0 ANSI: 0 CCS [ 6.267830] scsi 9:0:0:0: Direct-Access AMI Virtual Floppy0 1.00 PQ: 0 ANSI: 0 CCS [ 6.555845] scsi 10:0:0:0: Direct-Access AMI Virtual HDISK0 1.00 PQ: 0 ANSI: 0 CCS and then the error message "Timed out for waiting the udev queue being empty." and the system hangs. In case of working kernels, the boot process would continue with this: ... [ 5.947794] scsi 8:0:0:0: CD-ROM AMI Virtual CDROM0 1.00 PQ: 0 ANSI: 0 CCS [ 6.267830] scsi 9:0:0:0: Direct-Access AMI Virtual Floppy0 1.00 PQ: 0 ANSI: 0 CCS [ 6.555845] scsi 10:0:0:0: Direct-Access AMI Virtual HDISK0 1.00 PQ: 0 ANSI: 0 CCS [ 32.592054] scsi 0:3:1:0: Enclosure ADAPTEC Virtual SGPIO 1 0001 PQ: 0 ANSI: 5 [ 61.536097] sd 0:0:0:0: Attached scsi generic sg0 type 0 [ 61.536215] sd 0:0:0:0: [sda] 1998565376 512-byte logical blocks: (1.02 TB/953 GiB) [ 61.536236] sd 0:0:1:0: Attached scsi generic sg1 type 0 [ 61.536239] sd 0:0:0:0: [sda] Write Protect is off [ 61.536246] sd 0:0:0:0: [sda] Mode Sense: 12 00 10 08 [ 61.536283] sd 0:0:0:0: [sda] Write cache: disabled, read cache: enabled, supports DPO and FUA [ 61.536340] scsi 0:1:0:0: Attached scsi generic sg2 type 0 [ 61.536383] sd 0:0:1:0: [sdb] Very big device. Trying to use READ CAPACITY(16). [ 61.536400] sd 0:0:1:0: [sdb] 9762222080 512-byte logical blocks: (5.00 TB/4.54 TiB) [ 61.536414] sd 0:0:1:0: [sdb] Write Protect is off [ 61.536418] sd 0:0:1:0: [sdb] Mode Sense: 12 00 10 08 [ 61.536439] sd 0:0:1:0: [sdb] Write cache: disabled, read cache: enabled, supports DPO and FUA [ 61.536455] scsi 0:1:1:0: Attached scsi generic sg3 type 0 [ 61.536616] scsi 0:1:2:0: Attached scsi generic sg4 type 0 [ 61.536750] scsi 0:1:3:0: Attached scsi generic sg5 type 0 [ 61.536840] scsi 0:1:4:0: Attached scsi generic sg6 type 0 [ 61.536930] scsi 0:1:5:0: Attached scsi generic sg7 type 0 [ 61.537027] scsi 0:1:6:0: Attached scsi generic sg8 type 0 [ 61.537122] scsi 0:1:7:0: Attached scsi generic sg9 type 0 [ 61.537248] sd 0:0:1:0: [sdb] Very big device. Trying to use READ CAPACITY(16). [ 61.537274] scsi 0:3:0:0: Attached scsi generic sg10 type 13 [ 61.537390] scsi 0:3:1:0: Attached scsi generic sg11 type 13 [ 61.537558] scsi 1:0:0:0: Direct-Access ATA M4-CT256M4SSD2 0309 PQ: 0 ANSI: 5 [ 61.537851] sd 1:0:0:0: Attached scsi generic sg12 type 0 [ 61.537919] scsi: waiting for bus probes to complete ... [ 61.537973] sd 1:0:0:0: [sdc] 500118192 512-byte logical blocks: (256 GB/238 GiB) [ 61.537986] sd 1:0:0:0: [sdc] Write Protect is off [ 61.537989] sd 1:0:0:0: [sdc] Mode Sense: 00 3a 00 00 [ 61.538002] sd 1:0:0:0: [sdc] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 61.538022] sd 1:0:0:0: [sdc] Preferred minimum I/O size 512 bytes [ 61.538924] sdc: sdc1 sdc2 < sdc5 > ... so it seems to me the initialiation of the the Adaptec controller is the culprit. I have tested and reproduced the regression with mainline kernels according to the following list (please excuse me if it's too long ;-) See at the very bottom for first bad commit I found this way. I always built as "make olddefconfig" using the 6.5.13-5-pve config as starting point. ------------------------------------------------------------------- Proxmox Virtual Environmet (PVE) Kernels ======================================== 6.5.13-5-pve WORKS last working PVE (8.1) kernel; 5.15-pve and 6.2-pve work too 6.8.4-2-pve NOPE PVE release 8.2 Mainline Kernels ================ 6.9.0-rc6+ NOPE Most recent (2024-05-01) 6.9.0-rc5+ NOPE Most recent (2024-04-27) 6.8.8 NOPE Most recent released (2024-04-29) 6.8.7 NOPE Most recent released (2024-04-27) 6.8.4 NOPE Same version as most recent released PVE 8.2 Kernel 6.5.13 WORKS My tests, reverts on top of 6.8.8 ================================= 6.8.8+ WORKS Revert "Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi" - This reverts commit 6d20acbf3e3a32d331947dbc3802cf2d1a399e7d, reversing changes made to fef85269a19d277f23fc5ff08a3c356beeb54cb3 6.8.8+ WORKS Revert "scsi: core: Consult supported VPD page list prior to fetching page" - This reverts commit b5fc07a5fb56216a49e6c1d0b172d5464d99a89b (this is the first bad commit of my bisect session, see below, and a single patch as part of the above merged tag 'scsi-fixes') Bisecting, starting from 6.9.0-rc5 (bad) and 6.5.13 (good) ========================================================== root@linus:/usr/src/linux# git checkout master Bereits auf 'master' Ihr Branch ist auf demselben Stand wie 'origin/master'. root@linus:/usr/src/linux# git log commit 9d1ddab261f3e2af7c384dc02238784ce0cf9f98 (HEAD -> master, origin/master, origin/HEAD) Merge: 71b1543c83d6 77d8aa79ecfb Author: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Tue Apr 23 09:37:32 2024 -0700 Merge tag '6.9-rc5-smb-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 root@linus:/usr/src/linux# cp /boot/config-6.5.13-5-pve .config root@linus:/usr/src/linux# git bisect start Status: warte auf guten und schlechten Commit root@linus:/usr/src/linux# git bisect bad Status: warte auf gute(n) Commit(s), schlechter Commit bekannt root@linus:/usr/src/linux# git bisect good v6.5.13 Binäre Suche: eine Merge-Basis muss geprüft werden [2dde18cd1d8fac735875f2e4987f11817cc0bc2c] Linux 6.5 root@linus:/usr/src/linux# make olddefconfig .config:10571:warning: symbol value 'm' invalid for ANDROID_BINDER_IPC .config:10572:warning: symbol value 'm' invalid for ANDROID_BINDERFS # # configuration written to .config # root@linus:/usr/src/linux# make -j 48 => 6.5.0 (Merge Base) WORKS root@linus:/usr/src/linux# git bisect good Binäre Suche: danach noch 32111 Commits zum Testen übrig (ungefähr 15 Schritte) [0f5cc96c367f2e780eb492cc9cab84e3b2ca88da] Merge tag 's390-6.7-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux root@linus:/usr/src/linux# make -j 48 => 6.7.0-rc2+ WORKS root@linus:/usr/src/linux# git bisect good Binäre Suche: danach noch 16056 Commits zum Testen übrig (ungefähr 14 Schritte) [ee138217c32ccbfa75d5ea6b766158148e98f6fa] Merge tag 'btree-remove-btnum-6.9_2024-02-23' of https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux into xfs-6.9-mergeC => 6.8.0-rc4+ WORKS root@linus:/usr/src/linux# git bisect good Binäre Suche: danach noch 8214 Commits zum Testen übrig (ungefähr 13 Schritte) [e5e038b7ae9da96b93974bf072ca1876899a01a3] Merge tag 'fs_for_v6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs => 6.8.0+ NOPE => does not find root device, does not boot; message: "BUG: arch topology borken the CPU domain not a subset of > the NUMA domain" message: "Timed out for waiting the udev queue being empty." root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 3954 Commits zum Testen übrig (ungefähr 12 Schritte) [f153fbe1ea11939e2514ba4b3b62bbd946e2892c] Merge tag 'erofs-for-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs => 6.8.0+ (HEAD losgelöst bei f153fbe1ea11) NOPE => same as above root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 1945 Commits zum Testen übrig (ungefähr 11 Schritte) [1ddeeb2a058d7b2a58ed9e820396b4ceb715d529] Merge tag 'for-6.9/block-20240310' of git://git.kernel.dk/linux => 6.8.0+ (HEAD losgelöst bei 1ddeeb2a058d) NOPE => same as above root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 970 Commits zum Testen übrig (ungefähr 10 Schritte) [2652b99e43403dc464f3648483ffb38e48872fe4] ice: virtchnl: stop pretending to support RSS over AQ or registers => 6.8.0-rc6+ (2652b99e4340) NOPE => same root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 506 Commits zum Testen übrig (ungefähr 9 Schritte) [efa80dcbb7a3ecc4a1b2f54624c49b5a612f92b3] Merge tag 'trace-v6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace => 6.8.0-rc5+ (efa80dcbb7a3) WORKS root@linus:/usr/src/linux# git bisect good Binäre Suche: danach noch 251 Commits zum Testen übrig (ungefähr 8 Schritte) [c6a597fcc7ad7335a3ecf8f5287a0459f793a257] Merge tag 'loongarch-fixes-6.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson => 6.8.0-rc5+ (c6a597fcc7ad) WORKS root@linus:/usr/src/linux# git bisect good Binäre Suche: danach noch 126 Commits zum Testen übrig (ungefähr 7 Schritte) [cf1182944c7cc9f1c21a8a44e0d29abe12527412] Merge tag 'lsm-pr-20240227' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm => 6.8.0-rc6+ (cf1182944c7c) NOPE root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 62 Commits zum Testen übrig (ungefähr 6 Schritte) [4ca0d9894fd517a2f2c0c10d26ebe99ab4396fe3] Merge tag 'erofs-for-6.8-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs => 6.8.0-rc5+ (4ca0d9894fd5) NOPE root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 36 Commits zum Testen übrig (ungefähr 5 Schritte) [ac389bc0ca56e1a2f92b2a17e58298390a3879a8] Merge tag 'cxl-fixes-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl => 6.8.0-rc5+ (ac389bc0ca56) NOPE root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 12 Commits zum Testen übrig (ungefähr 4 Schritte) [40de53fd002c6ba087a623722915e8006ed68a02] Merge branch 'for-6.8/cxl-cper' into for-6.8/cxl => 6.8.0-rc5+ (40de53fd002c) WORKS root@linus:/usr/src/linux# git bisect good Binäre Suche: danach noch 6 Commits zum Testen übrig (ungefähr 3 Schritte) [9ddf190a7df77b77817f955fdb9c2ae9d1c9c9a3] scsi: jazz_esp: Only build if SCSI core is builtin => 6.8.0-rc1+ (9ddf190a7df7) NOPE root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 2 Commits zum Testen übrig (ungefähr 2 Schritte) [de959094eb2197636f7c803af0943cb9d3b35804] scsi: target: pscsi: Fix bio_put() for error case => 6.8.0-rc1+ (de959094eb21) NOPE root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 0 Commits zum Testen übrig (ungefähr 1 Schritt) [b5fc07a5fb56216a49e6c1d0b172d5464d99a89b] scsi: core: Consult supported VPD page list prior to fetching page => 6.8.0-rc1+ (b5fc07a5fb56) NOPE root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 0 Commits zum Testen übrig (ungefähr 0 Schritte) [321da3dc1f3c92a12e3c5da934090d2992a8814c] scsi: sd: usb_storage: uas: Access media prior to querying device properties => 6.8.0-rc1+ (321da3dc1f3c) WORKS root@linus:/usr/src/linux# git bisect good b5fc07a5fb56216a49e6c1d0b172d5464d99a89b is the first bad commit commit b5fc07a5fb56216a49e6c1d0b172d5464d99a89b Author: Martin K. Petersen <martin.petersen(a)oracle.com> Date: Wed Feb 14 17:14:11 2024 -0500 scsi: core: Consult supported VPD page list prior to fetching page Commit c92a6b5d6335 ("scsi: core: Query VPD size before getting full page") removed the logic which checks whether a VPD page is present on the supported pages list before asking for the page itself. That was done because SPC helpfully states "The Supported VPD Pages VPD page list may or may not include all the VPD pages that are able to be returned by the device server". Testing had revealed a few devices that supported some of the 0xBn pages but didn't actually list them in page 0. Julian Sikorski bisected a problem with his drive resetting during discovery to the commit above. As it turns out, this particular drive firmware will crash if we attempt to fetch page 0xB9. Various approaches were attempted to work around this. In the end, reinstating the logic that consults VPD page 0 before fetching any other page was the path of least resistance. A firmware update for the devices which originally compelled us to remove the check has since been released. Link: https://lore.kernel.org/r/20240214221411.2888112-1-martin.petersen@oracle.c… Fixes: c92a6b5d6335 ("scsi: core: Query VPD size before getting full page") Cc: stable(a)vger.kernel.org Cc: Bart Van Assche <bvanassche(a)acm.org> Reported-by: Julian Sikorski <belegdol(a)gmail.com> Tested-by: Julian Sikorski <belegdol(a)gmail.com> Reviewed-by: Lee Duncan <lee.duncan(a)suse.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> drivers/scsi/scsi.c | 22 ++++++++++++++++++++-- include/scsi/scsi_device.h | 4 ---- 2 files changed, 20 insertions(+), 6 deletions(-) root@linus:/usr/src/linux# ------------------------------------------------------------------- Beste Grüße, Peter Schneider -- Climb the mountain not to plant your flag, but to embrace the challenge, enjoy the air and behold the view. Climb it so you can see the world, not so the world can see you. -- David McCullough Jr. OpenPGP: 0xA3828BD796CCE11A8CADE8866E3A92C92C3FF244 Download: https://www.peters-netzplatz.de/download/pschneider1968_pub.asc https://keys.mailvelope.com/pks/lookup?op=get&search=pschneider1968@googlem… https://keys.mailvelope.com/pks/lookup?op=get&search=pschneider1968@gmail.c…

11 months

4
10
0 0

Re: 回复: 回复: 回复: backport a patch for Linux kernel-5.15 kernel-6.1 kenrel-6.6 stable tree

by Greg KH

On Fri, May 24, 2024 at 01:07:18AM +0000, Lin Gui (桂林) wrote: > Dear @Greg KH<mailto:gregkh@linuxfoundation.org>, > > Base : kernel-5.15.159 > > diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c > index a569066..d656964 100644 > --- a/drivers/mmc/core/mmc.c > +++ b/drivers/mmc/core/mmc.c > @@ -1800,7 +1800,13 @@ static int mmc_init_card(struct mmc_host *host, u32 ocr, > if (err) > goto free_card; > > - } else if (!mmc_card_hs400es(card)) { > + } else if (mmc_card_hs400es(card)){ > + if (host->ops->execute_hs400_tuning) { > + err = host->ops->execute_hs400_tuning(host, card); > + if (err) > + goto free_card; > + } > + } else { > /* Select the desired bus width optionally */ > err = mmc_select_bus_width(card); > if (err > 0 && mmc_card_hs(card)) { > The patch is corrupted, and sent in html format. But most importantly, you did not test this to verify it works at all, which means that you don't really need it? confused, greg k-h

11 months, 1 week

1
0
0 0

[PATCH v2 2/2] memfd:add MEMFD_NOEXEC_SEAL documentation

by jeffxu＠chromium.org

From: Jeff Xu <jeffxu(a)google.com> Add documentation for MFD_NOEXEC_SEAL and MFD_EXEC Cc: stable(a)vger.kernel.org Signed-off-by: Jeff Xu <jeffxu(a)google.com> --- Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/mfd_noexec.rst | 90 ++++++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100644 Documentation/userspace-api/mfd_noexec.rst diff --git a/Documentation/userspace-api/index.rst b/Documentation/userspace-api/index.rst index 5926115ec0ed..8a251d71fa6e 100644 --- a/Documentation/userspace-api/index.rst +++ b/Documentation/userspace-api/index.rst @@ -32,6 +32,7 @@ Security-related interfaces seccomp_filter landlock lsm + mfd_noexec spec_ctrl tee diff --git a/Documentation/userspace-api/mfd_noexec.rst b/Documentation/userspace-api/mfd_noexec.rst new file mode 100644 index 000000000000..6f11ad86b076 --- /dev/null +++ b/Documentation/userspace-api/mfd_noexec.rst @@ -0,0 +1,90 @@ +.. SPDX-License-Identifier: GPL-2.0 + +================================== +Introduction of non executable mfd +================================== +:Author: + Daniel Verkamp <dverkamp(a)chromium.org> + Jeff Xu <jeffxu(a)google.com> + +:Contributor: + Aleksa Sarai <cyphar(a)cyphar.com> + Barnabás Pőcze <pobrn(a)protonmail.com> + David Rheinsberg <david(a)readahead.eu> + +Since Linux introduced the memfd feature, memfd have always had their +execute bit set, and the memfd_create() syscall doesn't allow setting +it differently. + +However, in a secure by default system, such as ChromeOS, (where all +executables should come from the rootfs, which is protected by Verified +boot), this executable nature of memfd opens a door for NoExec bypass +and enables “confused deputy attack”. E.g, in VRP bug [1]: cros_vm +process created a memfd to share the content with an external process, +however the memfd is overwritten and used for executing arbitrary code +and root escalation. [2] lists more VRP in this kind. + +On the other hand, executable memfd has its legit use, runc uses memfd’s +seal and executable feature to copy the contents of the binary then +execute them, for such system, we need a solution to differentiate runc's +use of executable memfds and an attacker's [3]. + +To address those above. + - Let memfd_create() set X bit at creation time. + - Let memfd be sealed for modifying X bit when NX is set. + - A new pid namespace sysctl: vm.memfd_noexec to help applications to + migrating and enforcing non-executable MFD. + +User API +======== +``int memfd_create(const char *name, unsigned int flags)`` + +``MFD_NOEXEC_SEAL`` + When MFD_NOEXEC_SEAL bit is set in the ``flags``, memfd is created + with NX. F_SEAL_EXEC is set and the memfd can't be modified to + add X later. + This is the most common case for the application to use memfd. + +``MFD_EXEC`` + When MFD_EXEC bit is set in the ``flags``, memfd is created with X. + +Note: + ``MFD_NOEXEC_SEAL`` and ``MFD_EXEC`` doesn't change the sealable + characteristic of memfd, which is controlled by ``MFD_ALLOW_SEALING``. + + +Sysctl: +======== +``pid namespaced sysctl vm.memfd_noexec`` + +The new pid namespaced sysctl vm.memfd_noexec has 3 values: + + - 0: MEMFD_NOEXEC_SCOPE_EXEC + memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like + MFD_EXEC was set. + + - 1: MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL + memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like + MFD_NOEXEC_SEAL was set. + + - 2: MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED + memfd_create() without MFD_NOEXEC_SEAL will be rejected. + +The sysctl allows finer control of memfd_create for old-software that +doesn't set the executable bit, for example, a container with +vm.memfd_noexec=1 means the old-software will create non-executable memfd +by default while new-software can create executable memfd by setting +MFD_EXEC. + +The value of memfd_noexec is passed to child namespace at creation time, +in addition, the setting is hierarchical, i.e. during memfd_create, +we will search from current ns to root ns and use the most restrictive +setting. + +Reference: +========== +[1] https://crbug.com/1305267 + +[2] https://bugs.chromium.org/p/chromium/issues/list?q=type%3Dbug-security%20me… + +[3] https://lwn.net/Articles/781013/ -- 2.45.1.288.g0e0cd299f1-goog

11 months, 1 week

2
1
0 0

Re: [PATCH v2] net: usb: ax88179_178a: avoid writing the mac address before first reading

by Jeffery Miller

Hello José, I'm testing on the 6.6 kernel with a "0b95:1790 ASIX Electronics Corp. AX88179 Gigabit Ethernet" device. after applying commit 56f78615bcb1 ("net: usb: ax88179_178a: avoid writing the mac address before first reading") the network will no longer work after brining the device down. After plugging in the device, it generally will work with ifconfig: $ ifconfig eth0 <ip address> However, if I then try bringing the devcie down and back up, it no longer works. $ ifconfig eth0 down $ ifconfig eth0 <ip address> $ ethtool eth0 | grep detected Link detected: no The link will continue to report as undetected. If I revert 56f78615bcb1 the device will work after bringing it down and back up. If I build at commit d7a319889498 ("net: usb: ax88179_178a: avoid two consecutive device resets") and its parent d7a319889498^ these also work. Is this something you have seen before with your test devices? Regards, Jeff

11 months, 1 week

2
2
0 0

[PATCH 0/4] LoongArch: Bootloader interface fixes

by Jiaxun Yang

Hi all, This series fixed some issues on bootloader - kernel interface. The first two fixed booting with devicetree, the last two enhanced kernel's tolerance on different bootloader implementation. Please review. Thanks Signed-off-by: Jiaxun Yang <jiaxun.yang(a)flygoat.com> --- Jiaxun Yang (4): LoongArch: Fix built-in DTB detection LoongArch: smp: Add all CPUs enabled by fdt to NUMA node 0 LoongArch: Fix entry point in image header LoongArch: Clear higher address bits in JUMP_VIRT_ADDR arch/loongarch/include/asm/stackframe.h | 4 +++- arch/loongarch/kernel/head.S | 2 +- arch/loongarch/kernel/setup.c | 6 ++++-- arch/loongarch/kernel/smp.c | 5 ++++- 4 files changed, 12 insertions(+), 5 deletions(-) --- base-commit: 124cfbcd6d185d4f50be02d5f5afe61578916773 change-id: 20240521-loongarch-booting-fixes-366e13e7ca55 Best regards, -- Jiaxun Yang <jiaxun.yang(a)flygoat.com>

11 months, 1 week

2
5
0 0

[PATCH stable 4.19] mmc: core: Do not force a retune before RPMB switch

by Florian Fainelli

From: Jorge Ramirez-Ortiz <jorge(a)foundries.io> commit 67380251e8bbd3302c64fea07f95c31971b91c22 upstream Requesting a retune before switching to the RPMB partition has been observed to cause CRC errors on the RPMB reads (-EILSEQ). Since RPMB reads can not be retried, the clients would be directly affected by the errors. This commit disables the retune request prior to switching to the RPMB partition: mmc_retune_pause() no longer triggers a retune before the pause period begins. This was verified with the sdhci-of-arasan driver (ZynqMP) configured for HS200 using two separate eMMC cards (DG4064 and 064GB2). In both cases, the error was easy to reproduce triggering every few tenths of reads. With this commit, systems that were utilizing OP-TEE to access RPMB variables will experience an enhanced performance. Specifically, when OP-TEE is configured to employ RPMB as a secure storage solution, it not only writes the data but also the secure filesystem within the partition. As a result, retrieving any variable involves multiple RPMB reads, typically around five. For context, on ZynqMP, each retune request consumed approximately 8ms. Consequently, reading any RPMB variable used to take at the very minimum 40ms. After droping the need to retune before switching to the RPMB partition, this is no longer the case. Signed-off-by: Jorge Ramirez-Ortiz <jorge(a)foundries.io> Acked-by: Avri Altman <avri.altman(a)wdc.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240103112911.2954632-1-jorge@foundries.io Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> --- drivers/mmc/core/host.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/mmc/core/host.c b/drivers/mmc/core/host.c index 3e94401c0eb3..23d95d2bdf05 100644 --- a/drivers/mmc/core/host.c +++ b/drivers/mmc/core/host.c @@ -68,13 +68,12 @@ void mmc_retune_enable(struct mmc_host *host) /* * Pause re-tuning for a small set of operations. The pause begins after the - * next command and after first doing re-tuning. + * next command. */ void mmc_retune_pause(struct mmc_host *host) { if (!host->retune_paused) { host->retune_paused = 1; - mmc_retune_needed(host); mmc_retune_hold(host); } } -- 2.34.1

11 months, 1 week

1
5
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2024