- Linux-stable-mirror - lists.linaro.org

by CKI

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: 65f42a73e553 Linux 4.20.6 The results of these automated tests are provided below. Overall result: FAILED (see details below) Patch merge: OK Compile: FAILED We attempted to compile the kernel for multiple architectures, but the compile failed on one or more architectures: s390x: FAILED (build log attached: build_s390.log.gz) powerpc64le: FAILED (build log attached: build_powerpc.log.gz) aarch64: FAILED (build log attached: build_arm64.log.gz) x86_64: FAILED (build log attached: build_x86_64.log.gz) We hope that these logs can help you find the problem quickly. For the full detail on our testing procedures, please scroll to the bottom of this message. Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out a ref: Repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Ref: 65f42a73e553 Linux 4.20.6 We then merged the following patches with `git am`: drm-msm-gpu-fix-building-without-debugfs.patch ipv6-sr-clear-ip6cb-skb-on-srh-ip4ip6-encapsulation.patch ipvlan-l3mdev-fix-broken-l3s-mode-wrt-local-routes.patch l2tp-copy-4-more-bytes-to-linear-part-if-necessary.patch l2tp-fix-reading-optional-fields-of-l2tpv3.patch net-ip_gre-always-reports-o_key-to-userspace.patch net-ip_gre-use-erspan-key-field-for-tunnel-lookup.patch net-ipv6-don-t-return-positive-numbers-when-nothing-was-dumped.patch net-mlx4_core-add-masking-for-a-few-queries-on-hca-caps.patch netrom-switch-to-sock-timer-api.patch net-rose-fix-null-ax25_cb-kernel-panic.patch net-set-default-network-namespace-in-init_dummy_netdev.patch ravb-expand-rx-descriptor-data-to-accommodate-hw-checksum.patch sctp-improve-the-events-for-sctp-stream-reset.patch tun-move-the-call-to-tun_set_real_num_queues.patch ucc_geth-reset-bql-queue-when-stopping-device.patch vhost-fix-oob-in-get_rx_bufs.patch net-ip6_gre-always-reports-o_key-to-userspace.patch sctp-improve-the-events-for-sctp-stream-adding.patch net-mlx5e-allow-mac-invalidation-while-spoofchk-is-on.patch ip6mr-fix-notifiers-call-on-mroute_clean_tables.patch revert-net-mlx5e-e-switch-initialize-eswitch-only-if-eswitch-manager.patch sctp-set-chunk-transport-correctly-when-it-s-a-new-asoc.patch sctp-set-flow-sport-from-saddr-only-when-it-s-0.patch net-tls-fix-deadlock-in-free_resources-tx.patch net-tls-save-iv-in-tls_rec-for-async-crypto-requests.patch virtio_net-don-t-enable-napi-when-interface-is-down.patch virtio_net-don-t-call-free_old_xmit_skbs-for-xdp_frames.patch virtio_net-fix-not-restoring-real_num_rx_queues.patch virtio_net-fix-out-of-bounds-access-of-sq.patch virtio_net-don-t-process-redirected-xdp-frames-when-xdp-is-disabled.patch virtio_net-use-xdp_return_frame-to-free-xdp_frames-on-destroying-vqs.patch virtio_net-differentiate-sk_buff-and-xdp_frame-on-freeing.patch ipv6-consider-sk_bound_dev_if-when-binding-a-socket-to-an-address.patch cifs-do-not-count-enodata-as-failure-for-query-directory.patch cifs-fix-possible-oops-and-memory-leaks-in-async-io.patch cifs-fix-trace-command-logging-for-smb2-reads-and-writes.patch cifs-fix-use-after-free-of-the-lease-keys.patch cifs-do-not-consider-enodata-as-stat-failure-for-reads.patch fs-dcache-fix-incorrect-nr_dentry_unused-accounting-in-shrink_dcache_sb.patch iommu-vt-d-fix-memory-leak-in-intel_iommu_put_resv_regions.patch selftests-seccomp-enhance-per-arch-ptrace-syscall-skip-tests.patch nfs-fix-up-return-value-on-fatal-errors-in-nfs_page_async_flush.patch arm-cns3xxx-fix-writing-to-wrong-pci-config-registers-after-alignment.patch arm64-kaslr-ensure-randomized-quantities-are-clean-also-when-kaslr-is-off.patch arm64-do-not-issue-ipis-for-user-executable-ptes.patch arm64-hyp-stub-forbid-kprobing-of-the-hyp-stub.patch arm64-hibernate-clean-the-__hyp_text-to-poc-after-resume.patch gpio-altera-a10sr-set-proper-output-level-for-direction_output.patch gpiolib-fix-line-event-timestamps-for-nested-irqs.patch gpio-pcf857x-fix-interrupts-on-multiple-instances.patch gpio-sprd-fix-the-incorrect-data-register.patch gpio-sprd-fix-incorrect-irq-type-setting-for-the-async-eic.patch gfs2-revert-fix-loop-in-gfs2_rbm_find.patch mmc-bcm2835-fix-dma-channel-leak-on-probe-error.patch mmc-mediatek-fix-incorrect-register-setting-of-hs400_cmd_int_delay.patch alsa-usb-audio-add-opus-3-to-quirks-for-native-dsd-support.patch alsa-hda-realtek-fixed-hp_pin-no-value.patch alsa-pcm-fix-tight-loop-of-oss-capture-stream.patch ib-uverbs-fix-oops-upon-device-disassociation.patch ib-uverbs-fix-oops-in-uverbs_user_mmap_disassociate.patch ib-hfi1-remove-overly-conservative-vm_exec-flag-check.patch ib-hfi1-add-limit-test-for-rc-uc-send-via-loopback.patch platform-x86-asus-nb-wmi-map-0x35-to-key_screenlock.patch platform-x86-asus-nb-wmi-drop-mapping-of-0x33-and-0x.patch btrfs-clean-up-pending-block-groups-when-transaction-commit-aborts.patch btrfs-fix-deadlock-when-allocating-tree-block-during-leaf-node-split.patch btrfs-on-error-always-free-subvol_name-in-btrfs_mount.patch kernel-exit.c-release-ptraced-tasks-before-zap_pid_ns_processes.patch mm-hugetlb.c-teach-follow_hugetlb_page-to-handle-foll_nowait.patch oom-oom_reaper-do-not-enqueue-same-task-twice.patch mm-memory_hotplug-fix-scan_movable_pages-for-gigantic-hugepages.patch mm-oom-fix-use-after-free-in-oom_kill_process.patch mm-hwpoison-use-do_send_sig_info-instead-of-force_sig.patch mm-migrate-don-t-rely-on-__pagemovable-of-newpage-after-unlocking-it.patch Compile testing --------------- We compiled the kernel for 4 architectures: s390x: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: powerpc64le: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: aarch64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: x86_64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: Hardware testing ---------------- We booted each kernel and ran the following tests: s390: powerpc: arm64: x86_64:

6 years, 7 months

3
2
0 0

[PATCH v2] mtd: rawnand: gpmi: fix MX28 bus master lockup problem

by Martin Kepplinger

Disable BCH soft reset according to MX23 erratum #2847 ("BCH soft reset may cause bus master lock up") for MX28 too. It has the same problem. Observed problem: once per 100,000+ MX28 reboots NAND read failed on DMA timeout errors: [ 1.770823] UBI: attaching mtd3 to ubi0 [ 2.768088] gpmi_nand: DMA timeout, last DMA :1 [ 3.958087] gpmi_nand: BCH timeout, last DMA :1 [ 4.156033] gpmi_nand: Error in ECC-based read: -110 [ 4.161136] UBI warning: ubi_io_read: error -110 while reading 64 bytes from PEB 0:0, read only 0 bytes, retry [ 4.171283] step 1 error [ 4.173846] gpmi_nand: Chip: 0, Error -1 Without BCH soft reset we successfully executed 1,000,000 MX28 reboots. I have a quote from NXP regarding this problem, from July 18th 2016: "As the i.MX23 and i.MX28 are of the same generation, they share many characteristics. Unfortunately, also the erratas may be shared. In case of the documented erratas and the workarounds, you can also apply the workaround solution of one device on the other one. This have been reported, but I’m afraid that there are not an estimated date for updating the Errata documents. Please accept our apologies for any inconveniences this may cause." Fixes: 6f2a6a52560a ("mtd: nand: gpmi: reset BCH earlier, too, to avoid NAND startup problems") Cc: stable(a)vger.kernel.org Signed-off-by: Manfred Schlaegl <manfred.schlaegl(a)ginzinger.com> Signed-off-by: Martin Kepplinger <martin.kepplinger(a)ginzinger.com> Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Reviewed-by: Fabio Estevam <festevam(a)gmail.com> --- revision history ---------------- v2: add Fixes tag, Cc stable and add recent Reviewed-by tags drivers/mtd/nand/raw/gpmi-nand/gpmi-lib.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/drivers/mtd/nand/raw/gpmi-nand/gpmi-lib.c b/drivers/mtd/nand/raw/gpmi-nand/gpmi-lib.c index bd4cfac6b5aa..a4768df5083f 100644 --- a/drivers/mtd/nand/raw/gpmi-nand/gpmi-lib.c +++ b/drivers/mtd/nand/raw/gpmi-nand/gpmi-lib.c @@ -155,9 +155,10 @@ int gpmi_init(struct gpmi_nand_data *this) /* * Reset BCH here, too. We got failures otherwise :( - * See later BCH reset for explanation of MX23 handling + * See later BCH reset for explanation of MX23 and MX28 handling */ - ret = gpmi_reset_block(r->bch_regs, GPMI_IS_MX23(this)); + ret = gpmi_reset_block(r->bch_regs, + GPMI_IS_MX23(this) || GPMI_IS_MX28(this)); if (ret) goto err_out; @@ -263,12 +264,10 @@ int bch_set_geometry(struct gpmi_nand_data *this) /* * Due to erratum #2847 of the MX23, the BCH cannot be soft reset on this * chip, otherwise it will lock up. So we skip resetting BCH on the MX23. - * On the other hand, the MX28 needs the reset, because one case has been - * seen where the BCH produced ECC errors constantly after 10000 - * consecutive reboots. The latter case has not been seen on the MX23 - * yet, still we don't know if it could happen there as well. + * and MX28. */ - ret = gpmi_reset_block(r->bch_regs, GPMI_IS_MX23(this)); + ret = gpmi_reset_block(r->bch_regs, + GPMI_IS_MX23(this) || GPMI_IS_MX28(this)); if (ret) goto err_out; -- 2.20.1

6 years, 7 months

4
3
0 0

[PATCH] mtd: Make sure mtd->erasesize is valid even if the partition is of size 0

by Boris Brezillon

Commit 33f45c44d68b ("mtd: Do not allow MTD devices with inconsistent erase properties") introduced a check to make sure ->erasesize and ->_erase values are consistent with the MTD_NO_ERASE flag. This patch did not take the 0 bytes partition case into account which can happen when the defined partition is outside the flash device memory range. Fix that by setting the partition erasesize to the parent erasesize. Fixes: 33f45c44d68b ("mtd: Do not allow MTD devices with inconsistent erase properties") Reported-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: <stable(a)vger.kernel.org> Cc: Geert Uytterhoeven <geert(a)linux-m68k.org> Signed-off-by: Boris Brezillon <bbrezillon(a)kernel.org> --- drivers/mtd/mtdpart.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/mtd/mtdpart.c b/drivers/mtd/mtdpart.c index e6d9467f6be0..37f174ccbcec 100644 --- a/drivers/mtd/mtdpart.c +++ b/drivers/mtd/mtdpart.c @@ -480,6 +480,10 @@ static struct mtd_part *allocate_partition(struct mtd_info *parent, /* let's register it anyway to preserve ordering */ slave->offset = 0; slave->mtd.size = 0; + + /* Initialize ->erasesize to make add_mtd_device() happy. */ + slave->mtd.erasesize = parent->erasesize; + printk(KERN_ERR"mtd: partition \"%s\" is out of reach -- disabled\n", part->name); goto out_register; -- 2.17.1

6 years, 7 months

3
2
0 0

[PATCH] pinctrl: qcom: qcs404: Correct SDC tile

by Bjorn Andersson

The SDC controls live in the south tile, not the north one. Correct this so that we program the right registers. Cc: stable(a)vger.kernel.org Fixes: 22eb8301dbc1 ("pinctrl: qcom: Add qcs404 pinctrl driver") Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> --- drivers/pinctrl/qcom/pinctrl-qcs404.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pinctrl/qcom/pinctrl-qcs404.c b/drivers/pinctrl/qcom/pinctrl-qcs404.c index 7aae52a09ff0..4ffd56ff809e 100644 --- a/drivers/pinctrl/qcom/pinctrl-qcs404.c +++ b/drivers/pinctrl/qcom/pinctrl-qcs404.c @@ -79,7 +79,7 @@ enum { .intr_cfg_reg = 0, \ .intr_status_reg = 0, \ .intr_target_reg = 0, \ - .tile = NORTH, \ + .tile = SOUTH, \ .mux_bit = -1, \ .pull_bit = pull, \ .drv_bit = drv, \ -- 2.18.0

6 years, 7 months

3
2
0 0

[PATCH -fixes] drm/i915: Try to sanitize bogus DPLL state left over by broken SNB BIOSen

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Certain SNB machines (eg. ASUS K53SV) seem to have a broken BIOS which misprograms the hardware badly when encountering a suitably high resolution display. The programmed pipe timings are somewhat bonkers and the DPLL is totally misprogrammed (P divider == 0). That will result in atomic commit timeouts as apparently the pipe is sufficiently stuck to not signal vblank interrupts. IIRC something like this was also observed on some other SNB machine years ago (might have been a Dell XPS 8300) but a BIOS update cured it. Sadly looks like this was never fixed for the ASUS K53SV as the latest BIOS (K53SV.320 11/11/2011) is still broken. The quickest way to deal with this seems to be to shut down the pipe+ports+DPLL. Unfortunately doing this during the normal sanitization phase isn't quite soon enough as we already spew several WARNs about the bogus hardware state. But it's better than hanging the boot for a few dozen seconds. Since this is limited to a few old machines it doesn't seem entirely worthwile to try and rework the readout+sanitization code to handle it more gracefully. v2: Fix potential NULL deref (kbuild test robot) Constify has_bogus_dpll_config() Cc: stable(a)vger.kernel.org # v4.20+ Cc: Daniel Kamil Kozar <dkk089(a)gmail.com> Reported-by: Daniel Kamil Kozar <dkk089(a)gmail.com> Tested-by: Daniel Kamil Kozar <dkk089(a)gmail.com> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=109245 Fixes: 516a49cc1946 ("drm/i915: Fix assert_plane() warning on bootup with external display") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20190111174950.10681-1-ville.… Reviewed-by: Mika Kahola <mika.kahola(a)intel.com> (cherry picked from commit 7bed8adcd9f86231bb69bbc02f88ad89330f99e3) --- drivers/gpu/drm/i915/intel_display.c | 50 ++++++++++++++++++++++++---- 1 file changed, 44 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index 3da9c0f9e948..248128126422 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -15415,16 +15415,45 @@ static void intel_sanitize_crtc(struct intel_crtc *crtc, } } +static bool has_bogus_dpll_config(const struct intel_crtc_state *crtc_state) +{ + struct drm_i915_private *dev_priv = to_i915(crtc_state->base.crtc->dev); + + /* + * Some SNB BIOSen (eg. ASUS K53SV) are known to misprogram + * the hardware when a high res displays plugged in. DPLL P + * divider is zero, and the pipe timings are bonkers. We'll + * try to disable everything in that case. + * + * FIXME would be nice to be able to sanitize this state + * without several WARNs, but for now let's take the easy + * road. + */ + return IS_GEN6(dev_priv) && + crtc_state->base.active && + crtc_state->shared_dpll && + crtc_state->port_clock == 0; +} + static void intel_sanitize_encoder(struct intel_encoder *encoder) { struct drm_i915_private *dev_priv = to_i915(encoder->base.dev); struct intel_connector *connector; + struct intel_crtc *crtc = to_intel_crtc(encoder->base.crtc); + struct intel_crtc_state *crtc_state = crtc ? + to_intel_crtc_state(crtc->base.state) : NULL; /* We need to check both for a crtc link (meaning that the * encoder is active and trying to read from a pipe) and the * pipe itself being active. */ - bool has_active_crtc = encoder->base.crtc && - to_intel_crtc(encoder->base.crtc)->active; + bool has_active_crtc = crtc_state && + crtc_state->base.active; + + if (crtc_state && has_bogus_dpll_config(crtc_state)) { + DRM_DEBUG_KMS("BIOS has misprogrammed the hardware. Disabling pipe %c\n", + pipe_name(crtc->pipe)); + has_active_crtc = false; + } connector = intel_encoder_find_connector(encoder); if (connector && !has_active_crtc) { @@ -15435,16 +15464,25 @@ static void intel_sanitize_encoder(struct intel_encoder *encoder) /* Connector is active, but has no active pipe. This is * fallout from our resume register restoring. Disable * the encoder manually again. */ - if (encoder->base.crtc) { - struct drm_crtc_state *crtc_state = encoder->base.crtc->state; + if (crtc_state) { + struct drm_encoder *best_encoder; DRM_DEBUG_KMS("[ENCODER:%d:%s] manually disabled\n", encoder->base.base.id, encoder->base.name); + + /* avoid oopsing in case the hooks consult best_encoder */ + best_encoder = connector->base.state->best_encoder; + connector->base.state->best_encoder = &encoder->base; + if (encoder->disable) - encoder->disable(encoder, to_intel_crtc_state(crtc_state), connector->base.state); + encoder->disable(encoder, crtc_state, + connector->base.state); if (encoder->post_disable) - encoder->post_disable(encoder, to_intel_crtc_state(crtc_state), connector->base.state); + encoder->post_disable(encoder, crtc_state, + connector->base.state); + + connector->base.state->best_encoder = best_encoder; } encoder->base.crtc = NULL; -- 2.19.2

6 years, 7 months

2
1
0 0

[PATCH 1/1] Fix: arm: kprobes: optimized kprobes illegal instruction

by Mathieu Desnoyers

commit e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE") introduced a regression in optimized kprobes. It triggers "invalid instruction" oopses when using kprobes instrumentation through lttng and perf. This commit was introduced in kernel v4.20, and has been backported to stable kernels 4.19 and 4.14. This crash was also reported by Hongzhi Song on the redhat bugzilla where the patch was originally introduced. Link: https://bugzilla.redhat.com/show_bug.cgi?id=1639397 Link: https://bugs.lttng.org/issues/1174 Link: https://lore.kernel.org/lkml/342740659.2887.1549307721609.JavaMail.zimbra@e… Fixes: e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE") Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reported-by: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> Tested-by: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> Acked-by: Kees Cook <keescook(a)chromium.org> CC: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> CC: Masami Hiramatsu <mhiramat(a)kernel.org> CC: William Cohen <wcohen(a)redhat.com> CC: Laura Abbott <labbott(a)redhat.com> CC: Kees Cook <keescook(a)chromium.org> CC: Russell King <rmk+kernel(a)armlinux.org.uk> CC: <stable(a)vger.kernel.org> # v4.14+ CC: linux-arm-kernel(a)lists.infradead.org CC: patches(a)armlinux.org.uk --- KernelVersion: 5.0.0-rc5 arch/arm/probes/kprobes/opt-arm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/probes/kprobes/opt-arm.c b/arch/arm/probes/kprobes/opt-arm.c index 2c118a6ab358..0dc23fc227ed 100644 --- a/arch/arm/probes/kprobes/opt-arm.c +++ b/arch/arm/probes/kprobes/opt-arm.c @@ -247,7 +247,7 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op, struct kprobe *or } /* Copy arch-dep-instance from template. */ - memcpy(code, (unsigned char *)optprobe_template_entry, + memcpy(code, (unsigned long *)&optprobe_template_entry, TMPL_END_IDX * sizeof(kprobe_opcode_t)); /* Adjust buffer according to instruction. */ -- 2.11.0

6 years, 7 months

2
1
0 0

[PATCH] libnvdimm: Fix altmap reservation size calculation

by Oliver O'Halloran

Libnvdimm reserves the first 8K of pfn and devicedax namespaces to store a superblock describing the namespace. This 8K reservation is contained within the altmap area which the kernel uses for the vmemmap backing for the pages within the namespace. The altmap allows for some pages at the start of the altmap area to be reserved and that mechanism is used to protect the superblock from being re-used as vmemmap backing. The number of PFNs to reserve is calculated using: PHYS_PFN(SZ_8K) Which is implemented as: #define PHYS_PFN(x) ((unsigned long)((x) >> PAGE_SHIFT)) So on systems where PAGE_SIZE is greater than 8K the reservation size is truncated to zero and the superblock area is re-used as vmemmap backing. As a result all the namespace information stored in the superblock (i.e. if it's a PFN or DAX namespace) is lost and the namespace needs to be re-created to get access to the contents. This patch fixes this by using PFN_UP() rather than PHYS_PFN() to ensure that at least one page is reserved. On systems with a 4K pages size this patch should have no effect. Cc: stable(a)vger.kernel.org Cc: Dan Williams <dan.j.williams(a)intel.com> Fixes: ac515c084be9 ("libnvdimm, pmem, pfn: move pfn setup to the core") Signed-off-by: Oliver O'Halloran <oohall(a)gmail.com> --- --- drivers/nvdimm/pfn_devs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvdimm/pfn_devs.c b/drivers/nvdimm/pfn_devs.c index 6f22272e8d80..9b9be83da0e7 100644 --- a/drivers/nvdimm/pfn_devs.c +++ b/drivers/nvdimm/pfn_devs.c @@ -593,7 +593,7 @@ static unsigned long init_altmap_base(resource_size_t base) static unsigned long init_altmap_reserve(resource_size_t base) { - unsigned long reserve = PHYS_PFN(SZ_8K); + unsigned long reserve = PFN_UP(SZ_8K); unsigned long base_pfn = PHYS_PFN(base); reserve += base_pfn - PFN_SECTION_ALIGN_DOWN(base_pfn); -- 2.20.1

6 years, 7 months

3
3
0 0

[PATCH v2] tpm/st33zp24: Fix the name collisions in tpm_st33zp24_spi and tpm_i2c_infineon

by Jarkko Sakkinen

Rename TPM_BUFSIZE defined in drivers/char/tpm/st33zp24/st33zp24.h to ST33ZP24_BUFSIZE. Rename TPM_BUFSIZE defined in drivers/char/tpm/tpm_i2c_infineon.c to TPM_I2C_INFINEON_BUFSIZE. Cc: stable(a)vger.kernel.org Fixes: bf38b8710892 ("tpm/tpm_i2c_stm_st33: Split tpm_i2c_tpm_st33 in 2 layers (core + phy)") Fixes: aad628c1d91a ("char/tpm: Add new driver for Infineon I2C TIS TPM") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- v2: Fix also the name collision in tpm_ic2_infineon. drivers/char/tpm/st33zp24/i2c.c | 2 +- drivers/char/tpm/st33zp24/spi.c | 2 +- drivers/char/tpm/st33zp24/st33zp24.h | 4 ++-- drivers/char/tpm/tpm_i2c_infineon.c | 15 ++++++++------- 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/drivers/char/tpm/st33zp24/i2c.c b/drivers/char/tpm/st33zp24/i2c.c index be5d1abd3e8e..8390c5b54c3b 100644 --- a/drivers/char/tpm/st33zp24/i2c.c +++ b/drivers/char/tpm/st33zp24/i2c.c @@ -33,7 +33,7 @@ struct st33zp24_i2c_phy { struct i2c_client *client; - u8 buf[TPM_BUFSIZE + 1]; + u8 buf[ST33ZP24_BUFSIZE + 1]; int io_lpcpd; }; diff --git a/drivers/char/tpm/st33zp24/spi.c b/drivers/char/tpm/st33zp24/spi.c index d7909ab287a8..ff019a1e3c68 100644 --- a/drivers/char/tpm/st33zp24/spi.c +++ b/drivers/char/tpm/st33zp24/spi.c @@ -63,7 +63,7 @@ * some latency byte before the answer is available (max 15). * We have 2048 + 1024 + 15. */ -#define ST33ZP24_SPI_BUFFER_SIZE (TPM_BUFSIZE + (TPM_BUFSIZE / 2) +\ +#define ST33ZP24_SPI_BUFFER_SIZE (ST33ZP24_BUFSIZE + (ST33ZP24_BUFSIZE / 2) +\ MAX_SPI_LATENCY) diff --git a/drivers/char/tpm/st33zp24/st33zp24.h b/drivers/char/tpm/st33zp24/st33zp24.h index 6f4a4198af6a..20da0a84988d 100644 --- a/drivers/char/tpm/st33zp24/st33zp24.h +++ b/drivers/char/tpm/st33zp24/st33zp24.h @@ -18,8 +18,8 @@ #ifndef __LOCAL_ST33ZP24_H__ #define __LOCAL_ST33ZP24_H__ -#define TPM_WRITE_DIRECTION 0x80 -#define TPM_BUFSIZE 2048 +#define TPM_WRITE_DIRECTION 0x80 +#define ST33ZP24_BUFSIZE 2048 struct st33zp24_dev { struct tpm_chip *chip; diff --git a/drivers/char/tpm/tpm_i2c_infineon.c b/drivers/char/tpm/tpm_i2c_infineon.c index 9086edc9066b..b9d5a1dda8d2 100644 --- a/drivers/char/tpm/tpm_i2c_infineon.c +++ b/drivers/char/tpm/tpm_i2c_infineon.c @@ -26,8 +26,7 @@ #include <linux/wait.h> #include "tpm.h" -/* max. buffer size supported by our TPM */ -#define TPM_BUFSIZE 1260 +#define TPM_I2C_INFINEON_MAX_BUFSIZE 1260 /* max. number of iterations after I2C NAK */ #define MAX_COUNT 3 @@ -63,11 +62,13 @@ enum i2c_chip_type { UNKNOWN, }; -/* Structure to store I2C TPM specific stuff */ struct tpm_inf_dev { struct i2c_client *client; int locality; - u8 buf[TPM_BUFSIZE + sizeof(u8)]; /* max. buffer size + addr */ + /* In addition to the data itself, the buffer must fit the 7-bit I2C + * address and the direction bit. + */ + u8 buf[TPM_I2C_INFINEON_MAX_BUFSIZE + 1]; struct tpm_chip *chip; enum i2c_chip_type chip_type; unsigned int adapterlimit; @@ -219,7 +220,7 @@ static int iic_tpm_write_generic(u8 addr, u8 *buffer, size_t len, .buf = tpm_dev.buf }; - if (len > TPM_BUFSIZE) + if (len > TPM_I2C_INFINEON_MAX_BUFSIZE) return -EINVAL; if (!tpm_dev.client->adapter->algo->master_xfer) @@ -527,8 +528,8 @@ static int tpm_tis_i2c_send(struct tpm_chip *chip, u8 *buf, size_t len) u8 retries = 0; u8 sts = TPM_STS_GO; - if (len > TPM_BUFSIZE) - return -E2BIG; /* command is too long for our tpm, sorry */ + if (len > TPM_I2C_INFINEON_BUFSIZE) + return -E2BIG; if (request_locality(chip, 0) < 0) return -EBUSY; -- 2.19.1

6 years, 7 months

4
9
0 0

[PATCH 1/1] Fix: arm: kprobes: optimized kprobes illegal instruction

by Mathieu Desnoyers

commit e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE") introduced a regression in optimized kprobes. It triggers "invalid instruction" oopses when using kprobes instrumentation through lttng and perf. This commit was introduced in kernel v4.20, and has been backported to stable kernels 4.19 and 4.14. This crash was also reported by Hongzhi Song on the redhat bugzilla where the patch was originally introduced. Link: https://bugzilla.redhat.com/show_bug.cgi?id=1639397 Link: https://bugs.lttng.org/issues/1174 Link: https://lore.kernel.org/lkml/342740659.2887.1549307721609.JavaMail.zimbra@e… Fixes: e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE") Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reported-by: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> Tested-by: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> Acked-by: Kees Cook <keescook(a)chromium.org> CC: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> CC: Masami Hiramatsu <mhiramat(a)kernel.org> CC: William Cohen <wcohen(a)redhat.com> CC: Laura Abbott <labbott(a)redhat.com> CC: Kees Cook <keescook(a)chromium.org> CC: Russell King <rmk+kernel(a)armlinux.org.uk> CC: <stable(a)vger.kernel.org> # v4.14+ CC: linux-arm-kernel(a)lists.infradead.org CC: patches(a)armlinux.org.uk --- arch/arm/probes/kprobes/opt-arm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/probes/kprobes/opt-arm.c b/arch/arm/probes/kprobes/opt-arm.c index 2c118a6ab358..0dc23fc227ed 100644 --- a/arch/arm/probes/kprobes/opt-arm.c +++ b/arch/arm/probes/kprobes/opt-arm.c @@ -247,7 +247,7 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op, struct kprobe *or } /* Copy arch-dep-instance from template. */ - memcpy(code, (unsigned char *)optprobe_template_entry, + memcpy(code, (unsigned long *)&optprobe_template_entry, TMPL_END_IDX * sizeof(kprobe_opcode_t)); /* Adjust buffer according to instruction. */ -- 2.11.0

6 years, 7 months

1
0
0 0

[PATCH 1/1] Fix: arm: kprobes: optimized kprobes illegal instruction

by Mathieu Desnoyers

commit e46daee53bb5 "ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE" introduced a regression in optimized kprobes. It triggers "invalid instruction" oopses when using kprobes instrumentation through lttng and perf. This commit was introduced in kernel v4.20, and has been backported to stable kernels 4.19 and 4.14. This crash was also reported by Hongzhi Song on the redhat bugzilla where the patch was originally introduced. Link: https://bugzilla.redhat.com/show_bug.cgi?id=1639397 Link: https://bugs.lttng.org/issues/1174 Link: https://lore.kernel.org/lkml/342740659.2887.1549307721609.JavaMail.zimbra@e… Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reported-by: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> Tested-by: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> CC: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> CC: Masami Hiramatsu <mhiramat(a)kernel.org> CC: William Cohen <wcohen(a)redhat.com> CC: Laura Abbott <labbott(a)redhat.com> CC: Kees Cook <keescook(a)chromium.org> CC: Russell King <rmk+kernel(a)armlinux.org.uk> CC: <stable(a)vger.kernel.org> # v4.14+ --- arch/arm/probes/kprobes/opt-arm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/probes/kprobes/opt-arm.c b/arch/arm/probes/kprobes/opt-arm.c index 2c118a6ab358..0dc23fc227ed 100644 --- a/arch/arm/probes/kprobes/opt-arm.c +++ b/arch/arm/probes/kprobes/opt-arm.c @@ -247,7 +247,7 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op, struct kprobe *or } /* Copy arch-dep-instance from template. */ - memcpy(code, (unsigned char *)optprobe_template_entry, + memcpy(code, (unsigned long *)&optprobe_template_entry, TMPL_END_IDX * sizeof(kprobe_opcode_t)); /* Adjust buffer according to instruction. */ -- 2.11.0

6 years, 7 months

2
2
0 0

[PATCH 4.4 00/65] 4.4.173-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.173 release. There are 65 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Feb 6 10:35:30 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.173-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.173-rc1 Dan Carpenter <dan.carpenter(a)oracle.com> ipv4: frags: precedence bug in ip_expire() Taehee Yoo <ap420073(a)gmail.com> ip: frags: fix crash in ip_do_fragment() Michal Kubecek <mkubecek(a)suse.cz> net: ipv4: do not handle duplicate fragments as overlapping Peter Oskolkov <posk(a)google.com> ip: process in-order fragments efficiently Peter Oskolkov <posk(a)google.com> ip: add helpers to process in-order fragments faster. Florian Westphal <fw(a)strlen.de> ipv6: defrag: drop non-last frags smaller than min mtu Peter Oskolkov <posk(a)google.com> ip: use rb trees for IP frag queue. Eric Dumazet <edumazet(a)google.com> inet: frags: get rif of inet_frag_evicting() Peter Oskolkov <posk(a)google.com> net: modify skb_rbtree_purge to return the truesize of all purged skbs. Peter Oskolkov <posk(a)google.com> ip: discard IPv4 datagrams with overlapping segments. Dave Chinner <dchinner(a)redhat.com> fs: don't scan the inode cache before SB_BORN is set David Hildenbrand <david(a)redhat.com> mm: migrate: don't rely on __PageMovable() of newpage after unlocking it Benjamin Herrenschmidt <benh(a)kernel.crashing.org> drivers: core: Remove glue dirs from sysfs earlier Paulo Alcantara <paulo(a)paulo.ac> cifs: Always resolve hostname before reconnecting Shakeel Butt <shakeelb(a)google.com> mm, oom: fix use-after-free in oom_kill_process Andrei Vagin <avagin(a)gmail.com> kernel/exit.c: release ptraced tasks before zap_pid_ns_processes Stefan Wahren <stefan.wahren(a)i2se.com> mmc: sdhci-iproc: handle mmc_of_parse() errors during probe João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "Fix loop in gfs2_rbm_find" James Morse <james.morse(a)arm.com> arm64: hyp-stub: Forbid kprobing of the hyp-stub Koen Vandeputte <koen.vandeputte(a)ncentric.com> ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment Waiman Long <longman(a)redhat.com> fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Do not count -ENODATA as failure for query directory Jacob Wen <jian.w.wen(a)oracle.com> l2tp: fix reading optional fields of L2TPv3 Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> l2tp: remove l2specific_len dependency in l2tp_core Mathias Thore <mathias.thore(a)infinera.com> ucc_geth: Reset BQL queue when stopping device Bernard Pidoux <f6bvp(a)free.fr> net/rose: fix NULL ax25_cb kernel panic Cong Wang <xiyou.wangcong(a)gmail.com> netrom: switch to sock timer API Aya Levin <ayal(a)mellanox.com> net/mlx4_core: Add masking for a few queries on HCA caps Jacob Wen <jian.w.wen(a)oracle.com> l2tp: copy 4 more bytes to linear part if necessary David Ahern <dsahern(a)gmail.com> ipv6: Consider sk_bound_dev_if when binding a socket to an address Jimmy Durand Wesolowski <jdw(a)amazon.de> fs: add the fsnotify call to vfs_iter_write David Hildenbrand <david(a)redhat.com> s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "loop: Fold __loop_release into loop_release" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "loop: Get rid of loop_index_mutex" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" Pan Bian <bianpan2016(a)163.com> f2fs: read page index before freeing Shaokun Zhang <zhangshaokun(a)hisilicon.com> arm64: mm: remove page_mapping check in __sync_icache_dcache Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size Milian Wolff <milian.wolff(a)kdab.com> perf unwind: Take pgoff into account when reporting elf to libdwfl Martin Vuille <jpmv27(a)aim.com> perf unwind: Unwind with libdw doesn't take symfs into account Nicolas Pitre <nicolas.pitre(a)linaro.org> vt: invoke notifier on screen size change Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: check timer values before ktime conversion Manfred Schlaegl <manfred.schlaegl(a)ginzinger.com> can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it Daniel Drake <drake(a)endlessm.com> x86/kaslr: Fix incorrect i8254 outb() parameters Alexander Popov <alex.popov(a)linux.com> KVM: x86: Fix single-step debugging Tom Panfil <tom(a)steelseries.com> Input: xpad - add support for SteelSeries Stratus Duo Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix possible hang during async MTU reads and writes Paul Fulghum <paulkf(a)microgate.com> tty/n_hdlc: fix __might_sleep warning Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> tty: Handle problem if line discipline does not have receive_buf Michael Straube <straube.linux(a)gmail.com> staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> char/mwave: fix potential Spectre v1 vulnerability Gerald Schaefer <gerald.schaefer(a)de.ibm.com> s390/smp: fix CPU hotplug deadlock with CPU rescan Christian Borntraeger <borntraeger(a)de.ibm.com> s390/early: improve machine detection Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARC: perf: map generic branches to correct hardware condition Kangjie Lu <kjlu(a)umn.edu> ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages Charles Yeh <charlesyeh522(a)gmail.com> USB: serial: pl2303: add new PID to support PL2303TB Max Schulze <max.schulze(a)posteo.de> USB: serial: simple: add Motorola Tetra TPG2200 device id Vijay Viswanath <vviswana(a)codeaurora.org> mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS Yunjian Wang <wangyunjian(a)huawei.com> net: bridge: Fix ethernet header pointer before check skb forwardable Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: refetch skb protocol for each filter Ido Schimmel <idosch(a)mellanox.com> net: ipv4: Fix memory leak in network namespace dismantle Ross Lagerwall <ross.lagerwall(a)citrix.com> openvswitch: Avoid OOB read when parsing flow nlattrs Ross Lagerwall <ross.lagerwall(a)citrix.com> net: Fix usage of pskb_trim_rcsum ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/perf_event.h | 3 +- arch/arm/mach-cns3xxx/pcie.c | 2 +- arch/arm64/kernel/hyp-stub.S | 2 + arch/arm64/mm/flush.c | 4 - arch/s390/kernel/early.c | 4 +- arch/s390/kernel/setup.c | 2 + arch/s390/kernel/smp.c | 12 +- arch/x86/boot/compressed/aslr.c | 4 +- arch/x86/kvm/x86.c | 3 +- drivers/base/core.c | 2 + drivers/block/loop.c | 47 +-- drivers/char/mwave/mwavedd.c | 7 + drivers/input/joystick/xpad.c | 3 + drivers/irqchip/irq-gic-v3-its.c | 25 +- drivers/mmc/host/Kconfig | 1 + drivers/mmc/host/sdhci-iproc.c | 5 +- drivers/net/can/dev.c | 27 +- drivers/net/ethernet/freescale/ucc_geth.c | 2 + drivers/net/ethernet/mellanox/mlx4/fw.c | 75 +++-- drivers/net/ppp/pppoe.c | 1 + drivers/platform/x86/asus-nb-wmi.c | 3 +- drivers/s390/char/sclp_config.c | 2 + drivers/staging/rtl8188eu/os_dep/usb_intf.c | 1 + drivers/tty/n_hdlc.c | 1 + drivers/tty/tty_io.c | 3 +- drivers/tty/vt/vt.c | 1 + drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 2 + drivers/usb/serial/usb-serial-simple.c | 3 +- fs/cifs/connect.c | 53 ++++ fs/cifs/smb2ops.c | 6 +- fs/cifs/smb2pdu.c | 4 +- fs/dcache.c | 6 +- fs/f2fs/node.c | 4 +- fs/gfs2/rgrp.c | 2 +- fs/read_write.c | 4 +- fs/super.c | 30 +- include/linux/kobject.h | 17 ++ include/linux/skbuff.h | 5 +- include/net/inet_frag.h | 12 +- include/net/ip_fib.h | 2 +- include/uapi/linux/snmp.h | 1 + kernel/exit.c | 12 +- mm/migrate.c | 7 +- mm/oom_kill.c | 8 + net/bridge/br_forward.c | 7 +- net/bridge/br_netfilter_ipv6.c | 1 + net/bridge/netfilter/nft_reject_bridge.c | 1 + net/can/bcm.c | 27 ++ net/core/skbuff.c | 6 +- net/ipv4/fib_frontend.c | 4 +- net/ipv4/fib_trie.c | 14 +- net/ipv4/inet_fragment.c | 16 +- net/ipv4/ip_fragment.c | 410 ++++++++++++++++----------- net/ipv4/ip_input.c | 1 + net/ipv4/proc.c | 1 + net/ipv6/af_inet6.c | 3 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 + net/ipv6/reassembly.c | 9 +- net/l2tp/l2tp_core.c | 43 +-- net/l2tp/l2tp_core.h | 31 ++ net/l2tp/l2tp_ip.c | 3 + net/l2tp/l2tp_ip6.c | 3 + net/netrom/nr_timer.c | 20 +- net/openvswitch/flow_netlink.c | 2 +- net/rose/rose_route.c | 5 + net/sched/sch_api.c | 3 +- sound/soc/intel/atom/sst-mfld-platform-pcm.c | 8 +- tools/perf/util/unwind-libdw.c | 4 +- 70 files changed, 706 insertions(+), 347 deletions(-)

6 years, 7 months

5
72
0 0

[PATCH 1/8] perf tests evsel-tp-sched: Fix bitwise operator

by Arnaldo Carvalho de Melo

From: "Gustavo A. R. Silva" <gustavo(a)embeddedor.com> Notice that the use of the bitwise OR operator '|' always leads to true in this particular case, which seems a bit suspicious due to the context in which this expression is being used. Fix this by using bitwise AND operator '&' instead. This bug was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva <gustavo(a)embeddedor.com> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: Namhyung Kim <namhyung(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Fixes: 6a6cd11d4e57 ("perf test: Add test for the sched tracepoint format fields") Link: http://lkml.kernel.org/r/20190122233439.GA5868@embeddedor Signed-off-by: Arnaldo Carvalho de Melo <acme(a)redhat.com> --- tools/perf/tests/evsel-tp-sched.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/tests/evsel-tp-sched.c b/tools/perf/tests/evsel-tp-sched.c index 5f8501c68da4..5cbba70bcdd0 100644 --- a/tools/perf/tests/evsel-tp-sched.c +++ b/tools/perf/tests/evsel-tp-sched.c @@ -17,7 +17,7 @@ static int perf_evsel__test_field(struct perf_evsel *evsel, const char *name, return -1; } - is_signed = !!(field->flags | TEP_FIELD_IS_SIGNED); + is_signed = !!(field->flags & TEP_FIELD_IS_SIGNED); if (should_be_signed && !is_signed) { pr_debug("%s: \"%s\" signedness(%d) is wrong, should be %d\n", evsel->name, name, is_signed, should_be_signed); -- 2.20.1

6 years, 7 months

1
0
0 0

[PATCH 4.20 00/80] 4.20.7-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.20.7 release. There are 80 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Feb 6 10:35:33 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.20.7-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.20.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.20.7-rc1 Paulo Alcantara <paulo(a)paulo.ac> cifs: Always resolve hostname before reconnecting Alexei Naberezhnov <anaberezhnov(a)fb.com> md/raid5: fix 'out of memory' during raid cache recovery Frank Rowand <frank.rowand(a)sony.com> of: overlay: do not duplicate properties from overlay for new nodes Frank Rowand <frank.rowand(a)sony.com> of: overlay: use prop add changeset entry for property in new nodes Frank Rowand <frank.rowand(a)sony.com> of: overlay: add missing of_node_get() in __of_attach_node_sysfs Frank Rowand <frank.rowand(a)sony.com> of: overlay: add tests to validate kfrees from overlay removal David Hildenbrand <david(a)redhat.com> mm: migrate: don't rely on __PageMovable() of newpage after unlocking it Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> mm: hwpoison: use do_send_sig_info() instead of force_sig() Shakeel Butt <shakeelb(a)google.com> mm, oom: fix use-after-free in oom_kill_process Oscar Salvador <osalvador(a)suse.de> mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> oom, oom_reaper: do not enqueue same task twice Andrea Arcangeli <aarcange(a)redhat.com> mm/hugetlb.c: teach follow_hugetlb_page() to handle FOLL_NOWAIT Andrei Vagin <avagin(a)gmail.com> kernel/exit.c: release ptraced tasks before zap_pid_ns_processes Eric W. Biederman <ebiederm(a)xmission.com> btrfs: On error always free subvol_name in btrfs_mount Filipe Manana <fdmanana(a)suse.com> Btrfs: fix deadlock when allocating tree block during leaf/node split João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Add limit test for RC/UC send via loopback Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Remove overly conservative VM_EXEC flag check Yishai Hadas <yishaih(a)mellanox.com> IB/uverbs: Fix OOPs in uverbs_user_mmap_disassociate Yishai Hadas <yishaih(a)mellanox.com> IB/uverbs: Fix OOPs upon device disassociation Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix tight loop of OSS capture stream Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed hp_pin no value Olek Poplavsky <woodenbits(a)gmail.com> ALSA: usb-audio: Add Opus #3 to quirks for native DSD support Chaotian Jing <chaotian.jing(a)mediatek.com> mmc: mediatek: fix incorrect register setting of hs400_cmd_int_delay Lukas Wunner <lukas(a)wunner.de> mmc: bcm2835: Fix DMA channel leak on probe error Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "Fix loop in gfs2_rbm_find" Neo Hou <neo.hou(a)unisoc.com> gpio: sprd: Fix incorrect irq type setting for the async EIC Neo Hou <neo.hou(a)unisoc.com> gpio: sprd: Fix the incorrect data register Roger Quadros <rogerq(a)ti.com> gpio: pcf857x: Fix interrupts on multiple instances Bartosz Golaszewski <bgolaszewski(a)baylibre.com> gpiolib: fix line event timestamps for nested irqs Axel Lin <axel.lin(a)ingics.com> gpio: altera-a10sr: Set proper output level for direction_output James Morse <james.morse(a)arm.com> arm64: hibernate: Clean the __hyp_text to PoC after resume James Morse <james.morse(a)arm.com> arm64: hyp-stub: Forbid kprobing of the hyp-stub Catalin Marinas <catalin.marinas(a)arm.com> arm64: Do not issue IPIs for user executable ptes Ard Biesheuvel <ard.biesheuvel(a)linaro.org> arm64: kaslr: ensure randomized quantities are clean also when kaslr is off Koen Vandeputte <koen.vandeputte(a)ncentric.com> ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment Trond Myklebust <trondmy(a)gmail.com> NFS: Fix up return value on fatal errors in nfs_page_async_flush() Kees Cook <keescook(a)chromium.org> selftests/seccomp: Enhance per-arch ptrace syscall skip tests Gerald Schaefer <gerald.schaefer(a)de.ibm.com> iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() Waiman Long <longman(a)redhat.com> fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Do not consider -ENODATA as stat failure for reads Aurelien Aptel <aaptel(a)suse.com> CIFS: fix use-after-free of the lease keys Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix trace command logging for SMB2 reads and writes Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix possible oops and memory leaks in async IO Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Do not count -ENODATA as failure for query directory David Ahern <dsahern(a)gmail.com> ipv6: Consider sk_bound_dev_if when binding a socket to an address Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Differentiate sk_buff and xdp_frame on freeing Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Use xdp_return_frame to free xdp_frames on destroying vqs Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Don't process redirected XDP frames when XDP is disabled Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Fix out of bounds access of sq Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Fix not restoring real_num_rx_queues Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Don't call free_old_xmit_skbs for xdp_frames Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Don't enable NAPI when interface is down Dave Watson <davejwatson(a)fb.com> net: tls: Save iv in tls_rec for async crypto requests Dave Watson <davejwatson(a)fb.com> net: tls: Fix deadlock in free_resources tx Xin Long <lucien.xin(a)gmail.com> sctp: set flow sport from saddr only when it's 0 Xin Long <lucien.xin(a)gmail.com> sctp: set chunk transport correctly when it's a new asoc Bodong Wang <bodong(a)mellanox.com> Revert "net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager" Nir Dotan <nird(a)mellanox.com> ip6mr: Fix notifiers call on mroute_clean_tables() Aya Levin <ayal(a)mellanox.com> net/mlx5e: Allow MAC invalidation while spoofchk is ON Xin Long <lucien.xin(a)gmail.com> sctp: improve the events for sctp stream adding Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> net: ip6_gre: always reports o_key to userspace Jason Wang <jasowang(a)redhat.com> vhost: fix OOB in get_rx_bufs() Mathias Thore <mathias.thore(a)infinera.com> ucc_geth: Reset BQL queue when stopping device George Amanakis <gamanakis(a)gmail.com> tun: move the call to tun_set_real_num_queues Xin Long <lucien.xin(a)gmail.com> sctp: improve the events for sctp stream reset Simon Horman <horms+renesas(a)verge.net.au> ravb: expand rx descriptor data to accommodate hw checksum Josh Elsasser <jelsasser(a)appneta.com> net: set default network namespace in init_dummy_netdev() Bernard Pidoux <f6bvp(a)free.fr> net/rose: fix NULL ax25_cb kernel panic Cong Wang <xiyou.wangcong(a)gmail.com> netrom: switch to sock timer API Aya Levin <ayal(a)mellanox.com> net/mlx4_core: Add masking for a few queries on HCA caps Jakub Kicinski <jakub.kicinski(a)netronome.com> net/ipv6: don't return positive numbers when nothing was dumped Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> net: ip_gre: use erspan key field for tunnel lookup Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> net: ip_gre: always reports o_key to userspace Jacob Wen <jian.w.wen(a)oracle.com> l2tp: fix reading optional fields of L2TPv3 Jacob Wen <jian.w.wen(a)oracle.com> l2tp: copy 4 more bytes to linear part if necessary Daniel Borkmann <daniel(a)iogearbox.net> ipvlan, l3mdev: fix broken l3s mode wrt local routes Yohei Kanemaru <yohei.kanemaru(a)gmail.com> ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation Arnd Bergmann <arnd(a)arndb.de> drm/msm/gpu: fix building without debugfs ------------- Diffstat: Makefile | 4 +- arch/arm/mach-cns3xxx/pcie.c | 2 +- arch/arm64/kernel/hibernate.c | 4 +- arch/arm64/kernel/hyp-stub.S | 2 + arch/arm64/kernel/kaslr.c | 1 + arch/arm64/mm/flush.c | 6 +- drivers/gpio/gpio-altera-a10sr.c | 4 +- drivers/gpio/gpio-eic-sprd.c | 14 +- drivers/gpio/gpio-pcf857x.c | 26 ++-- drivers/gpio/gpiolib.c | 9 +- drivers/gpu/drm/msm/msm_gpu.h | 2 +- drivers/infiniband/core/uverbs_main.c | 25 ++-- drivers/infiniband/hw/hfi1/file_ops.c | 2 +- drivers/infiniband/sw/rdmavt/qp.c | 7 +- drivers/iommu/intel-iommu.c | 2 +- drivers/md/raid5-cache.c | 33 +++-- drivers/md/raid5.c | 8 +- drivers/mmc/host/bcm2835.c | 2 + drivers/mmc/host/mtk-sd.c | 2 +- drivers/net/ethernet/freescale/ucc_geth.c | 2 + drivers/net/ethernet/mellanox/mlx4/fw.c | 75 ++++++---- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 22 +-- drivers/net/ethernet/renesas/ravb_main.c | 12 +- drivers/net/ipvlan/ipvlan_main.c | 6 +- drivers/net/tun.c | 3 +- drivers/net/virtio_net.c | 169 +++++++++++++++------- drivers/of/dynamic.c | 32 +++- drivers/of/kobj.c | 4 +- drivers/of/overlay.c | 115 ++++++++++----- drivers/platform/x86/asus-nb-wmi.c | 3 +- drivers/vhost/net.c | 3 +- drivers/vhost/scsi.c | 2 +- drivers/vhost/vhost.c | 7 +- drivers/vhost/vhost.h | 4 +- drivers/vhost/vsock.c | 2 +- fs/btrfs/ctree.c | 78 ++++++---- fs/btrfs/super.c | 3 + fs/cifs/connect.c | 53 +++++++ fs/cifs/file.c | 11 +- fs/cifs/smb2pdu.c | 54 ++++--- fs/dcache.c | 6 +- fs/gfs2/rgrp.c | 2 +- fs/nfs/write.c | 9 +- include/linux/netdevice.h | 8 + include/linux/of.h | 15 +- include/linux/sched/coredump.h | 1 + include/net/l3mdev.h | 3 +- include/net/tls.h | 2 + kernel/exit.c | 12 +- mm/hugetlb.c | 3 +- mm/memory-failure.c | 3 +- mm/memory_hotplug.c | 36 +++-- mm/migrate.c | 7 +- mm/oom_kill.c | 12 +- net/core/dev.c | 3 + net/ipv4/gre_demux.c | 17 +++ net/ipv4/ip_gre.c | 16 +- net/ipv6/addrconf.c | 2 + net/ipv6/af_inet6.c | 3 + net/ipv6/ip6_gre.c | 11 +- net/ipv6/ip6mr.c | 7 +- net/ipv6/seg6_iptunnel.c | 2 + net/l2tp/l2tp_core.c | 9 +- net/l2tp/l2tp_core.h | 20 +++ net/l2tp/l2tp_ip.c | 3 + net/l2tp/l2tp_ip6.c | 3 + net/netrom/nr_timer.c | 20 +-- net/rose/rose_route.c | 5 + net/sctp/ipv6.c | 3 +- net/sctp/protocol.c | 3 +- net/sctp/sm_make_chunk.c | 11 +- net/sctp/stream.c | 58 ++++---- net/tls/tls_sw.c | 6 +- sound/core/pcm_lib.c | 9 +- sound/pci/hda/patch_realtek.c | 78 +++++----- sound/usb/quirks.c | 1 + tools/testing/selftests/seccomp/seccomp_bpf.c | 72 +++++++-- 77 files changed, 879 insertions(+), 417 deletions(-)

6 years, 7 months

3
83
0 0

[PATCH 4.14 00/46] 4.14.98-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.98 release. There are 46 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Feb 6 10:35:31 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.98-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.98-rc1 Amir Goldstein <amir73il(a)gmail.com> fanotify: fix handling of events on child sub-directory Benjamin Herrenschmidt <benh(a)kernel.crashing.org> drivers: core: Remove glue dirs from sysfs earlier Paulo Alcantara <paulo(a)paulo.ac> cifs: Always resolve hostname before reconnecting Alexei Naberezhnov <anaberezhnov(a)fb.com> md/raid5: fix 'out of memory' during raid cache recovery David Hildenbrand <david(a)redhat.com> mm: migrate: don't rely on __PageMovable() of newpage after unlocking it Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> mm: hwpoison: use do_send_sig_info() instead of force_sig() Shakeel Butt <shakeelb(a)google.com> mm, oom: fix use-after-free in oom_kill_process Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> oom, oom_reaper: do not enqueue same task twice Andrei Vagin <avagin(a)gmail.com> kernel/exit.c: release ptraced tasks before zap_pid_ns_processes Stefan Wahren <stefan.wahren(a)i2se.com> mmc: sdhci-iproc: handle mmc_of_parse() errors during probe João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Remove overly conservative VM_EXEC flag check Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed hp_pin no value Lukas Wunner <lukas(a)wunner.de> mmc: bcm2835: Fix DMA channel leak on probe error Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "Fix loop in gfs2_rbm_find" Roger Quadros <rogerq(a)ti.com> gpio: pcf857x: Fix interrupts on multiple instances Axel Lin <axel.lin(a)ingics.com> gpio: altera-a10sr: Set proper output level for direction_output James Morse <james.morse(a)arm.com> arm64: hibernate: Clean the __hyp_text to PoC after resume James Morse <james.morse(a)arm.com> arm64: hyp-stub: Forbid kprobing of the hyp-stub Ard Biesheuvel <ard.biesheuvel(a)linaro.org> arm64: kaslr: ensure randomized quantities are clean also when kaslr is off Koen Vandeputte <koen.vandeputte(a)ncentric.com> ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment Trond Myklebust <trondmy(a)gmail.com> NFS: Fix up return value on fatal errors in nfs_page_async_flush() Kees Cook <keescook(a)chromium.org> selftests/seccomp: Enhance per-arch ptrace syscall skip tests Gerald Schaefer <gerald.schaefer(a)de.ibm.com> iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() Waiman Long <longman(a)redhat.com> fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Do not count -ENODATA as failure for query directory Daniel Borkmann <daniel(a)iogearbox.net> ipvlan, l3mdev: fix broken l3s mode wrt local routes Jacob Wen <jian.w.wen(a)oracle.com> l2tp: fix reading optional fields of L2TPv3 Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> l2tp: remove l2specific_len dependency in l2tp_core Xin Long <lucien.xin(a)gmail.com> sctp: improve the events for sctp stream reset Xin Long <lucien.xin(a)gmail.com> sctp: improve the events for sctp stream adding Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Fix not restoring real_num_rx_queues Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Don't call free_old_xmit_skbs for xdp_frames Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Don't enable NAPI when interface is down Bodong Wang <bodong(a)mellanox.com> Revert "net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager" Aya Levin <ayal(a)mellanox.com> net/mlx5e: Allow MAC invalidation while spoofchk is ON Mathias Thore <mathias.thore(a)infinera.com> ucc_geth: Reset BQL queue when stopping device Josh Elsasser <jelsasser(a)appneta.com> net: set default network namespace in init_dummy_netdev() Bernard Pidoux <f6bvp(a)free.fr> net/rose: fix NULL ax25_cb kernel panic Cong Wang <xiyou.wangcong(a)gmail.com> netrom: switch to sock timer API Aya Levin <ayal(a)mellanox.com> net/mlx4_core: Add masking for a few queries on HCA caps Jacob Wen <jian.w.wen(a)oracle.com> l2tp: copy 4 more bytes to linear part if necessary Yohei Kanemaru <yohei.kanemaru(a)gmail.com> ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation David Ahern <dsahern(a)gmail.com> ipv6: Consider sk_bound_dev_if when binding a socket to an address Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Fix "net: ipv4: do not handle duplicate fragments as overlapping" ------------- Diffstat: Makefile | 4 +- arch/arm/mach-cns3xxx/pcie.c | 2 +- arch/arm64/kernel/hibernate.c | 4 +- arch/arm64/kernel/hyp-stub.S | 2 + arch/arm64/kernel/kaslr.c | 1 + drivers/base/core.c | 2 + drivers/gpio/gpio-altera-a10sr.c | 4 +- drivers/gpio/gpio-pcf857x.c | 26 ++++---- drivers/infiniband/hw/hfi1/file_ops.c | 2 +- drivers/iommu/intel-iommu.c | 2 +- drivers/md/raid5-cache.c | 33 ++++++---- drivers/md/raid5.c | 8 ++- drivers/mmc/host/bcm2835.c | 2 + drivers/mmc/host/sdhci-iproc.c | 5 +- drivers/net/ethernet/freescale/ucc_geth.c | 2 + drivers/net/ethernet/mellanox/mlx4/fw.c | 75 +++++++++++++--------- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 22 +++---- drivers/net/ipvlan/ipvlan_main.c | 6 +- drivers/net/virtio_net.c | 55 ++++++++++------ drivers/platform/x86/asus-nb-wmi.c | 3 +- fs/cifs/connect.c | 53 +++++++++++++++ fs/cifs/smb2pdu.c | 4 +- fs/dcache.c | 6 +- fs/gfs2/rgrp.c | 2 +- fs/nfs/write.c | 9 +-- fs/notify/fsnotify.c | 8 ++- include/linux/kobject.h | 17 +++++ include/linux/netdevice.h | 8 +++ include/linux/sched/coredump.h | 1 + include/net/l3mdev.h | 3 +- kernel/exit.c | 12 +++- mm/memory-failure.c | 3 +- mm/migrate.c | 7 +- mm/oom_kill.c | 12 +++- net/core/dev.c | 3 + net/ipv4/ip_fragment.c | 2 +- net/ipv6/af_inet6.c | 3 + net/ipv6/seg6_iptunnel.c | 2 + net/l2tp/l2tp_core.c | 43 +++++++------ net/l2tp/l2tp_core.h | 31 +++++++++ net/l2tp/l2tp_ip.c | 3 + net/l2tp/l2tp_ip6.c | 3 + net/netrom/nr_timer.c | 20 +++--- net/rose/rose_route.c | 5 ++ net/sctp/stream.c | 62 ++++++++---------- sound/pci/hda/patch_realtek.c | 78 +++++++++++++---------- tools/testing/selftests/seccomp/seccomp_bpf.c | 72 ++++++++++++++++----- 47 files changed, 494 insertions(+), 238 deletions(-)

6 years, 7 months

4
50
0 0

[PATCH 3.18 00/31] 3.18.134-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.134 release. There are 31 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Feb 6 10:35:28 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.134-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.134-rc1 David Hildenbrand <david(a)redhat.com> mm: migrate: don't rely on __PageMovable() of newpage after unlocking it Shakeel Butt <shakeelb(a)google.com> mm, oom: fix use-after-free in oom_kill_process João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "Fix loop in gfs2_rbm_find" James Morse <james.morse(a)arm.com> arm64: hyp-stub: Forbid kprobing of the hyp-stub Waiman Long <longman(a)redhat.com> fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Do not count -ENODATA as failure for query directory Jacob Wen <jian.w.wen(a)oracle.com> l2tp: fix reading optional fields of L2TPv3 Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> l2tp: remove l2specific_len dependency in l2tp_core Mathias Thore <mathias.thore(a)infinera.com> ucc_geth: Reset BQL queue when stopping device Bernard Pidoux <f6bvp(a)free.fr> net/rose: fix NULL ax25_cb kernel panic Cong Wang <xiyou.wangcong(a)gmail.com> netrom: switch to sock timer API Jacob Wen <jian.w.wen(a)oracle.com> l2tp: copy 4 more bytes to linear part if necessary David Ahern <dsahern(a)gmail.com> ipv6: Consider sk_bound_dev_if when binding a socket to an address Pan Bian <bianpan2016(a)163.com> f2fs: read page index before freeing Milian Wolff <milian.wolff(a)kdab.com> perf unwind: Take pgoff into account when reporting elf to libdwfl Martin Vuille <jpmv27(a)aim.com> perf unwind: Unwind with libdw doesn't take symfs into account Nicolas Pitre <nicolas.pitre(a)linaro.org> vt: invoke notifier on screen size change Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: check timer values before ktime conversion Manfred Schlaegl <manfred.schlaegl(a)ginzinger.com> can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it Daniel Drake <drake(a)endlessm.com> x86/kaslr: Fix incorrect i8254 outb() parameters Tom Panfil <tom(a)steelseries.com> Input: xpad - add support for SteelSeries Stratus Duo Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix possible hang during async MTU reads and writes Paul Fulghum <paulkf(a)microgate.com> tty/n_hdlc: fix __might_sleep warning Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> tty: Handle problem if line discipline does not have receive_buf Michael Straube <straube.linux(a)gmail.com> staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 Gerald Schaefer <gerald.schaefer(a)de.ibm.com> s390/smp: fix CPU hotplug deadlock with CPU rescan Charles Yeh <charlesyeh522(a)gmail.com> USB: serial: pl2303: add new PID to support PL2303TB Max Schulze <max.schulze(a)posteo.de> USB: serial: simple: add Motorola Tetra TPG2200 device id Ross Lagerwall <ross.lagerwall(a)citrix.com> openvswitch: Avoid OOB read when parsing flow nlattrs ------------- Diffstat: Makefile | 4 +-- arch/arm64/kernel/hyp-stub.S | 2 ++ arch/s390/kernel/smp.c | 4 +++ arch/x86/boot/compressed/aslr.c | 4 +-- drivers/input/joystick/xpad.c | 3 ++ drivers/net/can/dev.c | 27 +++++++++--------- drivers/net/ethernet/freescale/ucc_geth.c | 2 ++ drivers/platform/x86/asus-nb-wmi.c | 3 +- drivers/s390/char/sclp_config.c | 2 ++ drivers/staging/rtl8188eu/os_dep/usb_intf.c | 1 + drivers/tty/n_hdlc.c | 1 + drivers/tty/tty_io.c | 3 +- drivers/tty/vt/vt.c | 1 + drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 2 ++ drivers/usb/serial/usb-serial-simple.c | 3 +- fs/cifs/smb2ops.c | 6 ++-- fs/cifs/smb2pdu.c | 4 +-- fs/dcache.c | 6 +--- fs/f2fs/node.c | 4 ++- fs/gfs2/rgrp.c | 2 +- mm/migrate.c | 7 +++-- mm/oom_kill.c | 8 ++++++ net/can/bcm.c | 27 ++++++++++++++++++ net/ipv6/af_inet6.c | 3 ++ net/l2tp/l2tp_core.c | 43 +++++++++++++++-------------- net/l2tp/l2tp_core.h | 31 +++++++++++++++++++++ net/l2tp/l2tp_ip.c | 3 ++ net/l2tp/l2tp_ip6.c | 3 ++ net/netrom/nr_timer.c | 20 +++++++------- net/openvswitch/flow_netlink.c | 2 +- net/rose/rose_route.c | 5 ++++ tools/perf/util/unwind-libdw.c | 4 +-- 33 files changed, 171 insertions(+), 70 deletions(-)

6 years, 7 months

2
35
0 0

Security fixes for 4.4 - f2fs

by Ben Hutchings

I've backported fixes for several security issues involving filesystem validation in f2fs. All of these are already fixed in the later stable branches. I tested with the reproducers where available. I also checked for regressions with xfstests and didn't find any (but many tests fail with or without these changes). Ben. -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom

6 years, 7 months

3
4
0 0

[PATCH 4.9 00/30] 4.9.155-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.155 release. There are 30 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Feb 6 10:35:37 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.155-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.155-rc1 Amir Goldstein <amir73il(a)gmail.com> fanotify: fix handling of events on child sub-directory Dave Chinner <dchinner(a)redhat.com> fs: don't scan the inode cache before SB_BORN is set Benjamin Herrenschmidt <benh(a)kernel.crashing.org> drivers: core: Remove glue dirs from sysfs earlier Paulo Alcantara <paulo(a)paulo.ac> cifs: Always resolve hostname before reconnecting David Hildenbrand <david(a)redhat.com> mm: migrate: don't rely on __PageMovable() of newpage after unlocking it Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> mm: hwpoison: use do_send_sig_info() instead of force_sig() Shakeel Butt <shakeelb(a)google.com> mm, oom: fix use-after-free in oom_kill_process Andrei Vagin <avagin(a)gmail.com> kernel/exit.c: release ptraced tasks before zap_pid_ns_processes Stefan Wahren <stefan.wahren(a)i2se.com> mmc: sdhci-iproc: handle mmc_of_parse() errors during probe João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "Fix loop in gfs2_rbm_find" James Morse <james.morse(a)arm.com> arm64: hibernate: Clean the __hyp_text to PoC after resume James Morse <james.morse(a)arm.com> arm64: hyp-stub: Forbid kprobing of the hyp-stub Ard Biesheuvel <ard.biesheuvel(a)linaro.org> arm64: kaslr: ensure randomized quantities are clean also when kaslr is off Koen Vandeputte <koen.vandeputte(a)ncentric.com> ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment Waiman Long <longman(a)redhat.com> fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Do not count -ENODATA as failure for query directory Daniel Borkmann <daniel(a)iogearbox.net> ipvlan, l3mdev: fix broken l3s mode wrt local routes Jacob Wen <jian.w.wen(a)oracle.com> l2tp: fix reading optional fields of L2TPv3 Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> l2tp: remove l2specific_len dependency in l2tp_core Aya Levin <ayal(a)mellanox.com> net/mlx5e: Allow MAC invalidation while spoofchk is ON Mathias Thore <mathias.thore(a)infinera.com> ucc_geth: Reset BQL queue when stopping device Bernard Pidoux <f6bvp(a)free.fr> net/rose: fix NULL ax25_cb kernel panic Cong Wang <xiyou.wangcong(a)gmail.com> netrom: switch to sock timer API Aya Levin <ayal(a)mellanox.com> net/mlx4_core: Add masking for a few queries on HCA caps Jacob Wen <jian.w.wen(a)oracle.com> l2tp: copy 4 more bytes to linear part if necessary David Ahern <dsahern(a)gmail.com> ipv6: Consider sk_bound_dev_if when binding a socket to an address Jimmy Durand Wesolowski <jdw(a)amazon.de> fs: add the fsnotify call to vfs_iter_write Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Fix "net: ipv4: do not handle duplicate fragments as overlapping" ------------- Diffstat: Makefile | 4 +- arch/arm/mach-cns3xxx/pcie.c | 2 +- arch/arm64/kernel/hibernate.c | 4 +- arch/arm64/kernel/hyp-stub.S | 2 + arch/arm64/kernel/kaslr.c | 1 + drivers/base/core.c | 2 + drivers/mmc/host/sdhci-iproc.c | 5 +- drivers/net/ethernet/freescale/ucc_geth.c | 2 + drivers/net/ethernet/mellanox/mlx4/fw.c | 75 ++++++++++++++--------- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 19 ++---- drivers/net/ipvlan/ipvlan_main.c | 6 +- drivers/platform/x86/asus-nb-wmi.c | 3 +- fs/cifs/connect.c | 53 ++++++++++++++++ fs/cifs/smb2pdu.c | 4 +- fs/dcache.c | 6 +- fs/gfs2/rgrp.c | 2 +- fs/notify/fsnotify.c | 8 ++- fs/read_write.c | 4 +- fs/super.c | 30 +++++++-- include/linux/kobject.h | 17 +++++ include/linux/netdevice.h | 8 +++ include/net/l3mdev.h | 3 +- kernel/exit.c | 12 +++- mm/memory-failure.c | 3 +- mm/migrate.c | 7 ++- mm/oom_kill.c | 8 +++ net/ipv4/ip_fragment.c | 2 +- net/ipv6/af_inet6.c | 3 + net/l2tp/l2tp_core.c | 43 ++++++------- net/l2tp/l2tp_core.h | 31 ++++++++++ net/l2tp/l2tp_ip.c | 3 + net/l2tp/l2tp_ip6.c | 3 + net/netrom/nr_timer.c | 20 +++--- net/rose/rose_route.c | 5 ++ 34 files changed, 293 insertions(+), 107 deletions(-)

6 years, 7 months

5
35
0 0

[PATCH] powerpc/papr_scm: Use the correct bind address

by Oliver O'Halloran

When binding an SCM volume to a physical address the hypervisor has the option to return early with a continue token with the expectation that the guest will resume the bind operation until it completes. A quirk of this interface is that the bind address will only be returned by the first bind h-call and the subsequent calls will return 0xFFFF_FFFF_FFFF_FFFF for the bind address. We currently do not save the address returned by the first h-call. As a result we will use the junk address as the base of the bound region if the hypervisor decides to split the bind across multiple h-calls. This bug was found when testing with very large SCM volumes where the bind process would take more time than they hypervisor's internal h-call time limit would allow. This patch fixes the issue by saving the bind address from the first call. Cc: stable(a)vger.kernel.org Fixes: b5beae5e224f ("powerpc/pseries: Add driver for PAPR SCM regions") Signed-off-by: Oliver O'Halloran <oohall(a)gmail.com> --- arch/powerpc/platforms/pseries/papr_scm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/platforms/pseries/papr_scm.c b/arch/powerpc/platforms/pseries/papr_scm.c index 7d6457ab5d34..bba281b1fe1b 100644 --- a/arch/powerpc/platforms/pseries/papr_scm.c +++ b/arch/powerpc/platforms/pseries/papr_scm.c @@ -43,6 +43,7 @@ static int drc_pmem_bind(struct papr_scm_priv *p) { unsigned long ret[PLPAR_HCALL_BUFSIZE]; uint64_t rc, token; + uint64_t saved = 0; /* * When the hypervisor cannot map all the requested memory in a single @@ -56,6 +57,8 @@ static int drc_pmem_bind(struct papr_scm_priv *p) rc = plpar_hcall(H_SCM_BIND_MEM, ret, p->drc_index, 0, p->blocks, BIND_ANY_ADDR, token); token = ret[0]; + if (!saved) + saved = ret[1]; cond_resched(); } while (rc == H_BUSY); @@ -64,7 +67,7 @@ static int drc_pmem_bind(struct papr_scm_priv *p) return -ENXIO; } - p->bound_addr = ret[1]; + p->bound_addr = saved; dev_dbg(&p->pdev->dev, "bound drc %x to %pR\n", p->drc_index, &p->res); -- 2.20.1

6 years, 7 months

2
1
0 0

[PATCH] tpm/tpm_crb: Avoid unaligned reads in crb_recv():

by Jarkko Sakkinen

The current approach to read first 6 bytes from the response and then tail of the response, can cause the 2nd memcpy_fromio() to do an unaligned read (e.g. read 32-bit word from address aligned to a 16-bits), depending on how memcpy_fromio() is implemented. If this happens, the read will fail and the memory controller will fill the read with 1's. This was triggered by 170d13ca3a2f, which should be probably refined to check and react to the address alignment. Before that commit, on x86 memcpy_fromio() turned out to be memcpy(). By a luck GCC has done the right thing (from tpm_crb's perspective) for us so far, but we should not rely on that. Thus, it makes sense to fix this also in tpm_crb, not least because the fix can be then backported to stable kernels and make them more robust when compiled in differing environments. Cc: stable(a)vger.kernel.org Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: James Morris <jmorris(a)namei.org> Cc: Tomas Winkler <tomas.winkler(a)intel.com> Cc: Jerry Snitselaar <jsnitsel(a)redhat.com> Fixes: 30fc8d138e91 ("tpm: TPM 2.0 CRB Interface") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- drivers/char/tpm/tpm_crb.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c index 36952ef98f90..7f47e43aa9f1 100644 --- a/drivers/char/tpm/tpm_crb.c +++ b/drivers/char/tpm/tpm_crb.c @@ -288,18 +288,18 @@ static int crb_recv(struct tpm_chip *chip, u8 *buf, size_t count) unsigned int expected; /* sanity check */ - if (count < 6) + if (count < 8) return -EIO; if (ioread32(&priv->regs_t->ctrl_sts) & CRB_CTRL_STS_ERROR) return -EIO; - memcpy_fromio(buf, priv->rsp, 6); + memcpy_fromio(buf, priv->rsp, 8); expected = be32_to_cpup((__be32 *) &buf[2]); - if (expected > count || expected < 6) + if (expected > count || expected < 8) return -EIO; - memcpy_fromio(&buf[6], &priv->rsp[6], expected - 6); + memcpy_fromio(&buf[8], &priv->rsp[8], expected - 8); return expected; } -- 2.17.1

6 years, 7 months

5
9
0 0

[PATCH 2/3] mmc: sunxi: Filter out unsupported modes declared in the device tree

by Chen-Yu Tsai

The MMC device tree bindings include properties used to signal various signalling speed modes. Until now the sunxi driver was accepting them without any further filtering, while the sunxi device trees were not actually using them. Since some of the H5 boards can not run at higher speed modes stably, we are resorting to declaring the higher speed modes per-board. Regardless, having boards declare modes and blindly following them, even without proper support in the driver, is generally a bad thing. Filter out all unsupported modes from the capabilities mask after the device tree properties have been parsed. Cc: <stable(a)vger.kernel.org> Signed-off-by: Chen-Yu Tsai <wens(a)csie.org> --- This should be backported to stable kernels in case people try to run new device trees (that declare newly supported modes) with old kernels. --- drivers/mmc/host/sunxi-mmc.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/mmc/host/sunxi-mmc.c b/drivers/mmc/host/sunxi-mmc.c index 7415af8c8ff6..a01433012db0 100644 --- a/drivers/mmc/host/sunxi-mmc.c +++ b/drivers/mmc/host/sunxi-mmc.c @@ -1415,6 +1415,22 @@ static int sunxi_mmc_probe(struct platform_device *pdev) if (ret) goto error_free_dma; + /* + * If we don't support delay chains in the SoC, we can't use any + * of the DDR speed modes. Mask them out in case the device + * tree specifies the properties for them, which gets added to + * the caps by mmc_of_parse() above. + */ + if (!(host->cfg->clk_delays || host->use_new_timings)) + mmc->caps &= ~(MMC_CAP_3_3V_DDR | MMC_CAP_1_8V_DDR | + MMC_CAP_1_2V_DDR); + + /* TODO: UHS modes untested due to lack of supporting boards */ + mmc->caps &= ~MMC_CAP_UHS; + + /* TODO: This driver doesn't support HS200 and HS400 modes yet */ + mmc->caps2 &= ~(MMC_CAP2_HS200 | MMC_CAP2_HS400); + ret = sunxi_mmc_init_host(host); if (ret) goto error_free_dma; -- 2.20.1

6 years, 7 months

2
5
0 0

[PATCH v2 04/15] crypto: x86/morus - fix handling chunked inputs and MAY_SLEEP

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> The x86 MORUS implementations all fail the improved AEAD tests because they produce the wrong result with some data layouts. The issue is that they assume that if the skcipher_walk API gives 'nbytes' not aligned to the walksize (a.k.a. walk.stride), then it is the end of the data. In fact, this can happen before the end. Also, when the CRYPTO_TFM_REQ_MAY_SLEEP flag is given, they can incorrectly sleep in the skcipher_walk_*() functions while preemption has been disabled by kernel_fpu_begin(). Fix these bugs. Fixes: 56e8e57fc3a7 ("crypto: morus - Add common SIMD glue code for MORUS") Cc: <stable(a)vger.kernel.org> # v4.18+ Cc: Ondrej Mosnacek <omosnace(a)redhat.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- arch/x86/crypto/morus1280_glue.c | 40 +++++++++++++------------------- arch/x86/crypto/morus640_glue.c | 39 ++++++++++++------------------- 2 files changed, 31 insertions(+), 48 deletions(-) diff --git a/arch/x86/crypto/morus1280_glue.c b/arch/x86/crypto/morus1280_glue.c index 0dccdda1eb3a1..7e600f8bcdad8 100644 --- a/arch/x86/crypto/morus1280_glue.c +++ b/arch/x86/crypto/morus1280_glue.c @@ -85,31 +85,20 @@ static void crypto_morus1280_glue_process_ad( static void crypto_morus1280_glue_process_crypt(struct morus1280_state *state, struct morus1280_ops ops, - struct aead_request *req) + struct skcipher_walk *walk) { - struct skcipher_walk walk; - u8 *cursor_src, *cursor_dst; - unsigned int chunksize, base; - - ops.skcipher_walk_init(&walk, req, false); - - while (walk.nbytes) { - cursor_src = walk.src.virt.addr; - cursor_dst = walk.dst.virt.addr; - chunksize = walk.nbytes; - - ops.crypt_blocks(state, cursor_src, cursor_dst, chunksize); - - base = chunksize & ~(MORUS1280_BLOCK_SIZE - 1); - cursor_src += base; - cursor_dst += base; - chunksize &= MORUS1280_BLOCK_SIZE - 1; - - if (chunksize > 0) - ops.crypt_tail(state, cursor_src, cursor_dst, - chunksize); + while (walk->nbytes >= MORUS1280_BLOCK_SIZE) { + ops.crypt_blocks(state, walk->src.virt.addr, + walk->dst.virt.addr, + round_down(walk->nbytes, + MORUS1280_BLOCK_SIZE)); + skcipher_walk_done(walk, walk->nbytes % MORUS1280_BLOCK_SIZE); + } - skcipher_walk_done(&walk, 0); + if (walk->nbytes) { + ops.crypt_tail(state, walk->src.virt.addr, walk->dst.virt.addr, + walk->nbytes); + skcipher_walk_done(walk, 0); } } @@ -147,12 +136,15 @@ static void crypto_morus1280_glue_crypt(struct aead_request *req, struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct morus1280_ctx *ctx = crypto_aead_ctx(tfm); struct morus1280_state state; + struct skcipher_walk walk; + + ops.skcipher_walk_init(&walk, req, true); kernel_fpu_begin(); ctx->ops->init(&state, &ctx->key, req->iv); crypto_morus1280_glue_process_ad(&state, ctx->ops, req->src, req->assoclen); - crypto_morus1280_glue_process_crypt(&state, ops, req); + crypto_morus1280_glue_process_crypt(&state, ops, &walk); ctx->ops->final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); diff --git a/arch/x86/crypto/morus640_glue.c b/arch/x86/crypto/morus640_glue.c index 7b58fe4d9bd1a..cb3a817320160 100644 --- a/arch/x86/crypto/morus640_glue.c +++ b/arch/x86/crypto/morus640_glue.c @@ -85,31 +85,19 @@ static void crypto_morus640_glue_process_ad( static void crypto_morus640_glue_process_crypt(struct morus640_state *state, struct morus640_ops ops, - struct aead_request *req) + struct skcipher_walk *walk) { - struct skcipher_walk walk; - u8 *cursor_src, *cursor_dst; - unsigned int chunksize, base; - - ops.skcipher_walk_init(&walk, req, false); - - while (walk.nbytes) { - cursor_src = walk.src.virt.addr; - cursor_dst = walk.dst.virt.addr; - chunksize = walk.nbytes; - - ops.crypt_blocks(state, cursor_src, cursor_dst, chunksize); - - base = chunksize & ~(MORUS640_BLOCK_SIZE - 1); - cursor_src += base; - cursor_dst += base; - chunksize &= MORUS640_BLOCK_SIZE - 1; - - if (chunksize > 0) - ops.crypt_tail(state, cursor_src, cursor_dst, - chunksize); + while (walk->nbytes >= MORUS640_BLOCK_SIZE) { + ops.crypt_blocks(state, walk->src.virt.addr, + walk->dst.virt.addr, + round_down(walk->nbytes, MORUS640_BLOCK_SIZE)); + skcipher_walk_done(walk, walk->nbytes % MORUS640_BLOCK_SIZE); + } - skcipher_walk_done(&walk, 0); + if (walk->nbytes) { + ops.crypt_tail(state, walk->src.virt.addr, walk->dst.virt.addr, + walk->nbytes); + skcipher_walk_done(walk, 0); } } @@ -143,12 +131,15 @@ static void crypto_morus640_glue_crypt(struct aead_request *req, struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct morus640_ctx *ctx = crypto_aead_ctx(tfm); struct morus640_state state; + struct skcipher_walk walk; + + ops.skcipher_walk_init(&walk, req, true); kernel_fpu_begin(); ctx->ops->init(&state, &ctx->key, req->iv); crypto_morus640_glue_process_ad(&state, ctx->ops, req->src, req->assoclen); - crypto_morus640_glue_process_crypt(&state, ops, req); + crypto_morus640_glue_process_crypt(&state, ops, &walk); ctx->ops->final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); -- 2.20.1

6 years, 7 months

2
1
0 0

[PATCH v2 03/15] crypto: x86/aegis - fix handling chunked inputs and MAY_SLEEP

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> The x86 AEGIS implementations all fail the improved AEAD tests because they produce the wrong result with some data layouts. The issue is that they assume that if the skcipher_walk API gives 'nbytes' not aligned to the walksize (a.k.a. walk.stride), then it is the end of the data. In fact, this can happen before the end. Also, when the CRYPTO_TFM_REQ_MAY_SLEEP flag is given, they can incorrectly sleep in the skcipher_walk_*() functions while preemption has been disabled by kernel_fpu_begin(). Fix these bugs. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: <stable(a)vger.kernel.org> # v4.18+ Cc: Ondrej Mosnacek <omosnace(a)redhat.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- arch/x86/crypto/aegis128-aesni-glue.c | 38 ++++++++++---------------- arch/x86/crypto/aegis128l-aesni-glue.c | 38 ++++++++++---------------- arch/x86/crypto/aegis256-aesni-glue.c | 38 ++++++++++---------------- 3 files changed, 45 insertions(+), 69 deletions(-) diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index 2a356b948720e..3ea71b8718135 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -119,31 +119,20 @@ static void crypto_aegis128_aesni_process_ad( } static void crypto_aegis128_aesni_process_crypt( - struct aegis_state *state, struct aead_request *req, + struct aegis_state *state, struct skcipher_walk *walk, const struct aegis_crypt_ops *ops) { - struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize, base; - - ops->skcipher_walk_init(&walk, req, false); - - while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; - - ops->crypt_blocks(state, chunksize, src, dst); - - base = chunksize & ~(AEGIS128_BLOCK_SIZE - 1); - src += base; - dst += base; - chunksize &= AEGIS128_BLOCK_SIZE - 1; - - if (chunksize > 0) - ops->crypt_tail(state, chunksize, src, dst); + while (walk->nbytes >= AEGIS128_BLOCK_SIZE) { + ops->crypt_blocks(state, + round_down(walk->nbytes, AEGIS128_BLOCK_SIZE), + walk->src.virt.addr, walk->dst.virt.addr); + skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + } - skcipher_walk_done(&walk, 0); + if (walk->nbytes) { + ops->crypt_tail(state, walk->nbytes, walk->src.virt.addr, + walk->dst.virt.addr); + skcipher_walk_done(walk, 0); } } @@ -186,13 +175,16 @@ static void crypto_aegis128_aesni_crypt(struct aead_request *req, { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(tfm); + struct skcipher_walk walk; struct aegis_state state; + ops->skcipher_walk_init(&walk, req, true); + kernel_fpu_begin(); crypto_aegis128_aesni_init(&state, ctx->key.bytes, req->iv); crypto_aegis128_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis128_aesni_process_crypt(&state, req, ops); + crypto_aegis128_aesni_process_crypt(&state, &walk, ops); crypto_aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); diff --git a/arch/x86/crypto/aegis128l-aesni-glue.c b/arch/x86/crypto/aegis128l-aesni-glue.c index dbe8bb980da15..1b1b39c66c5e2 100644 --- a/arch/x86/crypto/aegis128l-aesni-glue.c +++ b/arch/x86/crypto/aegis128l-aesni-glue.c @@ -119,31 +119,20 @@ static void crypto_aegis128l_aesni_process_ad( } static void crypto_aegis128l_aesni_process_crypt( - struct aegis_state *state, struct aead_request *req, + struct aegis_state *state, struct skcipher_walk *walk, const struct aegis_crypt_ops *ops) { - struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize, base; - - ops->skcipher_walk_init(&walk, req, false); - - while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; - - ops->crypt_blocks(state, chunksize, src, dst); - - base = chunksize & ~(AEGIS128L_BLOCK_SIZE - 1); - src += base; - dst += base; - chunksize &= AEGIS128L_BLOCK_SIZE - 1; - - if (chunksize > 0) - ops->crypt_tail(state, chunksize, src, dst); + while (walk->nbytes >= AEGIS128L_BLOCK_SIZE) { + ops->crypt_blocks(state, round_down(walk->nbytes, + AEGIS128L_BLOCK_SIZE), + walk->src.virt.addr, walk->dst.virt.addr); + skcipher_walk_done(walk, walk->nbytes % AEGIS128L_BLOCK_SIZE); + } - skcipher_walk_done(&walk, 0); + if (walk->nbytes) { + ops->crypt_tail(state, walk->nbytes, walk->src.virt.addr, + walk->dst.virt.addr); + skcipher_walk_done(walk, 0); } } @@ -186,13 +175,16 @@ static void crypto_aegis128l_aesni_crypt(struct aead_request *req, { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct aegis_ctx *ctx = crypto_aegis128l_aesni_ctx(tfm); + struct skcipher_walk walk; struct aegis_state state; + ops->skcipher_walk_init(&walk, req, true); + kernel_fpu_begin(); crypto_aegis128l_aesni_init(&state, ctx->key.bytes, req->iv); crypto_aegis128l_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis128l_aesni_process_crypt(&state, req, ops); + crypto_aegis128l_aesni_process_crypt(&state, &walk, ops); crypto_aegis128l_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); diff --git a/arch/x86/crypto/aegis256-aesni-glue.c b/arch/x86/crypto/aegis256-aesni-glue.c index 8bebda2de92fe..6227ca3220a05 100644 --- a/arch/x86/crypto/aegis256-aesni-glue.c +++ b/arch/x86/crypto/aegis256-aesni-glue.c @@ -119,31 +119,20 @@ static void crypto_aegis256_aesni_process_ad( } static void crypto_aegis256_aesni_process_crypt( - struct aegis_state *state, struct aead_request *req, + struct aegis_state *state, struct skcipher_walk *walk, const struct aegis_crypt_ops *ops) { - struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize, base; - - ops->skcipher_walk_init(&walk, req, false); - - while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; - - ops->crypt_blocks(state, chunksize, src, dst); - - base = chunksize & ~(AEGIS256_BLOCK_SIZE - 1); - src += base; - dst += base; - chunksize &= AEGIS256_BLOCK_SIZE - 1; - - if (chunksize > 0) - ops->crypt_tail(state, chunksize, src, dst); + while (walk->nbytes >= AEGIS256_BLOCK_SIZE) { + ops->crypt_blocks(state, + round_down(walk->nbytes, AEGIS256_BLOCK_SIZE), + walk->src.virt.addr, walk->dst.virt.addr); + skcipher_walk_done(walk, walk->nbytes % AEGIS256_BLOCK_SIZE); + } - skcipher_walk_done(&walk, 0); + if (walk->nbytes) { + ops->crypt_tail(state, walk->nbytes, walk->src.virt.addr, + walk->dst.virt.addr); + skcipher_walk_done(walk, 0); } } @@ -186,13 +175,16 @@ static void crypto_aegis256_aesni_crypt(struct aead_request *req, { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct aegis_ctx *ctx = crypto_aegis256_aesni_ctx(tfm); + struct skcipher_walk walk; struct aegis_state state; + ops->skcipher_walk_init(&walk, req, true); + kernel_fpu_begin(); crypto_aegis256_aesni_init(&state, ctx->key, req->iv); crypto_aegis256_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis256_aesni_process_crypt(&state, req, ops); + crypto_aegis256_aesni_process_crypt(&state, &walk, ops); crypto_aegis256_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); -- 2.20.1

6 years, 7 months

2
1
0 0

[PATCH v2 01/15] crypto: aegis - fix handling chunked inputs

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> The generic AEGIS implementations all fail the improved AEAD tests because they produce the wrong result with some data layouts. The issue is that they assume that if the skcipher_walk API gives 'nbytes' not aligned to the walksize (a.k.a. walk.stride), then it is the end of the data. In fact, this can happen before the end. Fix them. Fixes: f606a88e5823 ("crypto: aegis - Add generic AEGIS AEAD implementations") Cc: <stable(a)vger.kernel.org> # v4.18+ Cc: Ondrej Mosnacek <omosnace(a)redhat.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- crypto/aegis128.c | 14 +++++++------- crypto/aegis128l.c | 14 +++++++------- crypto/aegis256.c | 14 +++++++------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/crypto/aegis128.c b/crypto/aegis128.c index 96e078a8a00a1..3718a83413032 100644 --- a/crypto/aegis128.c +++ b/crypto/aegis128.c @@ -286,19 +286,19 @@ static void crypto_aegis128_process_crypt(struct aegis_state *state, const struct aegis128_ops *ops) { struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, chunksize); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } diff --git a/crypto/aegis128l.c b/crypto/aegis128l.c index a210e779b911b..275a8616d71bd 100644 --- a/crypto/aegis128l.c +++ b/crypto/aegis128l.c @@ -349,19 +349,19 @@ static void crypto_aegis128l_process_crypt(struct aegis_state *state, const struct aegis128l_ops *ops) { struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, chunksize); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } diff --git a/crypto/aegis256.c b/crypto/aegis256.c index 49882a28e93e9..ecd6b7f34a2d2 100644 --- a/crypto/aegis256.c +++ b/crypto/aegis256.c @@ -299,19 +299,19 @@ static void crypto_aegis256_process_crypt(struct aegis_state *state, const struct aegis256_ops *ops) { struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, chunksize); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } -- 2.20.1

6 years, 7 months

2
1
0 0

[PATCH v2 02/15] crypto: morus - fix handling chunked inputs

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> The generic MORUS implementations all fail the improved AEAD tests because they produce the wrong result with some data layouts. The issue is that they assume that if the skcipher_walk API gives 'nbytes' not aligned to the walksize (a.k.a. walk.stride), then it is the end of the data. In fact, this can happen before the end. Fix them. Fixes: 396be41f16fd ("crypto: morus - Add generic MORUS AEAD implementations") Cc: <stable(a)vger.kernel.org> # v4.18+ Cc: Ondrej Mosnacek <omosnace(a)redhat.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- crypto/morus1280.c | 13 +++++++------ crypto/morus640.c | 13 +++++++------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/crypto/morus1280.c b/crypto/morus1280.c index 78ba09db7328c..0747732d5b78a 100644 --- a/crypto/morus1280.c +++ b/crypto/morus1280.c @@ -362,18 +362,19 @@ static void crypto_morus1280_process_crypt(struct morus1280_state *state, const struct morus1280_ops *ops) { struct skcipher_walk walk; - u8 *dst; - const u8 *src; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, walk.nbytes); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } diff --git a/crypto/morus640.c b/crypto/morus640.c index 5cf530139b271..1617a1eb8be13 100644 --- a/crypto/morus640.c +++ b/crypto/morus640.c @@ -361,18 +361,19 @@ static void crypto_morus640_process_crypt(struct morus640_state *state, const struct morus640_ops *ops) { struct skcipher_walk walk; - u8 *dst; - const u8 *src; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, walk.nbytes); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } -- 2.20.1

6 years, 7 months

2
1
0 0

[PATCH v3] tpm: Fix some name collisions with drivers/char/tpm.h

by Jarkko Sakkinen

* Rename TPM_BUFSIZE defined in drivers/char/tpm/st33zp24/st33zp24.h to ST33ZP24_BUFSIZE. * Rename TPM_BUFSIZE defined in drivers/char/tpm/tpm_i2c_infineon.c to TPM_I2C_INFINEON_BUFSIZE. * Rename TPM_RETRY in tpm_i2c_nuvoton to TPM_I2C_RETRIES. * Remove TPM_HEADER_SIZE from tpm_i2c_nuvoton. Cc: stable(a)vger.kernel.org Fixes: bf38b8710892 ("tpm/tpm_i2c_stm_st33: Split tpm_i2c_tpm_st33 in 2 layers (core + phy)") Fixes: aad628c1d91a ("char/tpm: Add new driver for Infineon I2C TIS TPM") Fixes: 32d33b29ba07 ("TPM: Retry SaveState command in suspend path") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- v3: * Fix two name collisions in tpm_i2c_nuvoton. * Fix short summary. * Fix compilation error in tpm_i2c_infineon (forgot to stage one diff to v2). v2: * Fix also the name collision in tpm_ic2_infineon. drivers/char/tpm/st33zp24/i2c.c | 2 +- drivers/char/tpm/st33zp24/spi.c | 2 +- drivers/char/tpm/st33zp24/st33zp24.h | 4 ++-- drivers/char/tpm/tpm_i2c_infineon.c | 15 ++++++++------- drivers/char/tpm/tpm_i2c_nuvoton.c | 16 +++++++--------- 5 files changed, 19 insertions(+), 20 deletions(-) diff --git a/drivers/char/tpm/st33zp24/i2c.c b/drivers/char/tpm/st33zp24/i2c.c index be5d1abd3e8e..8390c5b54c3b 100644 --- a/drivers/char/tpm/st33zp24/i2c.c +++ b/drivers/char/tpm/st33zp24/i2c.c @@ -33,7 +33,7 @@ struct st33zp24_i2c_phy { struct i2c_client *client; - u8 buf[TPM_BUFSIZE + 1]; + u8 buf[ST33ZP24_BUFSIZE + 1]; int io_lpcpd; }; diff --git a/drivers/char/tpm/st33zp24/spi.c b/drivers/char/tpm/st33zp24/spi.c index d7909ab287a8..ff019a1e3c68 100644 --- a/drivers/char/tpm/st33zp24/spi.c +++ b/drivers/char/tpm/st33zp24/spi.c @@ -63,7 +63,7 @@ * some latency byte before the answer is available (max 15). * We have 2048 + 1024 + 15. */ -#define ST33ZP24_SPI_BUFFER_SIZE (TPM_BUFSIZE + (TPM_BUFSIZE / 2) +\ +#define ST33ZP24_SPI_BUFFER_SIZE (ST33ZP24_BUFSIZE + (ST33ZP24_BUFSIZE / 2) +\ MAX_SPI_LATENCY) diff --git a/drivers/char/tpm/st33zp24/st33zp24.h b/drivers/char/tpm/st33zp24/st33zp24.h index 6f4a4198af6a..20da0a84988d 100644 --- a/drivers/char/tpm/st33zp24/st33zp24.h +++ b/drivers/char/tpm/st33zp24/st33zp24.h @@ -18,8 +18,8 @@ #ifndef __LOCAL_ST33ZP24_H__ #define __LOCAL_ST33ZP24_H__ -#define TPM_WRITE_DIRECTION 0x80 -#define TPM_BUFSIZE 2048 +#define TPM_WRITE_DIRECTION 0x80 +#define ST33ZP24_BUFSIZE 2048 struct st33zp24_dev { struct tpm_chip *chip; diff --git a/drivers/char/tpm/tpm_i2c_infineon.c b/drivers/char/tpm/tpm_i2c_infineon.c index 9086edc9066b..3b490d9d90e7 100644 --- a/drivers/char/tpm/tpm_i2c_infineon.c +++ b/drivers/char/tpm/tpm_i2c_infineon.c @@ -26,8 +26,7 @@ #include <linux/wait.h> #include "tpm.h" -/* max. buffer size supported by our TPM */ -#define TPM_BUFSIZE 1260 +#define TPM_I2C_INFINEON_BUFSIZE 1260 /* max. number of iterations after I2C NAK */ #define MAX_COUNT 3 @@ -63,11 +62,13 @@ enum i2c_chip_type { UNKNOWN, }; -/* Structure to store I2C TPM specific stuff */ struct tpm_inf_dev { struct i2c_client *client; int locality; - u8 buf[TPM_BUFSIZE + sizeof(u8)]; /* max. buffer size + addr */ + /* In addition to the data itself, the buffer must fit the 7-bit I2C + * address and the direction bit. + */ + u8 buf[TPM_I2C_INFINEON_BUFSIZE + 1]; struct tpm_chip *chip; enum i2c_chip_type chip_type; unsigned int adapterlimit; @@ -219,7 +220,7 @@ static int iic_tpm_write_generic(u8 addr, u8 *buffer, size_t len, .buf = tpm_dev.buf }; - if (len > TPM_BUFSIZE) + if (len > TPM_I2C_INFINEON_BUFSIZE) return -EINVAL; if (!tpm_dev.client->adapter->algo->master_xfer) @@ -527,8 +528,8 @@ static int tpm_tis_i2c_send(struct tpm_chip *chip, u8 *buf, size_t len) u8 retries = 0; u8 sts = TPM_STS_GO; - if (len > TPM_BUFSIZE) - return -E2BIG; /* command is too long for our tpm, sorry */ + if (len > TPM_I2C_INFINEON_BUFSIZE) + return -E2BIG; if (request_locality(chip, 0) < 0) return -EBUSY; diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c b/drivers/char/tpm/tpm_i2c_nuvoton.c index 217f7f1cbde8..5700cc2ddee1 100644 --- a/drivers/char/tpm/tpm_i2c_nuvoton.c +++ b/drivers/char/tpm/tpm_i2c_nuvoton.c @@ -35,14 +35,12 @@ #include "tpm.h" /* I2C interface offsets */ -#define TPM_STS 0x00 -#define TPM_BURST_COUNT 0x01 -#define TPM_DATA_FIFO_W 0x20 -#define TPM_DATA_FIFO_R 0x40 -#define TPM_VID_DID_RID 0x60 -/* TPM command header size */ -#define TPM_HEADER_SIZE 10 -#define TPM_RETRY 5 +#define TPM_STS 0x00 +#define TPM_BURST_COUNT 0x01 +#define TPM_DATA_FIFO_W 0x20 +#define TPM_DATA_FIFO_R 0x40 +#define TPM_VID_DID_RID 0x60 +#define TPM_I2C_RETRIES 5 /* * I2C bus device maximum buffer size w/o counting I2C address or command * i.e. max size required for I2C write is 34 = addr, command, 32 bytes data @@ -292,7 +290,7 @@ static int i2c_nuvoton_recv(struct tpm_chip *chip, u8 *buf, size_t count) dev_err(dev, "%s() count < header size\n", __func__); return -EIO; } - for (retries = 0; retries < TPM_RETRY; retries++) { + for (retries = 0; retries < TPM_I2C_RETRIES; retries++) { if (retries > 0) { /* if this is not the first trial, set responseRetry */ i2c_nuvoton_write_status(client, -- 2.19.1

6 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror