- Linux-stable-mirror - lists.linaro.org

Patch "net_sched: red: Avoid devision by zero" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net_sched: red: Avoid devision by zero to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net_sched-red-avoid-devision-by-zero.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Fri Feb 23 12:01:27 CET 2018 From: Nogah Frankel <nogahf(a)mellanox.com> Date: Mon, 4 Dec 2017 13:31:10 +0200 Subject: net_sched: red: Avoid devision by zero From: Nogah Frankel <nogahf(a)mellanox.com> [ Upstream commit 5c472203421ab4f928aa1ae9e1dbcfdd80324148 ] Do not allow delta value to be zero since it is used as a divisor. Fixes: 8af2a218de38 ("sch_red: Adaptative RED AQM") Signed-off-by: Nogah Frankel <nogahf(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/net/red.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/net/red.h +++ b/include/net/red.h @@ -178,7 +178,7 @@ static inline void red_set_parms(struct p->qth_max = qth_max << Wlog; p->Wlog = Wlog; p->Plog = Plog; - if (delta < 0) + if (delta <= 0) delta = 1; p->qth_delta = delta; if (!max_P) { Patches currently in stable-queue which might be from nogahf(a)mellanox.com are queue-3.18/net_sched-red-avoid-devision-by-zero.patch queue-3.18/net_sched-red-avoid-illegal-values.patch

7 years, 4 months

1
0
0 0

Patch "mm/early_ioremap: Fix boot hang with earlyprintk=efi, keep" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mm-early_ioremap-fix-boot-hang-with-earlyprintk-efi-keep.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Fri Feb 23 12:01:27 CET 2018 From: Dave Young <dyoung(a)redhat.com> Date: Sat, 9 Dec 2017 12:16:10 +0800 Subject: mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep From: Dave Young <dyoung(a)redhat.com> [ Upstream commit 7f6f60a1ba52538c16f26930bfbcfe193d9d746a ] earlyprintk=efi,keep does not work any more with a warning in mm/early_ioremap.c: WARN_ON(system_state != SYSTEM_BOOTING): Boot just hangs because of the earlyprintk within the earlyprintk implementation code itself. This is caused by a new introduced middle state in: 69a78ff226fe ("init: Introduce SYSTEM_SCHEDULING state") early_ioremap() is fine in both SYSTEM_BOOTING and SYSTEM_SCHEDULING states, original condition should be updated accordingly. Signed-off-by: Dave Young <dyoung(a)redhat.com> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: bp(a)suse.de Cc: linux-efi(a)vger.kernel.org Cc: linux-mm(a)kvack.org Link: http://lkml.kernel.org/r/20171209041610.GA3249@dhcp-128-65.nay.redhat.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- mm/early_ioremap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/early_ioremap.c +++ b/mm/early_ioremap.c @@ -102,7 +102,7 @@ __early_ioremap(resource_size_t phys_add enum fixed_addresses idx; int i, slot; - WARN_ON(system_state != SYSTEM_BOOTING); + WARN_ON(system_state >= SYSTEM_RUNNING); slot = -1; for (i = 0; i < FIX_BTMAPS_SLOTS; i++) { Patches currently in stable-queue which might be from dyoung(a)redhat.com are queue-3.18/mm-early_ioremap-fix-boot-hang-with-earlyprintk-efi-keep.patch

7 years, 4 months

1
0
0 0

Patch "media: s5k6aa: describe some function parameters" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled media: s5k6aa: describe some function parameters to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: media-s5k6aa-describe-some-function-parameters.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Fri Feb 23 12:01:27 CET 2018 From: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Date: Wed, 29 Nov 2017 08:44:41 -0500 Subject: media: s5k6aa: describe some function parameters From: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> [ Upstream commit 070250a1715cee2297de0d9e7e2cea58be999d37 ] as warned: drivers/media/i2c/s5k6aa.c:429: warning: No description found for parameter 's5k6aa' drivers/media/i2c/s5k6aa.c:679: warning: No description found for parameter 's5k6aa' drivers/media/i2c/s5k6aa.c:733: warning: No description found for parameter 's5k6aa' drivers/media/i2c/s5k6aa.c:733: warning: No description found for parameter 'preset' drivers/media/i2c/s5k6aa.c:787: warning: No description found for parameter 'sd' Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/i2c/s5k6aa.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/drivers/media/i2c/s5k6aa.c +++ b/drivers/media/i2c/s5k6aa.c @@ -421,6 +421,7 @@ static int s5k6aa_set_ahb_address(struct /** * s5k6aa_configure_pixel_clock - apply ISP main clock/PLL configuration + * @s5k6aa: pointer to &struct s5k6aa describing the device * * Configure the internal ISP PLL for the required output frequency. * Locking: called with s5k6aa.lock mutex held. @@ -669,6 +670,7 @@ static int s5k6aa_set_input_params(struc /** * s5k6aa_configure_video_bus - configure the video output interface + * @s5k6aa: pointer to &struct s5k6aa describing the device * @bus_type: video bus type: parallel or MIPI-CSI * @nlanes: number of MIPI lanes to be used (MIPI-CSI only) * @@ -724,6 +726,8 @@ static int s5k6aa_new_config_sync(struct /** * s5k6aa_set_prev_config - write user preview register set + * @s5k6aa: pointer to &struct s5k6aa describing the device + * @preset: s5kaa preset to be applied * * Configure output resolution and color fromat, pixel clock * frequency range, device frame rate type and frame period range. @@ -777,6 +781,7 @@ static int s5k6aa_set_prev_config(struct /** * s5k6aa_initialize_isp - basic ISP MCU initialization + * @sd: pointer to V4L2 sub-device descriptor * * Configure AHB addresses for registers read/write; configure PLLs for * required output pixel clock. The ISP power supply needs to be already Patches currently in stable-queue which might be from mchehab(a)s-opensource.com are queue-3.18/media-s5k6aa-describe-some-function-parameters.patch queue-3.18/media-r820t-fix-r820t_write_reg-for-kasan.patch

7 years, 4 months

1
0
0 0

Patch "m68k: add missing SOFTIRQENTRY_TEXT linker section" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled m68k: add missing SOFTIRQENTRY_TEXT linker section to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: m68k-add-missing-softirqentry_text-linker-section.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Fri Feb 23 12:01:27 CET 2018 From: Greg Ungerer <gerg(a)linux-m68k.org> Date: Tue, 14 Nov 2017 11:50:07 +1000 Subject: m68k: add missing SOFTIRQENTRY_TEXT linker section From: Greg Ungerer <gerg(a)linux-m68k.org> [ Upstream commit 969de0988b77e5a57aac2f7270191a3c50540c52 ] Commit be7635e7287e ("arch, ftrace: for KASAN put hard/soft IRQ entries into separate sections") added a new linker section, SOFTIRQENTRY_TEXT, to the linker scripts for most architectures. It didn't add it to any of the linker scripts for the m68k architecture. This was not really a problem because it is only defined if either of CONFIG_FUNCTION_GRAPH_TRACER or CONFIG_KASAN are enabled - which can never be true for m68k. However commit 229a71860547 ("irq: Make the irqentry text section unconditional") means that SOFTIRQENTRY_TEXT is now always defined. So on m68k we now end up with a separate ELF section for .softirqentry.text instead of it being part of the .text section. On some m68k targets in some configurations this can also cause a fatal link error: LD vmlinux /usr/local/bin/../m68k-uclinux/bin/ld.real: section .softirqentry.text loaded at [0000000010de10c0,0000000010de12dd] overlaps section .rodata loaded at [0000000010de10c0,0000000010e0fd67] To fix add in the missing SOFTIRQENTRY_TEXT section into the m68k linker scripts. I noticed that m68k is also missing the IRQENTRY_TEXT section, so this patch also adds an entry for that too. Signed-off-by: Greg Ungerer <gerg(a)linux-m68k.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/m68k/kernel/vmlinux-nommu.lds | 2 ++ arch/m68k/kernel/vmlinux-std.lds | 2 ++ arch/m68k/kernel/vmlinux-sun3.lds | 2 ++ 3 files changed, 6 insertions(+) --- a/arch/m68k/kernel/vmlinux-nommu.lds +++ b/arch/m68k/kernel/vmlinux-nommu.lds @@ -44,6 +44,8 @@ SECTIONS { .text : { HEAD_TEXT TEXT_TEXT + IRQENTRY_TEXT + SOFTIRQENTRY_TEXT SCHED_TEXT LOCK_TEXT *(.fixup) --- a/arch/m68k/kernel/vmlinux-std.lds +++ b/arch/m68k/kernel/vmlinux-std.lds @@ -15,6 +15,8 @@ SECTIONS .text : { HEAD_TEXT TEXT_TEXT + IRQENTRY_TEXT + SOFTIRQENTRY_TEXT SCHED_TEXT LOCK_TEXT *(.fixup) --- a/arch/m68k/kernel/vmlinux-sun3.lds +++ b/arch/m68k/kernel/vmlinux-sun3.lds @@ -15,6 +15,8 @@ SECTIONS .text : { HEAD_TEXT TEXT_TEXT + IRQENTRY_TEXT + SOFTIRQENTRY_TEXT SCHED_TEXT LOCK_TEXT *(.fixup) Patches currently in stable-queue which might be from gerg(a)linux-m68k.org are queue-3.18/m68k-add-missing-softirqentry_text-linker-section.patch

7 years, 4 months

1
0
0 0

Patch "hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: hippi-fix-a-fix-a-possible-sleep-in-atomic-bug-in-rr_close.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Fri Feb 23 12:01:27 CET 2018 From: Jia-Ju Bai <baijiaju1990(a)163.com> Date: Tue, 12 Dec 2017 16:49:52 +0800 Subject: hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close From: Jia-Ju Bai <baijiaju1990(a)163.com> [ Upstream commit 6e266610eb6553cfb7e7eb5d11914bd01509c406 ] The driver may sleep under a spinlock. The function call path is: rr_close (acquire the spinlock) free_irq --> may sleep To fix it, free_irq is moved to the place without holding the spinlock. This bug is found by my static analysis tool(DSAC) and checked by my code review. Signed-off-by: Jia-Ju Bai <baijiaju1990(a)163.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/hippi/rrunner.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/hippi/rrunner.c +++ b/drivers/net/hippi/rrunner.c @@ -1381,8 +1381,8 @@ static int rr_close(struct net_device *d rrpriv->info_dma); rrpriv->info = NULL; - free_irq(pdev->irq, dev); spin_unlock_irqrestore(&rrpriv->lock, flags); + free_irq(pdev->irq, dev); return 0; } Patches currently in stable-queue which might be from baijiaju1990(a)163.com are queue-3.18/hippi-fix-a-fix-a-possible-sleep-in-atomic-bug-in-rr_close.patch

7 years, 4 months

1
0
0 0

Patch "gianfar: fix a flooded alignment reports because of padding issue." has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled gianfar: fix a flooded alignment reports because of padding issue. to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: gianfar-fix-a-flooded-alignment-reports-because-of-padding-issue.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Fri Feb 23 12:01:27 CET 2018 From: Zumeng Chen <zumeng.chen(a)gmail.com> Date: Mon, 4 Dec 2017 11:22:02 +0800 Subject: gianfar: fix a flooded alignment reports because of padding issue. From: Zumeng Chen <zumeng.chen(a)gmail.com> [ Upstream commit 58117672943734715bbe7565ac9f062effa524f0 ] According to LS1021A RM, the value of PAL can be set so that the start of the IP header in the receive data buffer is aligned to a 32-bit boundary. Normally, setting PAL = 2 provides minimal padding to ensure such alignment of the IP header. However every incoming packet's 8-byte time stamp will be inserted into the packet data buffer as padding alignment bytes when hardware time stamping is enabled. So we set the padding 8+2 here to avoid the flooded alignment faults: root@128:~# cat /proc/cpu/alignment User: 0 System: 17539 (inet_gro_receive+0x114/0x2c0) Skipped: 0 Half: 0 Word: 0 DWord: 0 Multi: 17539 User faults: 2 (fixup) Also shown when exception report enablement CPU: 0 PID: 161 Comm: irq/66-eth1_g0_ Not tainted 4.1.21-rt13-WR8.0.0.0_preempt-rt #16 Hardware name: Freescale LS1021A [<8001b420>] (unwind_backtrace) from [<8001476c>] (show_stack+0x20/0x24) [<8001476c>] (show_stack) from [<807cfb48>] (dump_stack+0x94/0xac) [<807cfb48>] (dump_stack) from [<80025d70>] (do_alignment+0x720/0x958) [<80025d70>] (do_alignment) from [<80009224>] (do_DataAbort+0x40/0xbc) [<80009224>] (do_DataAbort) from [<80015398>] (__dabt_svc+0x38/0x60) Exception stack(0x86ad1cc0 to 0x86ad1d08) 1cc0: f9b3e080 86b3d072 2d78d287 00000000 866816c0 86b3d05e 86e785d0 00000000 1ce0: 00000011 0000000e 80840ab0 86ad1d3c 86ad1d08 86ad1d08 806d7fc0 806d806c 1d00: 40070013 ffffffff [<80015398>] (__dabt_svc) from [<806d806c>] (inet_gro_receive+0x114/0x2c0) [<806d806c>] (inet_gro_receive) from [<80660eec>] (dev_gro_receive+0x21c/0x3c0) [<80660eec>] (dev_gro_receive) from [<8066133c>] (napi_gro_receive+0x44/0x17c) [<8066133c>] (napi_gro_receive) from [<804f0538>] (gfar_clean_rx_ring+0x39c/0x7d4) [<804f0538>] (gfar_clean_rx_ring) from [<804f0bf4>] (gfar_poll_rx_sq+0x58/0xe0) [<804f0bf4>] (gfar_poll_rx_sq) from [<80660b10>] (net_rx_action+0x27c/0x43c) [<80660b10>] (net_rx_action) from [<80033638>] (do_current_softirqs+0x1e0/0x3dc) [<80033638>] (do_current_softirqs) from [<800338c4>] (__local_bh_enable+0x90/0xa8) [<800338c4>] (__local_bh_enable) from [<8008025c>] (irq_forced_thread_fn+0x70/0x84) [<8008025c>] (irq_forced_thread_fn) from [<800805e8>] (irq_thread+0x16c/0x244) [<800805e8>] (irq_thread) from [<8004e490>] (kthread+0xe8/0x104) [<8004e490>] (kthread) from [<8000fda8>] (ret_from_fork+0x14/0x2c) Signed-off-by: Zumeng Chen <zumeng.chen(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/freescale/gianfar.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/net/ethernet/freescale/gianfar.c +++ b/drivers/net/ethernet/freescale/gianfar.c @@ -1356,9 +1356,11 @@ static int gfar_probe(struct platform_de gfar_init_addr_hash_table(priv); - /* Insert receive time stamps into padding alignment bytes */ + /* Insert receive time stamps into padding alignment bytes, and + * plus 2 bytes padding to ensure the cpu alignment. + */ if (priv->device_flags & FSL_GIANFAR_DEV_HAS_TIMER) - priv->padding = 8; + priv->padding = 8 + DEFAULT_PADDING; if (dev->features & NETIF_F_IP_CSUM || priv->device_flags & FSL_GIANFAR_DEV_HAS_TIMER) Patches currently in stable-queue which might be from zumeng.chen(a)gmail.com are queue-3.18/gianfar-fix-a-flooded-alignment-reports-because-of-padding-issue.patch

7 years, 4 months

1
0
0 0

Patch "dmaengine: jz4740: disable/unprepare clk if probe fails" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dmaengine: jz4740: disable/unprepare clk if probe fails to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dmaengine-jz4740-disable-unprepare-clk-if-probe-fails.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Fri Feb 23 12:01:27 CET 2018 From: Tobias Jordan <Tobias.Jordan(a)elektrobit.com> Date: Wed, 6 Dec 2017 14:28:27 +0100 Subject: dmaengine: jz4740: disable/unprepare clk if probe fails From: Tobias Jordan <Tobias.Jordan(a)elektrobit.com> [ Upstream commit eb9436966fdc84cebdf222952a99898ab46d9bb0 ] in error path of jz4740_dma_probe(), call clk_disable_unprepare() to clean up. Found by Linux Driver Verification project (linuxtesting.org). Fixes: 25ce6c35fea0 MIPS: jz4740: Remove custom DMA API Signed-off-by: Tobias Jordan <Tobias.Jordan(a)elektrobit.com> Signed-off-by: Vinod Koul <vinod.koul(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma/dma-jz4740.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/drivers/dma/dma-jz4740.c +++ b/drivers/dma/dma-jz4740.c @@ -575,7 +575,7 @@ static int jz4740_dma_probe(struct platf ret = dma_async_device_register(dd); if (ret) - return ret; + goto err_clk; irq = platform_get_irq(pdev, 0); ret = request_irq(irq, jz4740_dma_irq, 0, dev_name(&pdev->dev), dmadev); @@ -588,6 +588,8 @@ static int jz4740_dma_probe(struct platf err_unregister: dma_async_device_unregister(dd); +err_clk: + clk_disable_unprepare(dmadev->clk); return ret; } Patches currently in stable-queue which might be from Tobias.Jordan(a)elektrobit.com are queue-3.18/dmaengine-jz4740-disable-unprepare-clk-if-probe-fails.patch

7 years, 4 months

1
0
0 0

Patch "btrfs: Fix possible off-by-one in btrfs_search_path_in_tree" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled btrfs: Fix possible off-by-one in btrfs_search_path_in_tree to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: btrfs-fix-possible-off-by-one-in-btrfs_search_path_in_tree.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Fri Feb 23 12:01:27 CET 2018 From: Nikolay Borisov <nborisov(a)suse.com> Date: Fri, 1 Dec 2017 11:19:42 +0200 Subject: btrfs: Fix possible off-by-one in btrfs_search_path_in_tree From: Nikolay Borisov <nborisov(a)suse.com> [ Upstream commit c8bcbfbd239ed60a6562964b58034ac8a25f4c31 ] The name char array passed to btrfs_search_path_in_tree is of size BTRFS_INO_LOOKUP_PATH_MAX (4080). So the actual accessible char indexes are in the range of [0, 4079]. Currently the code uses the define but this represents an off-by-one. Implications: Size of btrfs_ioctl_ino_lookup_args is 4096, so the new byte will be written to extra space, not some padding that could be provided by the allocator. btrfs-progs store the arguments on stack, but kernel does own copy of the ioctl buffer and the off-by-one overwrite does not affect userspace, but the ending 0 might be lost. Kernel ioctl buffer is allocated dynamically so we're overwriting somebody else's memory, and the ioctl is privileged if args.objectid is not 256. Which is in most cases, but resolving a subvolume stored in another directory will trigger that path. Before this patch the buffer was one byte larger, but then the -1 was not added. Fixes: ac8e9819d71f907 ("Btrfs: add search and inode lookup ioctls") Signed-off-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> [ added implications ] Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/btrfs/ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -2233,7 +2233,7 @@ static noinline int btrfs_search_path_in if (!path) return -ENOMEM; - ptr = &name[BTRFS_INO_LOOKUP_PATH_MAX]; + ptr = &name[BTRFS_INO_LOOKUP_PATH_MAX - 1]; key.objectid = tree_id; key.type = BTRFS_ROOT_ITEM_KEY; Patches currently in stable-queue which might be from nborisov(a)suse.com are queue-3.18/btrfs-fix-possible-off-by-one-in-btrfs_search_path_in_tree.patch

7 years, 4 months

1
0
0 0

Patch "ARM: dts: am4372: Correct the interrupts_properties of McASP" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: am4372: Correct the interrupts_properties of McASP to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-am4372-correct-the-interrupts_properties-of-mcasp.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Fri Feb 23 12:01:27 CET 2018 From: Peter Ujfalusi <peter.ujfalusi(a)ti.com> Date: Wed, 1 Nov 2017 11:03:31 +0200 Subject: ARM: dts: am4372: Correct the interrupts_properties of McASP From: Peter Ujfalusi <peter.ujfalusi(a)ti.com> [ Upstream commit 627395a6f8091c0aa18f49dca7df59ba3ec147ef ] Fixes the following warnings: arch/arm/boot/dts/am437x-cm-t43.dtb: Warning (interrupts_property): interrupts size is (8), expected multiple of 12 in /ocp@44000000/mcasp@48038000 arch/arm/boot/dts/am437x-cm-t43.dtb: Warning (interrupts_property): interrupts size is (8), expected multiple of 12 in /ocp@44000000/mcasp@4803C000 Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)ti.com> Signed-off-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/am4372.dtsi | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/arch/arm/boot/dts/am4372.dtsi +++ b/arch/arm/boot/dts/am4372.dtsi @@ -702,7 +702,8 @@ reg = <0x48038000 0x2000>, <0x46000000 0x400000>; reg-names = "mpu", "dat"; - interrupts = <80>, <81>; + interrupts = <GIC_SPI 80 IRQ_TYPE_LEVEL_HIGH>, + <GIC_SPI 81 IRQ_TYPE_LEVEL_HIGH>; interrupt-names = "tx", "rx"; status = "disabled"; dmas = <&edma 8>, @@ -716,7 +717,8 @@ reg = <0x4803C000 0x2000>, <0x46400000 0x400000>; reg-names = "mpu", "dat"; - interrupts = <82>, <83>; + interrupts = <GIC_SPI 82 IRQ_TYPE_LEVEL_HIGH>, + <GIC_SPI 83 IRQ_TYPE_LEVEL_HIGH>; interrupt-names = "tx", "rx"; status = "disabled"; dmas = <&edma 10>, Patches currently in stable-queue which might be from peter.ujfalusi(a)ti.com are queue-3.18/arm-dts-am4372-correct-the-interrupts_properties-of-mcasp.patch

7 years, 4 months

1
0
0 0

Patch "509: fix printing uninitialized stack memory when OID is empty" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled 509: fix printing uninitialized stack memory when OID is empty to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: 509-fix-printing-uninitialized-stack-memory-when-oid-is-empty.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Fri Feb 23 12:01:27 CET 2018 From: Eric Biggers <ebiggers3(a)gmail.com> Date: Fri, 8 Dec 2017 15:13:28 +0000 Subject: 509: fix printing uninitialized stack memory when OID is empty From: Eric Biggers <ebiggers3(a)gmail.com> [ Upstream commit 8dfd2f22d3bf3ab7714f7495ad5d897b8845e8c1 ] Callers of sprint_oid() do not check its return value before printing the result. In the case where the OID is zero-length, -EBADMSG was being returned without anything being written to the buffer, resulting in uninitialized stack memory being printed. Fix this by writing "(bad)" to the buffer in the cases where -EBADMSG is returned. Fixes: 4f73175d0375 ("X.509: Add utility functions to render OIDs as strings") Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- lib/oid_registry.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/lib/oid_registry.c +++ b/lib/oid_registry.c @@ -116,7 +116,7 @@ int sprint_oid(const void *data, size_t int count; if (v >= end) - return -EBADMSG; + goto bad; n = *v++; ret = count = snprintf(buffer, bufsize, "%u.%u", n / 40, n % 40); @@ -134,7 +134,7 @@ int sprint_oid(const void *data, size_t num = n & 0x7f; do { if (v >= end) - return -EBADMSG; + goto bad; n = *v++; num <<= 7; num |= n & 0x7f; @@ -148,6 +148,10 @@ int sprint_oid(const void *data, size_t } return ret; + +bad: + snprintf(buffer, bufsize, "(bad)"); + return -EBADMSG; } EXPORT_SYMBOL_GPL(sprint_oid); Patches currently in stable-queue which might be from ebiggers3(a)gmail.com are queue-3.18/509-fix-printing-uninitialized-stack-memory-when-oid-is-empty.patch

7 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror