This is the start of the stable review cycle for the 5.9.1 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sun, 18 Oct 2020 09:04:25 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.1-rc1.g... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.9.y and the diffstat can be found below.
thanks,
greg k-h
------------- Pseudo-Shortlog of commits:
Greg Kroah-Hartman gregkh@linuxfoundation.org Linux 5.9.1-rc1
Dominik Przychodni dominik.przychodni@intel.com crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
Herbert Xu herbert@gondor.apana.org.au crypto: bcm - Verify GCM/CCM key length in setkey
Alex Deucher alexander.deucher@amd.com Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers"
Jan Kara jack@suse.cz reiserfs: Fix oops during mount
Jan Kara jack@suse.cz reiserfs: Initialize inode keys properly
Tetsuo Handa penguin-kernel@i-love.sakura.ne.jp vt_ioctl: make VT_RESIZEX behave like VT_RESIZE
Mychaela N. Falconia falcon@freecalypso.org USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
Scott Chen scott@labau.com.tw USB: serial: pl2303: add device-id for HP GC device
Anant Thazhemadam anant.thazhemadam@gmail.com staging: comedi: check validity of wMaxPacketSize of usb endpoints found
Leonid Bloch lb.workbox@gmail.com USB: serial: option: Add Telit FT980-KS composition
Wilken Gottwalt wilken.gottwalt@mailbox.org USB: serial: option: add Cellient MPL200 card
Oliver Neukum oneukum@suse.com media: usbtv: Fix refcounting mixup
Luiz Augusto von Dentz luiz.von.dentz@intel.com Bluetooth: MGMT: Fix not checking if BT_HS is enabled
Luiz Augusto von Dentz luiz.von.dentz@intel.com Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel
Luiz Augusto von Dentz luiz.von.dentz@intel.com Bluetooth: A2MP: Fix not initializing all members
-------------
Diffstat:
Makefile | 4 +-- drivers/crypto/bcm/cipher.c | 15 ++++++++- drivers/crypto/qat/qat_common/qat_algs.c | 10 +++++- drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 9 +++-- drivers/media/usb/usbtv/usbtv-core.c | 3 +- drivers/staging/comedi/drivers/vmk80xx.c | 3 ++ drivers/tty/vt/vt_ioctl.c | 57 ++++++-------------------------- drivers/usb/serial/ftdi_sio.c | 5 +++ drivers/usb/serial/ftdi_sio_ids.h | 7 ++++ drivers/usb/serial/option.c | 5 +++ drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 1 + fs/reiserfs/inode.c | 6 +--- fs/reiserfs/xattr.c | 7 ++++ include/net/bluetooth/l2cap.h | 2 ++ net/bluetooth/a2mp.c | 22 +++++++++++- net/bluetooth/l2cap_core.c | 7 ++-- net/bluetooth/l2cap_sock.c | 14 ++++++++ net/bluetooth/mgmt.c | 7 +++- 19 files changed, 120 insertions(+), 65 deletions(-)
From: Luiz Augusto von Dentz luiz.von.dentz@intel.com
commit eddb7732119d53400f48a02536a84c509692faa8 upstream.
This fixes various places where a stack variable is used uninitialized.
Signed-off-by: Luiz Augusto von Dentz luiz.von.dentz@intel.com Signed-off-by: Marcel Holtmann marcel@holtmann.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- net/bluetooth/a2mp.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-)
--- a/net/bluetooth/a2mp.c +++ b/net/bluetooth/a2mp.c @@ -226,6 +226,9 @@ static int a2mp_discover_rsp(struct amp_ struct a2mp_info_req req;
found = true; + + memset(&req, 0, sizeof(req)); + req.id = cl->id; a2mp_send(mgr, A2MP_GETINFO_REQ, __next_ident(mgr), sizeof(req), &req); @@ -305,6 +308,8 @@ static int a2mp_getinfo_req(struct amp_m if (!hdev || hdev->dev_type != HCI_AMP) { struct a2mp_info_rsp rsp;
+ memset(&rsp, 0, sizeof(rsp)); + rsp.id = req->id; rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
@@ -348,6 +353,8 @@ static int a2mp_getinfo_rsp(struct amp_m if (!ctrl) return -ENOMEM;
+ memset(&req, 0, sizeof(req)); + req.id = rsp->id; a2mp_send(mgr, A2MP_GETAMPASSOC_REQ, __next_ident(mgr), sizeof(req), &req); @@ -376,6 +383,8 @@ static int a2mp_getampassoc_req(struct a struct a2mp_amp_assoc_rsp rsp; rsp.id = req->id;
+ memset(&rsp, 0, sizeof(rsp)); + if (tmp) { rsp.status = A2MP_STATUS_COLLISION_OCCURED; amp_mgr_put(tmp); @@ -464,7 +473,6 @@ static int a2mp_createphyslink_req(struc struct a2mp_cmd *hdr) { struct a2mp_physlink_req *req = (void *) skb->data; - struct a2mp_physlink_rsp rsp; struct hci_dev *hdev; struct hci_conn *hcon; @@ -475,6 +483,8 @@ static int a2mp_createphyslink_req(struc
BT_DBG("local_id %d, remote_id %d", req->local_id, req->remote_id);
+ memset(&rsp, 0, sizeof(rsp)); + rsp.local_id = req->remote_id; rsp.remote_id = req->local_id;
@@ -553,6 +563,8 @@ static int a2mp_discphyslink_req(struct
BT_DBG("local_id %d remote_id %d", req->local_id, req->remote_id);
+ memset(&rsp, 0, sizeof(rsp)); + rsp.local_id = req->remote_id; rsp.remote_id = req->local_id; rsp.status = A2MP_STATUS_SUCCESS; @@ -675,6 +687,8 @@ static int a2mp_chan_recv_cb(struct l2ca if (err) { struct a2mp_cmd_rej rej;
+ memset(&rej, 0, sizeof(rej)); + rej.reason = cpu_to_le16(0); hdr = (void *) skb->data;
@@ -898,6 +912,8 @@ void a2mp_send_getinfo_rsp(struct hci_de
BT_DBG("%s mgr %p", hdev->name, mgr);
+ memset(&rsp, 0, sizeof(rsp)); + rsp.id = hdev->id; rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
@@ -995,6 +1011,8 @@ void a2mp_send_create_phy_link_rsp(struc if (!mgr) return;
+ memset(&rsp, 0, sizeof(rsp)); + hs_hcon = hci_conn_hash_lookup_state(hdev, AMP_LINK, BT_CONNECT); if (!hs_hcon) { rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION; @@ -1027,6 +1045,8 @@ void a2mp_discover_amp(struct l2cap_chan
mgr->bredr_chan = chan;
+ memset(&req, 0, sizeof(req)); + req.mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU); req.ext_feat = 0; a2mp_send(mgr, A2MP_DISCOVER_REQ, 1, sizeof(req), &req);
From: Luiz Augusto von Dentz luiz.von.dentz@intel.com
commit f19425641cb2572a33cb074d5e30283720bd4d22 upstream.
Only sockets will have the chan->data set to an actual sk, channels like A2MP would have its own data which would likely cause a crash when calling sk_filter, in order to fix this a new callback has been introduced so channels can implement their own filtering if necessary.
Signed-off-by: Luiz Augusto von Dentz luiz.von.dentz@intel.com Signed-off-by: Marcel Holtmann marcel@holtmann.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- include/net/bluetooth/l2cap.h | 2 ++ net/bluetooth/l2cap_core.c | 7 ++++--- net/bluetooth/l2cap_sock.c | 14 ++++++++++++++ 3 files changed, 20 insertions(+), 3 deletions(-)
--- a/include/net/bluetooth/l2cap.h +++ b/include/net/bluetooth/l2cap.h @@ -665,6 +665,8 @@ struct l2cap_ops { struct sk_buff *(*alloc_skb) (struct l2cap_chan *chan, unsigned long hdr_len, unsigned long len, int nb); + int (*filter) (struct l2cap_chan * chan, + struct sk_buff *skb); };
struct l2cap_conn { --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -7301,9 +7301,10 @@ static int l2cap_data_rcv(struct l2cap_c goto drop; }
- if ((chan->mode == L2CAP_MODE_ERTM || - chan->mode == L2CAP_MODE_STREAMING) && sk_filter(chan->data, skb)) - goto drop; + if (chan->ops->filter) { + if (chan->ops->filter(chan, skb)) + goto drop; + }
if (!control->sframe) { int err; --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -1663,6 +1663,19 @@ static void l2cap_sock_suspend_cb(struct sk->sk_state_change(sk); }
+static int l2cap_sock_filter(struct l2cap_chan *chan, struct sk_buff *skb) +{ + struct sock *sk = chan->data; + + switch (chan->mode) { + case L2CAP_MODE_ERTM: + case L2CAP_MODE_STREAMING: + return sk_filter(sk, skb); + } + + return 0; +} + static const struct l2cap_ops l2cap_chan_ops = { .name = "L2CAP Socket Interface", .new_connection = l2cap_sock_new_connection_cb, @@ -1678,6 +1691,7 @@ static const struct l2cap_ops l2cap_chan .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, .get_peer_pid = l2cap_sock_get_peer_pid_cb, .alloc_skb = l2cap_sock_alloc_skb_cb, + .filter = l2cap_sock_filter, };
static void l2cap_sock_destruct(struct sock *sk)
From: Luiz Augusto von Dentz luiz.von.dentz@intel.com
commit b560a208cda0297fef6ff85bbfd58a8f0a52a543 upstream.
This checks if BT_HS is enabled relecting it on MGMT_SETTING_HS instead of always reporting it as supported.
Signed-off-by: Luiz Augusto von Dentz luiz.von.dentz@intel.com Signed-off-by: Marcel Holtmann marcel@holtmann.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- net/bluetooth/mgmt.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)
--- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -782,7 +782,8 @@ static u32 get_supported_settings(struct
if (lmp_ssp_capable(hdev)) { settings |= MGMT_SETTING_SSP; - settings |= MGMT_SETTING_HS; + if (IS_ENABLED(CONFIG_BT_HS)) + settings |= MGMT_SETTING_HS; }
if (lmp_sc_capable(hdev)) @@ -1815,6 +1816,10 @@ static int set_hs(struct sock *sk, struc
bt_dev_dbg(hdev, "sock %p", sk);
+ if (!IS_ENABLED(CONFIG_BT_HS)) + return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, + MGMT_STATUS_NOT_SUPPORTED); + status = mgmt_bredr_support(hdev); if (status) return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
From: Oliver Neukum oneukum@suse.com
commit bf65f8aabdb37bc1a785884374e919477fe13e10 upstream.
The premature free in the error path is blocked by V4L refcounting, not USB refcounting. Thanks to Ben Hutchings for review.
[v2] corrected attributions
Signed-off-by: Oliver Neukum oneukum@suse.com Fixes: 50e704453553 ("media: usbtv: prevent double free in error case") CC: stable@vger.kernel.org Reported-by: Ben Hutchings ben.hutchings@codethink.co.uk Signed-off-by: Hans Verkuil hverkuil-cisco@xs4all.nl Signed-off-by: Mauro Carvalho Chehab mchehab+huawei@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/media/usb/usbtv/usbtv-core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/media/usb/usbtv/usbtv-core.c +++ b/drivers/media/usb/usbtv/usbtv-core.c @@ -113,7 +113,8 @@ static int usbtv_probe(struct usb_interf
usbtv_audio_fail: /* we must not free at this point */ - usb_get_dev(usbtv->udev); + v4l2_device_get(&usbtv->v4l2_dev); + /* this will undo the v4l2_device_get() */ usbtv_video_free(usbtv);
usbtv_video_fail:
From: Wilken Gottwalt wilken.gottwalt@mailbox.org
commit 3e765cab8abe7f84cb80d4a7a973fc97d5742647 upstream.
Add usb ids of the Cellient MPL200 card.
Signed-off-by: Wilken Gottwalt wilken.gottwalt@mailbox.org Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/3db5418fe9e516f4b290736c5a199c9796025e3c.160171547... Signed-off-by: Johan Hovold johan@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/usb/serial/option.c | 3 +++ 1 file changed, 3 insertions(+)
--- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -528,6 +528,7 @@ static void option_instat_callback(struc /* Cellient products */ #define CELLIENT_VENDOR_ID 0x2692 #define CELLIENT_PRODUCT_MEN200 0x9005 +#define CELLIENT_PRODUCT_MPL200 0x9025
/* Hyundai Petatel Inc. products */ #define PETATEL_VENDOR_ID 0x1ff4 @@ -1982,6 +1983,8 @@ static const struct usb_device_id option { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_DC_4COM2, 0xff, 0x02, 0x01) }, { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_DC_4COM2, 0xff, 0x00, 0x00) }, { USB_DEVICE(CELLIENT_VENDOR_ID, CELLIENT_PRODUCT_MEN200) }, + { USB_DEVICE(CELLIENT_VENDOR_ID, CELLIENT_PRODUCT_MPL200), + .driver_info = RSVD(1) | RSVD(4) }, { USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T_600A) }, { USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T_600E) }, { USB_DEVICE_AND_INTERFACE_INFO(TPLINK_VENDOR_ID, TPLINK_PRODUCT_LTE, 0xff, 0x00, 0x00) }, /* TP-Link LTE Module */
From: Leonid Bloch lb.workbox@gmail.com
commit 924a9213358fb92fa3c3225d6d042aa058167405 upstream.
This commit adds the following Telit FT980-KS composition:
0x1054: rndis, diag, adb, nmea, modem, modem, aux
AT commands can be sent to /dev/ttyUSB2.
Signed-off-by: Leonid Bloch lb.workbox@gmail.com Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/ce86bc05-f4e2-b199-0cdc-792715e3f275@asocscloud.co... Link: https://lore.kernel.org/r/20201004155813.2342-1-lb.workbox@gmail.com Signed-off-by: Johan Hovold johan@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/usb/serial/option.c | 2 ++ 1 file changed, 2 insertions(+)
--- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1187,6 +1187,8 @@ static const struct usb_device_id option .driver_info = NCTRL(2) | RSVD(3) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1053, 0xff), /* Telit FN980 (ECM) */ .driver_info = NCTRL(0) | RSVD(1) }, + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1054, 0xff), /* Telit FT980-KS */ + .driver_info = NCTRL(2) | RSVD(3) }, { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910), .driver_info = NCTRL(0) | RSVD(1) | RSVD(3) }, { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910_DUAL_MODEM),
From: Anant Thazhemadam anant.thazhemadam@gmail.com
commit e1f13c879a7c21bd207dc6242455e8e3a1e88b40 upstream.
While finding usb endpoints in vmk80xx_find_usb_endpoints(), check if wMaxPacketSize = 0 for the endpoints found.
Some devices have isochronous endpoints that have wMaxPacketSize = 0 (as required by the USB-2 spec). However, since this doesn't apply here, wMaxPacketSize = 0 can be considered to be invalid.
Reported-by: syzbot+009f546aa1370056b1c2@syzkaller.appspotmail.com Tested-by: syzbot+009f546aa1370056b1c2@syzkaller.appspotmail.com Signed-off-by: Anant Thazhemadam anant.thazhemadam@gmail.com Cc: stable stable@vger.kernel.org Link: https://lore.kernel.org/r/20201010082933.5417-1-anant.thazhemadam@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/staging/comedi/drivers/vmk80xx.c | 3 +++ 1 file changed, 3 insertions(+)
--- a/drivers/staging/comedi/drivers/vmk80xx.c +++ b/drivers/staging/comedi/drivers/vmk80xx.c @@ -667,6 +667,9 @@ static int vmk80xx_find_usb_endpoints(st if (!devpriv->ep_rx || !devpriv->ep_tx) return -ENODEV;
+ if (!usb_endpoint_maxp(devpriv->ep_rx) || !usb_endpoint_maxp(devpriv->ep_tx)) + return -EINVAL; + return 0; }
From: Scott Chen scott@labau.com.tw
commit 031f9664f8f9356cee662335bc56c93d16e75665 upstream.
This is adds a device id for HP LD381 which is a pl2303GC-base device.
Signed-off-by: Scott Chen scott@labau.com.tw Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold johan@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 1 + 2 files changed, 2 insertions(+)
--- a/drivers/usb/serial/pl2303.c +++ b/drivers/usb/serial/pl2303.c @@ -100,6 +100,7 @@ static const struct usb_device_id id_tab { USB_DEVICE(HP_VENDOR_ID, HP_LD220_PRODUCT_ID) }, { USB_DEVICE(HP_VENDOR_ID, HP_LD220TA_PRODUCT_ID) }, { USB_DEVICE(HP_VENDOR_ID, HP_LD381_PRODUCT_ID) }, + { USB_DEVICE(HP_VENDOR_ID, HP_LD381GC_PRODUCT_ID) }, { USB_DEVICE(HP_VENDOR_ID, HP_LD960_PRODUCT_ID) }, { USB_DEVICE(HP_VENDOR_ID, HP_LD960TA_PRODUCT_ID) }, { USB_DEVICE(HP_VENDOR_ID, HP_LCM220_PRODUCT_ID) }, --- a/drivers/usb/serial/pl2303.h +++ b/drivers/usb/serial/pl2303.h @@ -127,6 +127,7 @@
/* Hewlett-Packard POS Pole Displays */ #define HP_VENDOR_ID 0x03f0 +#define HP_LD381GC_PRODUCT_ID 0x0183 #define HP_LM920_PRODUCT_ID 0x026b #define HP_TD620_PRODUCT_ID 0x0956 #define HP_LD960_PRODUCT_ID 0x0b39
From: Mychaela N. Falconia falcon@freecalypso.org
commit 6cf87e5edd9944e1d3b6efd966ea401effc304ee upstream.
There exist many FT2232-based JTAG+UART adapter designs in which FT2232 Channel A is used for JTAG and Channel B is used for UART. The best way to handle them in Linux is to have the ftdi_sio driver create a ttyUSB device only for Channel B and not for Channel A: a ttyUSB device for Channel A would be bogus and will disappear as soon as the user runs OpenOCD or other applications that access Channel A for JTAG from userspace, causing undesirable noise for users. The ftdi_sio driver already has a dedicated quirk for such JTAG+UART FT2232 adapters, and it requires assigning custom USB IDs to such adapters and adding these IDs to the driver with the ftdi_jtag_quirk applied.
Boutique hardware manufacturer Falconia Partners LLC has created a couple of JTAG+UART adapter designs (one buffered, one unbuffered) as part of FreeCalypso project, and this hardware is specifically made to be used with Linux hosts, with the intent that Channel A will be accessed only from userspace via appropriate applications, and that Channel B will be supported by the ftdi_sio kernel driver, presenting a standard ttyUSB device to userspace. Toward this end the hardware manufacturer will be programming FT2232 EEPROMs with custom USB IDs, specifically with the intent that these IDs will be recognized by the ftdi_sio driver with the ftdi_jtag_quirk applied.
Signed-off-by: Mychaela N. Falconia falcon@freecalypso.org [johan: insert in PID order and drop unused define] Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold johan@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/usb/serial/ftdi_sio.c | 5 +++++ drivers/usb/serial/ftdi_sio_ids.h | 7 +++++++ 2 files changed, 12 insertions(+)
--- a/drivers/usb/serial/ftdi_sio.c +++ b/drivers/usb/serial/ftdi_sio.c @@ -1037,6 +1037,11 @@ static const struct usb_device_id id_tab /* U-Blox devices */ { USB_DEVICE(UBLOX_VID, UBLOX_C099F9P_ZED_PID) }, { USB_DEVICE(UBLOX_VID, UBLOX_C099F9P_ODIN_PID) }, + /* FreeCalypso USB adapters */ + { USB_DEVICE(FTDI_VID, FTDI_FALCONIA_JTAG_BUF_PID), + .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, + { USB_DEVICE(FTDI_VID, FTDI_FALCONIA_JTAG_UNBUF_PID), + .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, { } /* Terminating entry */ };
--- a/drivers/usb/serial/ftdi_sio_ids.h +++ b/drivers/usb/serial/ftdi_sio_ids.h @@ -39,6 +39,13 @@
#define FTDI_LUMEL_PD12_PID 0x6002
+/* + * Custom USB adapters made by Falconia Partners LLC + * for FreeCalypso project, ID codes allocated to Falconia by FTDI. + */ +#define FTDI_FALCONIA_JTAG_BUF_PID 0x7150 +#define FTDI_FALCONIA_JTAG_UNBUF_PID 0x7151 + /* Sienna Serial Interface by Secyourit GmbH */ #define FTDI_SIENNA_PID 0x8348
From: Tetsuo Handa penguin-kernel@i-love.sakura.ne.jp
commit 988d0763361bb65690d60e2bc53a6b72777040c3 upstream.
syzbot is reporting UAF/OOB read at bit_putcs()/soft_cursor() [1][2], for vt_resizex() from ioctl(VT_RESIZEX) allows setting font height larger than actual font height calculated by con_font_set() from ioctl(PIO_FONT). Since fbcon_set_font() from con_font_set() allocates minimal amount of memory based on actual font height calculated by con_font_set(), use of vt_resizex() can cause UAF/OOB read for font data.
VT_RESIZEX was introduced in Linux 1.3.3, but it is unclear that what comes to the "+ more" part, and I couldn't find a user of VT_RESIZEX.
#define VT_RESIZE 0x5609 /* set kernel's idea of screensize */ #define VT_RESIZEX 0x560A /* set kernel's idea of screensize + more */
So far we are not aware of syzbot reports caused by setting non-zero value to v_vlin parameter. But given that it is possible that nobody is using VT_RESIZEX, we can try removing support for v_clin and v_vlin parameters.
Therefore, this patch effectively makes VT_RESIZEX behave like VT_RESIZE, with emitting a message if somebody is still using v_clin and/or v_vlin parameters.
[1] https://syzkaller.appspot.com/bug?id=32577e96d88447ded2d3b76d71254fb85524583... [2] https://syzkaller.appspot.com/bug?id=6b8355d27b2b94fb5cedf4655e3a59162d9e48e...
Reported-by: syzbot syzbot+b308f5fd049fbbc6e74f@syzkaller.appspotmail.com Reported-by: syzbot syzbot+16469b5e8e5a72e9131e@syzkaller.appspotmail.com Signed-off-by: Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp Cc: stable stable@vger.kernel.org Link: https://lore.kernel.org/r/4933b81b-9b1a-355b-df0e-9b31e8280ab9@i-love.sakura... Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/tty/vt/vt_ioctl.c | 57 ++++++++-------------------------------------- 1 file changed, 10 insertions(+), 47 deletions(-)
--- a/drivers/tty/vt/vt_ioctl.c +++ b/drivers/tty/vt/vt_ioctl.c @@ -773,58 +773,21 @@ static int vt_resizex(struct vc_data *vc if (copy_from_user(&v, cs, sizeof(struct vt_consize))) return -EFAULT;
- /* FIXME: Should check the copies properly */ - if (!v.v_vlin) - v.v_vlin = vc->vc_scan_lines; - - if (v.v_clin) { - int rows = v.v_vlin / v.v_clin; - if (v.v_rows != rows) { - if (v.v_rows) /* Parameters don't add up */ - return -EINVAL; - v.v_rows = rows; - } - } - - if (v.v_vcol && v.v_ccol) { - int cols = v.v_vcol / v.v_ccol; - if (v.v_cols != cols) { - if (v.v_cols) - return -EINVAL; - v.v_cols = cols; - } - } - - if (v.v_clin > 32) - return -EINVAL; + if (v.v_vlin) + pr_info_once(""struct vt_consize"->v_vlin is ignored. Please report if you need this.\n"); + if (v.v_clin) + pr_info_once(""struct vt_consize"->v_clin is ignored. Please report if you need this.\n");
+ console_lock(); for (i = 0; i < MAX_NR_CONSOLES; i++) { - struct vc_data *vcp; - - if (!vc_cons[i].d) - continue; - console_lock(); - vcp = vc_cons[i].d; - if (vcp) { - int ret; - int save_scan_lines = vcp->vc_scan_lines; - int save_font_height = vcp->vc_font.height; + vc = vc_cons[i].d;
- if (v.v_vlin) - vcp->vc_scan_lines = v.v_vlin; - if (v.v_clin) - vcp->vc_font.height = v.v_clin; - vcp->vc_resize_user = 1; - ret = vc_resize(vcp, v.v_cols, v.v_rows); - if (ret) { - vcp->vc_scan_lines = save_scan_lines; - vcp->vc_font.height = save_font_height; - console_unlock(); - return ret; - } + if (vc) { + vc->vc_resize_user = 1; + vc_resize(vc, v.v_cols, v.v_rows); } - console_unlock(); } + console_unlock();
return 0; }
From: Jan Kara jack@suse.cz
commit 4443390e08d34d5771ab444f601cf71b3c9634a4 upstream.
reiserfs_read_locked_inode() didn't initialize key length properly. Use _make_cpu_key() macro for key initialization so that all key member are properly initialized.
CC: stable@vger.kernel.org Reported-by: syzbot+d94d02749498bb7bab4b@syzkaller.appspotmail.com Signed-off-by: Jan Kara jack@suse.cz Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- fs/reiserfs/inode.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)
--- a/fs/reiserfs/inode.c +++ b/fs/reiserfs/inode.c @@ -1551,11 +1551,7 @@ void reiserfs_read_locked_inode(struct i * set version 1, version 2 could be used too, because stat data * key is the same in both versions */ - key.version = KEY_FORMAT_3_5; - key.on_disk_key.k_dir_id = dirino; - key.on_disk_key.k_objectid = inode->i_ino; - key.on_disk_key.k_offset = 0; - key.on_disk_key.k_type = 0; + _make_cpu_key(&key, KEY_FORMAT_3_5, dirino, inode->i_ino, 0, 0, 3);
/* look for the object's stat data */ retval = search_item(inode->i_sb, &key, &path_to_sd);
From: Jan Kara jack@suse.cz
commit c2bb80b8bdd04dfe32364b78b61b6a47f717af52 upstream.
With suitably crafted reiserfs image and mount command reiserfs will crash when trying to verify that XATTR_ROOT directory can be looked up in / as that recurses back to xattr code like:
xattr_lookup+0x24/0x280 fs/reiserfs/xattr.c:395 reiserfs_xattr_get+0x89/0x540 fs/reiserfs/xattr.c:677 reiserfs_get_acl+0x63/0x690 fs/reiserfs/xattr_acl.c:209 get_acl+0x152/0x2e0 fs/posix_acl.c:141 check_acl fs/namei.c:277 [inline] acl_permission_check fs/namei.c:309 [inline] generic_permission+0x2ba/0x550 fs/namei.c:353 do_inode_permission fs/namei.c:398 [inline] inode_permission+0x234/0x4a0 fs/namei.c:463 lookup_one_len+0xa6/0x200 fs/namei.c:2557 reiserfs_lookup_privroot+0x85/0x1e0 fs/reiserfs/xattr.c:972 reiserfs_fill_super+0x2b51/0x3240 fs/reiserfs/super.c:2176 mount_bdev+0x24f/0x360 fs/super.c:1417
Fix the problem by bailing from reiserfs_xattr_get() when xattrs are not yet initialized.
CC: stable@vger.kernel.org Reported-by: syzbot+9b33c9b118d77ff59b6f@syzkaller.appspotmail.com Signed-off-by: Jan Kara jack@suse.cz Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- fs/reiserfs/xattr.c | 7 +++++++ 1 file changed, 7 insertions(+)
--- a/fs/reiserfs/xattr.c +++ b/fs/reiserfs/xattr.c @@ -674,6 +674,13 @@ reiserfs_xattr_get(struct inode *inode, if (get_inode_sd_version(inode) == STAT_DATA_V1) return -EOPNOTSUPP;
+ /* + * priv_root needn't be initialized during mount so allow initial + * lookups to succeed. + */ + if (!REISERFS_SB(inode->i_sb)->priv_root) + return 0; + dentry = xattr_lookup(inode, name, XATTR_REPLACE); if (IS_ERR(dentry)) { err = PTR_ERR(dentry);
From: Alex Deucher alexander.deucher@amd.com
commit 2456c290a7889be492cb96092b62d16c11176f72 upstream.
This regressed some working configurations so revert it. Will fix this properly for 5.9 and backport then.
This reverts commit 38e0c89a19fd13f28d2b4721035160a3e66e270b.
Signed-off-by: Alex Deucher alexander.deucher@amd.com Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c @@ -796,7 +796,8 @@ static ssize_t amdgpu_set_pp_od_clk_volt tmp_str++; while (isspace(*++tmp_str));
- while ((sub_str = strsep(&tmp_str, delimiter)) != NULL) { + while (tmp_str[0]) { + sub_str = strsep(&tmp_str, delimiter); ret = kstrtol(sub_str, 0, ¶meter[parameter_size]); if (ret) return -EINVAL; @@ -1066,7 +1067,8 @@ static ssize_t amdgpu_read_mask(const ch memcpy(buf_cpy, buf, bytes); buf_cpy[bytes] = '\0'; tmp = buf_cpy; - while ((sub_str = strsep(&tmp, delimiter)) != NULL) { + while (tmp[0]) { + sub_str = strsep(&tmp, delimiter); if (strlen(sub_str)) { ret = kstrtol(sub_str, 0, &level); if (ret) @@ -1695,7 +1697,8 @@ static ssize_t amdgpu_set_pp_power_profi i++; memcpy(buf_cpy, buf, count-i); tmp_str = buf_cpy; - while ((sub_str = strsep(&tmp_str, delimiter)) != NULL) { + while (tmp_str[0]) { + sub_str = strsep(&tmp_str, delimiter); ret = kstrtol(sub_str, 0, ¶meter[parameter_size]); if (ret) return -EINVAL;
From: Herbert Xu herbert@gondor.apana.org.au
commit 10a2f0b311094ffd45463a529a410a51ca025f27 upstream.
The setkey function for GCM/CCM algorithms didn't verify the key length before copying the key and subtracting the salt length.
This patch delays the copying of the key til after the verification has been done. It also adds checks on the key length to ensure that it's at least as long as the salt.
Fixes: 9d12ba86f818 ("crypto: brcm - Add Broadcom SPU driver") Cc: stable@vger.kernel.org Reported-by: kiyin(尹亮) kiyin@tencent.com Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/crypto/bcm/cipher.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-)
--- a/drivers/crypto/bcm/cipher.c +++ b/drivers/crypto/bcm/cipher.c @@ -2930,7 +2930,6 @@ static int aead_gcm_ccm_setkey(struct cr
ctx->enckeylen = keylen; ctx->authkeylen = 0; - memcpy(ctx->enckey, key, ctx->enckeylen);
switch (ctx->enckeylen) { case AES_KEYSIZE_128: @@ -2946,6 +2945,8 @@ static int aead_gcm_ccm_setkey(struct cr goto badkey; }
+ memcpy(ctx->enckey, key, ctx->enckeylen); + flow_log(" enckeylen:%u authkeylen:%u\n", ctx->enckeylen, ctx->authkeylen); flow_dump(" enc: ", ctx->enckey, ctx->enckeylen); @@ -3000,6 +3001,10 @@ static int aead_gcm_esp_setkey(struct cr struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
flow_log("%s\n", __func__); + + if (keylen < GCM_ESP_SALT_SIZE) + return -EINVAL; + ctx->salt_len = GCM_ESP_SALT_SIZE; ctx->salt_offset = GCM_ESP_SALT_OFFSET; memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE); @@ -3028,6 +3033,10 @@ static int rfc4543_gcm_esp_setkey(struct struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
flow_log("%s\n", __func__); + + if (keylen < GCM_ESP_SALT_SIZE) + return -EINVAL; + ctx->salt_len = GCM_ESP_SALT_SIZE; ctx->salt_offset = GCM_ESP_SALT_OFFSET; memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE); @@ -3057,6 +3066,10 @@ static int aead_ccm_esp_setkey(struct cr struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
flow_log("%s\n", __func__); + + if (keylen < CCM_ESP_SALT_SIZE) + return -EINVAL; + ctx->salt_len = CCM_ESP_SALT_SIZE; ctx->salt_offset = CCM_ESP_SALT_OFFSET; memcpy(ctx->salt, key + keylen - CCM_ESP_SALT_SIZE, CCM_ESP_SALT_SIZE);
From: Dominik Przychodni dominik.przychodni@intel.com
commit 45cb6653b0c355fc1445a8069ba78a4ce8720511 upstream.
Return -EINVAL for authenc(hmac(sha1),cbc(aes)), authenc(hmac(sha256),cbc(aes)) and authenc(hmac(sha512),cbc(aes)) if the cipher length is not multiple of the AES block. This is to prevent an undefined device behaviour.
Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface") Cc: stable@vger.kernel.org Signed-off-by: Dominik Przychodni dominik.przychodni@intel.com [giovanni.cabiddu@intel.com: reworded commit message] Signed-off-by: Giovanni Cabiddu giovanni.cabiddu@intel.com Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/crypto/qat/qat_common/qat_algs.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-)
--- a/drivers/crypto/qat/qat_common/qat_algs.c +++ b/drivers/crypto/qat/qat_common/qat_algs.c @@ -828,6 +828,11 @@ static int qat_alg_aead_dec(struct aead_ struct icp_qat_fw_la_bulk_req *msg; int digst_size = crypto_aead_authsize(aead_tfm); int ret, ctr = 0; + u32 cipher_len; + + cipher_len = areq->cryptlen - digst_size; + if (cipher_len % AES_BLOCK_SIZE != 0) + return -EINVAL;
ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req); if (unlikely(ret)) @@ -842,7 +847,7 @@ static int qat_alg_aead_dec(struct aead_ qat_req->req.comn_mid.src_data_addr = qat_req->buf.blp; qat_req->req.comn_mid.dest_data_addr = qat_req->buf.bloutp; cipher_param = (void *)&qat_req->req.serv_specif_rqpars; - cipher_param->cipher_length = areq->cryptlen - digst_size; + cipher_param->cipher_length = cipher_len; cipher_param->cipher_offset = areq->assoclen; memcpy(cipher_param->u.cipher_IV_array, areq->iv, AES_BLOCK_SIZE); auth_param = (void *)((u8 *)cipher_param + sizeof(*cipher_param)); @@ -871,6 +876,9 @@ static int qat_alg_aead_enc(struct aead_ u8 *iv = areq->iv; int ret, ctr = 0;
+ if (areq->cryptlen % AES_BLOCK_SIZE != 0) + return -EINVAL; + ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req); if (unlikely(ret)) return ret;
On Fri, 2020-10-16 at 11:08 +0200, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.9.1 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sun, 18 Oct 2020 09:04:25 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.1-rc1.g... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux- stable-rc.git linux-5.9.y and the diffstat can be found below.
thanks,
greg k-h
hello,
Compiled and booted 5.9.1-rc1+. Everything looks clean except "dmesg -l warn" This kernel like 5.8.13-rc1+ shows issue related in warning. Please see this...
--------------------x-------------------------x-------------x-----
$dmesg -l warn [ 0.589254] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. [ 0.592523] #3 [ 0.735219] ENERGY_PERF_BIAS: Set to 'normal', was 'performance' [ 11.454156] i8042: PNP: PS/2 appears to have AUX port disabled, if this is incorrect please boot with i8042.nopnp [ 13.519401] sdhci-pci 0000:00:1e.6: failed to setup card detect gpio [ 15.518853] i2c_hid i2c-ELAN1300:00: supply vdd not found, using dummy regulator [ 15.520777] i2c_hid i2c-ELAN1300:00: supply vddl not found, using dummy regulator [ 24.934891] systemd[1]: /lib/systemd/system/plymouth- start.service:16: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed. [ 38.110160] uvcvideo 1-6:1.0: Entity type for entity Extension 4 was not initialized! [ 38.110166] uvcvideo 1-6:1.0: Entity type for entity Processing 2 was not initialized! [ 38.110170] uvcvideo 1-6:1.0: Entity type for entity Camera 1 was not initialized! [ 41.031588] FAT-fs (sda1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
---------x--------------------x--------------------------------x---
Tested-by: Jeffrin Jose T jeffrin@rajagiritech.edu.in
On 16/10/2020 10:08, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.9.1 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sun, 18 Oct 2020 09:04:25 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.1-rc1.g... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.9.y and the diffstat can be found below.
thanks,
greg k-h
There is one test failure (new warning) for Tegra194 but this is a known issue for v5.9 and is fixed by Viresh's change [0]. Maybe we can pull into stable once it is merged to the mainline?
That said everything else looks good ...
Test results for stable-v5.9: 15 builds: 15 pass, 0 fail 26 boots: 26 pass, 0 fail 61 tests: 60 pass, 1 fail
Linux version: 5.9.1-rc1-g1cbc5f2d0eac Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000, tegra194-p2972-0000, tegra20-ventana, tegra210-p2371-2180, tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter jonathanh@nvidia.com
Jon
[0] https://lore.kernel.org/linux-pm/37c3f1f76c055b305d1bba2c2001ac5b1d7a9b5f.16...
On Fri, Oct 16, 2020 at 05:45:56PM +0100, Jon Hunter wrote:
On 16/10/2020 10:08, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.9.1 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sun, 18 Oct 2020 09:04:25 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.1-rc1.g... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.9.y and the diffstat can be found below.
thanks,
greg k-h
There is one test failure (new warning) for Tegra194 but this is a known issue for v5.9 and is fixed by Viresh's change [0]. Maybe we can pull into stable once it is merged to the mainline?
Please let me know if this hits Linus's tree and I don't pick it up.
That said everything else looks good ...
Test results for stable-v5.9: 15 builds: 15 pass, 0 fail 26 boots: 26 pass, 0 fail 61 tests: 60 pass, 1 fail
Linux version: 5.9.1-rc1-g1cbc5f2d0eac Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000, tegra194-p2972-0000, tegra20-ventana, tegra210-p2371-2180, tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter jonathanh@nvidia.com
Thanks for testing all of these and letting me know.
greg k-h
On Fri, 16 Oct 2020 at 14:42, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
This is the start of the stable review cycle for the 5.9.1 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sun, 18 Oct 2020 09:04:25 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.1-rc1.g... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.9.y and the diffstat can be found below.
thanks,
greg k-h
Results from Linaro’s test farm. No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing lkft@linaro.org
Summary ------------------------------------------------------------------------
kernel: 5.9.1-rc1 git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git git branch: linux-5.9.y git commit: 1cbc5f2d0eace639921f0e26fd6817e346961d5d git describe: v5.9-16-g1cbc5f2d0eac Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.9.y/build/v5.9-16...
No regressions (compared to build v5.9)
No fixes (compared to build v5.9)
Ran 29051 total tests in the following environments and test suites.
Environments -------------- - dragonboard-410c - hi6220-hikey - i386 - juno-r2 - juno-r2-compat - juno-r2-kasan - nxp-ls2088 - qemu_arm - qemu_arm64 - qemu_i386 - qemu_x86_64 - x15 - x86 - x86-kasan
Test Suites ----------- * build * libhugetlbfs * linux-log-parser * ltp-cap_bounds-tests * ltp-containers-tests * ltp-cpuhotplug-tests * ltp-crypto-tests * ltp-cve-tests * ltp-fcntl-locktests-tests * ltp-filecaps-tests * ltp-fs-tests * ltp-fs_bind-tests * ltp-fs_perms_simple-tests * ltp-fsx-tests * ltp-hugetlb-tests * ltp-ipc-tests * ltp-mm-tests * ltp-nptl-tests * ltp-pty-tests * ltp-securebits-tests * ltp-syscalls-tests * ltp-tracing-tests * v4l2-compliance * install-android-platform-tools-r2600 * ltp-commands-tests * ltp-controllers-tests * ltp-dio-tests * ltp-io-tests * ltp-math-tests * network-basic-tests * perf * ltp-sched-tests * ltp-quickhit-tests * kselftest * kselftest-vsyscall-mode-native * kselftest-vsyscall-mode-none
On Sat, Oct 17, 2020 at 12:33:06AM +0530, Naresh Kamboju wrote:
On Fri, 16 Oct 2020 at 14:42, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
This is the start of the stable review cycle for the 5.9.1 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sun, 18 Oct 2020 09:04:25 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.1-rc1.g... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.9.y and the diffstat can be found below.
thanks,
greg k-h
Results from Linaro’s test farm. No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing lkft@linaro.org
Thanks for testing all of these so quickly and letting me know.
greg k-h
On Fri, Oct 16, 2020 at 11:08:02AM +0200, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.9.1 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sun, 18 Oct 2020 09:04:25 +0000. Anything received after that time might be too late.
Build results: total: 154 pass: 153 fail: 1 Failed builds: mips:allmodconfig Qemu test results: total: 430 pass: 430 fail: 0
The mips build problem is inherited from mainline and still seen there.
ERROR: modpost: "fw_arg3" [drivers/mtd/parsers/bcm63xxpart.ko] undefined!
A fix is (finally) queued in -next.
Tested-by: Guenter Roeck linux@roeck-us.net
Guenter
On Fri, Oct 16, 2020 at 02:09:42PM -0700, Guenter Roeck wrote:
On Fri, Oct 16, 2020 at 11:08:02AM +0200, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.9.1 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sun, 18 Oct 2020 09:04:25 +0000. Anything received after that time might be too late.
Build results: total: 154 pass: 153 fail: 1 Failed builds: mips:allmodconfig Qemu test results: total: 430 pass: 430 fail: 0
The mips build problem is inherited from mainline and still seen there.
ERROR: modpost: "fw_arg3" [drivers/mtd/parsers/bcm63xxpart.ko] undefined!
A fix is (finally) queued in -next.
Good!
Tested-by: Guenter Roeck linux@roeck-us.net
Great, thanks for testing them all and letting me know.
greg k-h
On 10/16/20 3:08 AM, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.9.1 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sun, 18 Oct 2020 09:04:25 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.1-rc1.g... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.9.y and the diffstat can be found below.
thanks,
greg k-h
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan skhan@linuxfoundation.org
thanks, -- Shuah
On Sat, Oct 17, 2020 at 10:02:50AM -0600, Shuah Khan wrote:
On 10/16/20 3:08 AM, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.9.1 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sun, 18 Oct 2020 09:04:25 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.1-rc1.g... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.9.y and the diffstat can be found below.
thanks,
greg k-h
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan skhan@linuxfoundation.org
Thanks for testing them all and letting me know.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg Kroah-Hartman -
Guenter Roeck -
Jeffrin Jose T -
Jon Hunter -
Naresh Kamboju -
Shuah Khan