- Linux-stable-mirror - lists.linaro.org

[PATCH v4] usb: gadget: configfs: Fix KASAN use-after-free

by Macpaul Lin

From: Jim Lin <jilin(a)nvidia.com> When gadget is disconnected, running sequence is like this. . composite_disconnect . Call trace: usb_string_copy+0xd0/0x128 gadget_config_name_configuration_store+0x4 gadget_config_name_attr_store+0x40/0x50 configfs_write_file+0x198/0x1f4 vfs_write+0x100/0x220 SyS_write+0x58/0xa8 . configfs_composite_unbind . configfs_composite_bind In configfs_composite_bind, it has "cn->strings.s = cn->configuration;" When usb_string_copy is invoked. it would allocate memory, copy input string, release previous pointed memory space, and use new allocated memory. When gadget is connected, host sends down request to get information. Call trace: usb_gadget_get_string+0xec/0x168 lookup_string+0x64/0x98 composite_setup+0xa34/0x1ee8 If gadget is disconnected and connected quickly, in the failed case, cn->configuration memory has been released by usb_string_copy kfree but configfs_composite_bind hasn't been run in time to assign new allocated "cn->configuration" pointer to "cn->strings.s". When "strlen(s->s) of usb_gadget_get_string is being executed, the dangling memory is accessed, "BUG: KASAN: use-after-free" error occurs. Signed-off-by: Jim Lin <jilin(a)nvidia.com> Signed-off-by: Macpaul Lin <macpaul.lin(a)mediatek.com> Cc: stable(a)vger.kernel.org --- Changes in v2: Changes in v3: - Change commit description Changes in v4: - Fix build error and adapt patch to kernel-5.12-rc1. Replace definition "MAX_USB_STRING_WITH_NULL_LEN" with "USB_MAX_STRING_WITH_NULL_LEN". - Note: The patch v2 and v3 has been verified by Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> http://spinics.net/lists/kernel/msg3840792.html and Macpaul Lin <macpaul.lin(a)mediatek.com> on Android kernels. http://lkml.org/lkml/2020/6/11/8 - The patch is suggested to be applied to LTS versions. drivers/usb/gadget/configfs.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c index 0d56f33..15a607c 100644 --- a/drivers/usb/gadget/configfs.c +++ b/drivers/usb/gadget/configfs.c @@ -97,6 +97,8 @@ struct gadget_config_name { struct list_head list; }; +#define USB_MAX_STRING_WITH_NULL_LEN (USB_MAX_STRING_LEN+1) + static int usb_string_copy(const char *s, char **s_copy) { int ret; @@ -106,12 +108,16 @@ static int usb_string_copy(const char *s, char **s_copy) if (ret > USB_MAX_STRING_LEN) return -EOVERFLOW; - str = kstrdup(s, GFP_KERNEL); - if (!str) - return -ENOMEM; + if (copy) { + str = copy; + } else { + str = kmalloc(USB_MAX_STRING_WITH_NULL_LEN, GFP_KERNEL); + if (!str) + return -ENOMEM; + } + strcpy(str, s); if (str[ret - 1] == '\n') str[ret - 1] = '\0'; - kfree(copy); *s_copy = str; return 0; } -- 1.7.9.5

4 years, 5 months

2
2
0 0

[PATCH 4.4 0/7] 4.4.261-rc1 review

by gregkh＠linuxfoundation.org

From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> This is the start of the stable review cycle for the 4.4.261 release. There are 7 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 12 Mar 2021 13:23:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.261-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.261-rc1 Bjorn Helgaas <bhelgaas(a)google.com> PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Add new force_caps module parameter Jeffle Xu <jefflexu(a)linux.alibaba.com> dm table: fix iterate_devices based device capability checks Dan Carpenter <dan.carpenter(a)oracle.com> rsxx: Return -EFAULT if copy_to_user() fails Colin Ian King <colin.king(a)canonical.com> ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits Thomas Schoebel-Theuer <tst(a)1und1.de> futex: fix spin_lock() / spin_unlock_irq() imbalance Thomas Schoebel-Theuer <tst(a)1und1.de> futex: fix irq self-deadlock and satisfy assertion ------------- Diffstat: Makefile | 4 +- drivers/block/rsxx/core.c | 8 ++-- drivers/md/dm-table.c | 83 ++++++++++++++++++++++++++--------------- drivers/pci/quirks.c | 3 ++ drivers/platform/x86/acer-wmi.c | 8 +++- kernel/futex.c | 4 +- sound/pci/ctxfi/cthw20k2.c | 2 +- 7 files changed, 74 insertions(+), 38 deletions(-)

4 years, 5 months

6
12
0 0

[PATCH 4.9 00/11] 4.9.261-rc1 review

by gregkh＠linuxfoundation.org

From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> This is the start of the stable review cycle for the 4.9.261 release. There are 11 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 12 Mar 2021 13:23:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.261-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.261-rc1 Aswath Govindraju <a-govindraju(a)ti.com> misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom Bjorn Helgaas <bhelgaas(a)google.com> PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Add new force_caps module parameter Andrey Ryabinin <arbn(a)yandex-team.com> iommu/amd: Fix sleeping in atomic in increase_address_space() Jeffle Xu <jefflexu(a)linux.alibaba.com> dm table: fix DAX iterate_devices based device capability checks Jeffle Xu <jefflexu(a)linux.alibaba.com> dm table: fix iterate_devices based device capability checks Dan Carpenter <dan.carpenter(a)oracle.com> rsxx: Return -EFAULT if copy_to_user() fails Colin Ian King <colin.king(a)canonical.com> ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits Antonio Borneo <borneo.antonio(a)gmail.com> usbip: tools: fix build error for multiple definition Ira Weiny <ira.weiny(a)intel.com> btrfs: fix raid6 qstripe kmap David Sterba <dsterba(a)suse.com> btrfs: raid56: simplify tracking of Q stripe presence ------------- Diffstat: Makefile | 4 +- drivers/block/rsxx/core.c | 8 ++- drivers/iommu/amd_iommu.c | 10 ++-- drivers/md/dm-table.c | 91 +++++++++++++++++++----------- drivers/misc/eeprom/eeprom_93xx46.c | 15 +++++ drivers/pci/quirks.c | 3 + drivers/platform/x86/acer-wmi.c | 8 ++- fs/btrfs/raid56.c | 58 ++++++++----------- include/linux/eeprom_93xx46.h | 2 + sound/pci/ctxfi/cthw20k2.c | 2 +- tools/usb/usbip/libsrc/usbip_host_common.c | 2 +- 11 files changed, 124 insertions(+), 79 deletions(-)

4 years, 5 months

6
16
0 0

[PATCH 4.14 00/20] 4.14.225-rc1 review

by gregkh＠linuxfoundation.org

From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> This is the start of the stable review cycle for the 4.14.225 release. There are 20 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 12 Mar 2021 13:23:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.225-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.225-rc1 AngeloGioacchino Del Regno <angelogioacchino.delregno(a)somainline.org> drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register Aswath Govindraju <a-govindraju(a)ti.com> misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom Bjorn Helgaas <bhelgaas(a)google.com> PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Add new force_caps module parameter Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Cleanup accelerometer device handling Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines Tsuchiya Yuto <kitakar(a)gmail.com> mwifiex: pcie: skip cancel_work_sync() on reset failure path Andrey Ryabinin <arbn(a)yandex-team.com> iommu/amd: Fix sleeping in atomic in increase_address_space() Jeffle Xu <jefflexu(a)linux.alibaba.com> dm table: fix zoned iterate_devices based device capability checks Jeffle Xu <jefflexu(a)linux.alibaba.com> dm table: fix DAX iterate_devices based device capability checks Jeffle Xu <jefflexu(a)linux.alibaba.com> dm table: fix iterate_devices based device capability checks Dan Carpenter <dan.carpenter(a)oracle.com> rsxx: Return -EFAULT if copy_to_user() fails Colin Ian King <colin.king(a)canonical.com> ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits Antonio Borneo <borneo.antonio(a)gmail.com> usbip: tools: fix build error for multiple definition Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Update device status before letting suppliers suspend Ira Weiny <ira.weiny(a)intel.com> btrfs: fix raid6 qstripe kmap David Sterba <dsterba(a)suse.com> btrfs: raid56: simplify tracking of Q stripe presence ------------- Diffstat: Makefile | 4 +- drivers/base/power/runtime.c | 62 ++++++---- drivers/block/rsxx/core.c | 8 +- drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 2 - drivers/iommu/amd_iommu.c | 10 +- drivers/md/dm-table.c | 168 ++++++++++++--------------- drivers/misc/eeprom/eeprom_93xx46.c | 15 +++ drivers/net/wireless/marvell/mwifiex/pcie.c | 18 ++- drivers/net/wireless/marvell/mwifiex/pcie.h | 2 + drivers/pci/quirks.c | 3 + drivers/platform/x86/acer-wmi.c | 169 +++++++++++++++++++++++----- fs/btrfs/raid56.c | 58 ++++------ include/linux/eeprom_93xx46.h | 2 + sound/pci/ctxfi/cthw20k2.c | 2 +- tools/usb/usbip/libsrc/usbip_host_common.c | 2 +- 15 files changed, 326 insertions(+), 199 deletions(-)

4 years, 5 months

4
23
0 0

[PATCH v1] usb: typec: tcpci: Refactor tcpc_presenting_cc1_rd macro

by Badhri Jagan Sridharan

Defining one macro instead of two for tcpc_presenting_*_rd. This is a follow up of the comment left by Heikki Krogerus. https://patchwork.kernel.org/project/linux-usb/patch/ 20210304070931.1947316-1-badhri(a)google.com/ Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpci.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpci.c b/drivers/usb/typec/tcpm/tcpci.c index 027afd7dfdce..25b480752266 100644 --- a/drivers/usb/typec/tcpm/tcpci.c +++ b/drivers/usb/typec/tcpm/tcpci.c @@ -24,14 +24,10 @@ #define AUTO_DISCHARGE_PD_HEADROOM_MV 850 #define AUTO_DISCHARGE_PPS_HEADROOM_MV 1250 -#define tcpc_presenting_cc1_rd(reg) \ +#define tcpc_presenting_rd(reg, cc) \ (!(TCPC_ROLE_CTRL_DRP & (reg)) && \ - (((reg) & (TCPC_ROLE_CTRL_CC1_MASK << TCPC_ROLE_CTRL_CC1_SHIFT)) == \ - (TCPC_ROLE_CTRL_CC_RD << TCPC_ROLE_CTRL_CC1_SHIFT))) -#define tcpc_presenting_cc2_rd(reg) \ - (!(TCPC_ROLE_CTRL_DRP & (reg)) && \ - (((reg) & (TCPC_ROLE_CTRL_CC2_MASK << TCPC_ROLE_CTRL_CC2_SHIFT)) == \ - (TCPC_ROLE_CTRL_CC_RD << TCPC_ROLE_CTRL_CC2_SHIFT))) + (((reg) & (TCPC_ROLE_CTRL_## cc ##_MASK << TCPC_ROLE_CTRL_## cc ##_SHIFT)) == \ + (TCPC_ROLE_CTRL_CC_RD << TCPC_ROLE_CTRL_## cc ##_SHIFT))) struct tcpci { struct device *dev; @@ -201,11 +197,11 @@ static int tcpci_get_cc(struct tcpc_dev *tcpc, *cc1 = tcpci_to_typec_cc((reg >> TCPC_CC_STATUS_CC1_SHIFT) & TCPC_CC_STATUS_CC1_MASK, reg & TCPC_CC_STATUS_TERM || - tcpc_presenting_cc1_rd(role_control)); + tcpc_presenting_rd(role_control, CC1)); *cc2 = tcpci_to_typec_cc((reg >> TCPC_CC_STATUS_CC2_SHIFT) & TCPC_CC_STATUS_CC2_MASK, reg & TCPC_CC_STATUS_TERM || - tcpc_presenting_cc2_rd(role_control)); + tcpc_presenting_rd(role_control, CC2)); return 0; } -- 2.31.0.rc1.246.gcd05c9c855-goog

4 years, 5 months

3
2
0 0

[PATCH 4.19 00/39] 4.19.180-rc1 review

by gregkh＠linuxfoundation.org

From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> This is the start of the stable review cycle for the 4.19.180 release. There are 39 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 12 Mar 2021 13:23:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.180-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.180-rc1 Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN AngeloGioacchino Del Regno <angelogioacchino.delregno(a)somainline.org> drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register Aswath Govindraju <a-govindraju(a)ti.com> misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom Bjorn Helgaas <bhelgaas(a)google.com> PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller Chris Chiu <chiu(a)endlessos.org> ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 Daniel Lee Kruse <daniel.lee.kruse(a)protonmail.com> media: cx23885: add more quirks for reset DMA on some AMD IOMMU Ethan Warth <redyoshi49q(a)gmail.com> HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Add new force_caps module parameter Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Cleanup accelerometer device handling Hans de Goede <hdegoede(a)redhat.com> platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines Tsuchiya Yuto <kitakar(a)gmail.com> mwifiex: pcie: skip cancel_work_sync() on reset failure path Andrey Ryabinin <arbn(a)yandex-team.com> iommu/amd: Fix sleeping in atomic in increase_address_space() Jeffle Xu <jefflexu(a)linux.alibaba.com> dm table: fix zoned iterate_devices based device capability checks Jeffle Xu <jefflexu(a)linux.alibaba.com> dm table: fix DAX iterate_devices based device capability checks Jeffle Xu <jefflexu(a)linux.alibaba.com> dm table: fix iterate_devices based device capability checks Alexander Lobakin <bloodyreaper(a)yandex.ru> net: dsa: add GRO support via gro_cells Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix resuming from suspend on RTL8105e if machine runs on battery Milan Broz <gmazyland(a)gmail.com> dm verity: fix FEC for RS roots unaligned to block size Dan Carpenter <dan.carpenter(a)oracle.com> rsxx: Return -EFAULT if copy_to_user() fails Julian Braha <julianbraha(a)gmail.com> RDMA/rxe: Fix missing kconfig dependency on CRYPTO Colin Ian King <colin.king(a)canonical.com> ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits Hannes Reinecke <hare(a)suse.de> virtio-blk: modernize sysfs attribute creation Hannes Reinecke <hare(a)suse.de> zram: register default groups with device_add_disk() Hannes Reinecke <hare(a)suse.de> aoe: register default groups with device_add_disk() Hannes Reinecke <hare(a)suse.de> nvme: register ns_id attributes as default sysfs groups Hannes Reinecke <hare(a)suse.de> block: genhd: add 'groups' argument to device_add_disk Jeffle Xu <jefflexu(a)linux.alibaba.com> Revert "zram: close udev startup race condition as default groups" Antonio Borneo <borneo.antonio(a)gmail.com> usbip: tools: fix build error for multiple definition Kevin Wang <kevin1.wang(a)amd.com> drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie Mikulas Patocka <mpatocka(a)redhat.com> dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Update device status before letting suppliers suspend Nikolay Borisov <nborisov(a)suse.com> btrfs: unlock extents in btrfs_zero_range in case of quota reservation errors Nikolay Borisov <nborisov(a)suse.com> btrfs: free correct amount of space in btrfs_delayed_inode_reserve_metadata Dan Carpenter <dancarpenter(a)oracle.com> btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl Ira Weiny <ira.weiny(a)intel.com> btrfs: fix raid6 qstripe kmap David Sterba <dsterba(a)suse.com> btrfs: raid56: simplify tracking of Q stripe presence ------------- Diffstat: Makefile | 4 +- arch/um/drivers/ubd_kern.c | 2 +- block/genhd.c | 19 ++- drivers/base/power/runtime.c | 62 ++++++---- drivers/block/aoe/aoe.h | 1 - drivers/block/aoe/aoeblk.c | 21 ++-- drivers/block/aoe/aoedev.c | 1 - drivers/block/floppy.c | 2 +- drivers/block/mtip32xx/mtip32xx.c | 2 +- drivers/block/ps3disk.c | 2 +- drivers/block/ps3vram.c | 2 +- drivers/block/rsxx/core.c | 8 +- drivers/block/rsxx/dev.c | 2 +- drivers/block/skd_main.c | 2 +- drivers/block/sunvdc.c | 2 +- drivers/block/virtio_blk.c | 68 ++++++----- drivers/block/xen-blkfront.c | 2 +- drivers/block/zram/zram_drv.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 4 +- drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 2 - drivers/hid/hid-ids.h | 1 + drivers/hid/hid-mf.c | 2 + drivers/hid/hid-quirks.c | 2 + drivers/ide/ide-cd.c | 2 +- drivers/ide/ide-gd.c | 2 +- drivers/infiniband/sw/rxe/Kconfig | 1 + drivers/iommu/amd_iommu.c | 10 +- drivers/md/dm-bufio.c | 4 + drivers/md/dm-table.c | 174 ++++++++++++---------------- drivers/md/dm-verity-fec.c | 23 ++-- drivers/media/pci/cx23885/cx23885-core.c | 4 + drivers/memstick/core/ms_block.c | 2 +- drivers/memstick/core/mspro_block.c | 2 +- drivers/misc/eeprom/eeprom_93xx46.c | 15 +++ drivers/mmc/core/block.c | 2 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 1 + drivers/mtd/mtd_blkdevs.c | 2 +- drivers/net/ethernet/realtek/r8169.c | 2 + drivers/net/wireless/marvell/mwifiex/pcie.c | 18 ++- drivers/net/wireless/marvell/mwifiex/pcie.h | 2 + drivers/nvdimm/blk.c | 2 +- drivers/nvdimm/btt.c | 2 +- drivers/nvdimm/pmem.c | 2 +- drivers/nvme/host/core.c | 21 ++-- drivers/nvme/host/lightnvm.c | 105 +++++++---------- drivers/nvme/host/multipath.c | 15 +-- drivers/nvme/host/nvme.h | 10 +- drivers/pci/quirks.c | 3 + drivers/platform/x86/acer-wmi.c | 169 ++++++++++++++++++++++----- drivers/s390/block/dasd_genhd.c | 2 +- drivers/s390/block/dcssblk.c | 2 +- drivers/s390/block/scm_blk.c | 2 +- drivers/scsi/sd.c | 2 +- drivers/scsi/sr.c | 2 +- fs/btrfs/delayed-inode.c | 2 +- fs/btrfs/file.c | 5 +- fs/btrfs/ioctl.c | 19 ++- fs/btrfs/raid56.c | 58 ++++------ include/linux/eeprom_93xx46.h | 2 + include/linux/genhd.h | 5 +- net/dsa/Kconfig | 1 + net/dsa/dsa.c | 2 +- net/dsa/dsa_priv.h | 3 + net/dsa/slave.c | 10 +- sound/pci/ctxfi/cthw20k2.c | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 12 ++ tools/usb/usbip/libsrc/usbip_host_common.c | 2 +- 67 files changed, 556 insertions(+), 389 deletions(-)

4 years, 5 months

8
46
0 0

commit <sha> upstream. vs git cherry-pick -x

by Nick Desaulniers

Hello stable maintainers, While working on some backports I'm about to send hopefully today or tomorrow, I was curious why the convention seems to be for folks to use "commit <sha> upstream." in commit messages? I know that's what's in https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html#opt…, but I was curious whether the format from `git cherry-pick -xs <sha>` is not acceptable? I assume there's context as to why not? It is nice to have that info uniformly near the top, but I find myself having to cherry-pick then amend a lot. Or is there an option in git to automate the stable kernel's preferred style? -- Thanks, ~Nick Desaulniers

4 years, 5 months

3
2
0 0

[to-be-updated] mm-oom_kill-ensure-mmu-notifier-range_end-is-paired-with-range_start.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/oom_kill: ensure MMU notifier range_end() is paired with range_start() has been removed from the -mm tree. Its filename was mm-oom_kill-ensure-mmu-notifier-range_end-is-paired-with-range_start.patch This patch was dropped because an updated version will be merged ------------------------------------------------------ From: Sean Christopherson <seanjc(a)google.com> Subject: mm/oom_kill: ensure MMU notifier range_end() is paired with range_start() Invoke the MMU notifier's .invalidate_range_end() callbacks even if one of the .invalidate_range_start() callbacks failed. If there are multiple notifiers, the notifier that did not fail may have performed actions in its ...start() that it expects to unwind via ...end(). Per the mmu_notifier_ops documentation, ...start() and ...end() must be paired. The only in-kernel usage that is fatally broken is the SGI UV GRU driver, which effectively blocks and sleeps fault handlers during ...start(), and unblocks/wakes the handlers during ...end(). But, the only users that can fail ...start() are the i915 and Nouveau drivers, which are unlikely to collide with the SGI driver. KVM is the only other user of ...end(), and while KVM also blocks fault handlers in ...start(), the fault handlers do not sleep and originate in killable ioctl() calls. So while it's possible for the i915 and Nouveau drivers to collide with KVM, the bug is benign for KVM since the process is dying and KVM's guest is about to be terminated. So, as of today, the bug is likely benign. But, that may not always be true, e.g. there is a potential use case for blocking memslot updates in KVM while an invalidation is in-progress, and failure to unblock would result in said updates being blocked indefinitely and hanging. Found by inspection. Verified by adding a second notifier in KVM that periodically returns -EAGAIN on non-blockable ranges, triggering OOM, and observing that KVM exits with an elevated notifier count. Link: https://lkml.kernel.org/r/20210310213117.1444147-1-seanjc@google.com Fixes: 93065ac753e4 ("mm, oom: distinguish blockable mode for mmu notifiers") Signed-off-by: Sean Christopherson <seanjc(a)google.com> Reviewed-by: Ben Gardon <bgardon(a)google.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Michal Hocko <mhocko(a)suse.com> Cc: "Jérôme Glisse" <jglisse(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Dimitri Sivanich <dimitri.sivanich(a)hpe.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/oom_kill.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) --- a/mm/oom_kill.c~mm-oom_kill-ensure-mmu-notifier-range_end-is-paired-with-range_start +++ a/mm/oom_kill.c @@ -546,12 +546,10 @@ bool __oom_reap_task_mm(struct mm_struct vma, mm, vma->vm_start, vma->vm_end); tlb_gather_mmu(&tlb, mm); - if (mmu_notifier_invalidate_range_start_nonblock(&range)) { - tlb_finish_mmu(&tlb); + if (!mmu_notifier_invalidate_range_start_nonblock(&range)) + unmap_page_range(&tlb, vma, range.start, range.end, NULL); + else ret = false; - continue; - } - unmap_page_range(&tlb, vma, range.start, range.end, NULL); mmu_notifier_invalidate_range_end(&range); tlb_finish_mmu(&tlb); } _ Patches currently in -mm which might be from seanjc(a)google.com are

4 years, 5 months

1
0
0 0

stable-rc/queue/5.10 baseline: 116 runs, 2 regressions (v5.10.22-47-gf4bf7bd9b1cb7)

by kernelci.org bot

stable-rc/queue/5.10 baseline: 116 runs, 2 regressions (v5.10.22-47-gf4bf7bd9b1cb7) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -------------------+-------+-----------------+----------+---------------------+------------ imx6ul-pico-hobbit | arm | lab-pengutronix | gcc-8 | imx_v6_v7_defconfig | 1 imx8mp-evk | arm64 | lab-nxp | gcc-8 | defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F5.10/kernel/v5.10.22… Test: baseline Tree: stable-rc Branch: queue/5.10 Describe: v5.10.22-47-gf4bf7bd9b1cb7 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: f4bf7bd9b1cb7d9111363587c17523ef0f82c28c Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -------------------+-------+-----------------+----------+---------------------+------------ imx6ul-pico-hobbit | arm | lab-pengutronix | gcc-8 | imx_v6_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/6049624215daabe986addcca Results: 0 PASS, 1 FAIL, 0 SKIP Full config: imx_v6_v7_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.22-47-gf4bf7bd9b1c… HTML log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.22-47-gf4bf7bd9b1c… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-4-g97706c5d… * baseline.login: https://kernelci.org/test/case/id/6049624215daabe986addccb failing since 0 day (last pass: v5.10.22-1-g3a720b3b47d5e, first fail: v5.10.22-49-gf5829772d607) platform | arch | lab | compiler | defconfig | regressions -------------------+-------+-----------------+----------+---------------------+------------ imx8mp-evk | arm64 | lab-nxp | gcc-8 | defconfig | 1 Details: https://kernelci.org/test/plan/id/604966101c2a76319eaddcb1 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-8 (aarch64-linux-gnu-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.22-47-gf4bf7bd9b1c… HTML log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.22-47-gf4bf7bd9b1c… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-4-g97706c5d… * baseline.login: https://kernelci.org/test/case/id/604966101c2a76319eaddcb2 new failure (last pass: v5.10.22-1-g3a720b3b47d5e)

4 years, 5 months

1
0
0 0

[PATCH 4.4 0/3] Backport patch series to update Futex from 4.9

by Zheng Yejian

Lee sent a patchset to update Futex for 4.9, see https://www.spinics.net/lists/stable/msg443081.html, Then Xiaoming sent a follow-up patch for it, see https://lore.kernel.org/lkml/20210225093120.GD641347@dell/. These patchsets may also resolve following issues in 4.4.260 which have been reported in 4.9, see https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/?h=li… > /* > * The task is on the way out. When the futex state is > * FUTEX_STATE_DEAD, we know that the task has finished > * the cleanup: > */ > int ret = (p->futex_state = FUTEX_STATE_DEAD) ? -ESRCH : -EAGAIN; Here may be: int ret = (p->futex_state == FUTEX_STATE_DEAD) ? -ESRCH : -EAGAIN; > raw_spin_unlock_irq(&p->pi_lock); > /* > * If the owner task is between FUTEX_STATE_EXITING and > * FUTEX_STATE_DEAD then store the task pointer and keep > * the reference on the task struct. The calling code will > * drop all locks, wait for the task to reach > * FUTEX_STATE_DEAD and then drop the refcount. This is > * required to prevent a live lock when the current task > * preempted the exiting task between the two states. > */ > if (ret == -EBUSY) And here, the variable "ret" may only be "-ESRCH" or "-EAGAIN", but not "-EBUSY". > *exiting = p; > else > put_task_struct(p); Since 074e7d515783 ("futex: Ensure the correct return value from futex_lock_pi()") has been merged in 4.4.260, I send the remain 3 patches. Peter Zijlstra (1): futex: Change locking rules Thomas Gleixner (2): futex: Cure exit race futex: fix dead code in attach_to_pi_owner() kernel/futex.c | 209 +++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 177 insertions(+), 32 deletions(-) -- 2.25.4

4 years, 5 months

4
12
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror