This is the start of the stable review cycle for the 4.14.266 release. There are 3 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Fri, 11 Feb 2022 19:12:41 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.266-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below.
thanks,
greg k-h
------------- Pseudo-Shortlog of commits:
Greg Kroah-Hartman gregkh@linuxfoundation.org Linux 4.14.266-rc1
luofei luofei@unicloud.com x86/mm, mm/hwpoison: Fix the unmap kernel 1:1 pages check condition
Greg Kroah-Hartman gregkh@linuxfoundation.org moxart: fix potential use-after-free on remove path
Eric W. Biederman ebiederm@xmission.com cgroup-v1: Require capabilities to set release_agent
-------------
Diffstat:
Makefile | 4 ++-- arch/x86/kernel/cpu/mcheck/mce.c | 2 +- drivers/mmc/host/moxart-mmc.c | 2 +- kernel/cgroup/cgroup-v1.c | 24 ++++++++++++++++++++++++ 4 files changed, 28 insertions(+), 4 deletions(-)
From: Eric W. Biederman ebiederm@xmission.com
commit 24f6008564183aa120d07c03d9289519c2fe02af upstream.
The cgroup release_agent is called with call_usermodehelper. The function call_usermodehelper starts the release_agent with a full set fo capabilities. Therefore require capabilities when setting the release_agaent.
Reported-by: Tabitha Sable tabitha.c.sable@gmail.com Tested-by: Tabitha Sable tabitha.c.sable@gmail.com Fixes: 81a6a5cdd2c5 ("Task Control Groups: automatic userspace notification of idle cgroups") Cc: stable@vger.kernel.org # v2.6.24+ Signed-off-by: "Eric W. Biederman" ebiederm@xmission.com Signed-off-by: Tejun Heo tj@kernel.org [mkoutny: Adjust for pre-fs_context, duplicate mount/remount check, drop log messages.] Acked-by: Michal Koutný mkoutny@suse.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- kernel/cgroup/cgroup-v1.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
--- a/kernel/cgroup/cgroup-v1.c +++ b/kernel/cgroup/cgroup-v1.c @@ -577,6 +577,14 @@ static ssize_t cgroup_release_agent_writ
BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX);
+ /* + * Release agent gets called with all capabilities, + * require capabilities to set release agent. + */ + if ((of->file->f_cred->user_ns != &init_user_ns) || + !capable(CAP_SYS_ADMIN)) + return -EPERM; + cgrp = cgroup_kn_lock_live(of->kn, false); if (!cgrp) return -ENODEV; @@ -1060,6 +1068,7 @@ static int cgroup1_remount(struct kernfs { int ret = 0; struct cgroup_root *root = cgroup_root_from_kf(kf_root); + struct cgroup_namespace *ns = current->nsproxy->cgroup_ns; struct cgroup_sb_opts opts; u16 added_mask, removed_mask;
@@ -1073,6 +1082,12 @@ static int cgroup1_remount(struct kernfs if (opts.subsys_mask != root->subsys_mask || opts.release_agent) pr_warn("option changes via remount are deprecated (pid=%d comm=%s)\n", task_tgid_nr(current), current->comm); + /* See cgroup1_mount release_agent handling */ + if (opts.release_agent && + ((ns->user_ns != &init_user_ns) || !capable(CAP_SYS_ADMIN))) { + ret = -EINVAL; + goto out_unlock; + }
added_mask = opts.subsys_mask & ~root->subsys_mask; removed_mask = root->subsys_mask & ~opts.subsys_mask; @@ -1236,6 +1251,15 @@ struct dentry *cgroup1_mount(struct file ret = -EPERM; goto out_unlock; } + /* + * Release agent gets called with all capabilities, + * require capabilities to set release agent. + */ + if (opts.release_agent && + ((ns->user_ns != &init_user_ns) || !capable(CAP_SYS_ADMIN))) { + ret = -EINVAL; + goto out_unlock; + }
root = kzalloc(sizeof(*root), GFP_KERNEL); if (!root) {
From: Greg Kroah-Hartman gregkh@linuxfoundation.org
commit bd2db32e7c3e35bd4d9b8bbff689434a50893546 upstream.
It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and using it instead of the pointer dereference.
Cc: Ulf Hansson ulf.hansson@linaro.org Cc: Xiyu Yang xiyuyang19@fudan.edu.cn Cc: Xin Xiong xiongx18@fudan.edu.cn Cc: Xin Tan tanxin.ctf@gmail.com Cc: Tony Lindgren tony@atomide.com Cc: Yang Li yang.lee@linux.alibaba.com Cc: linux-mmc@vger.kernel.org Cc: stable stable@vger.kernel.org Reported-by: whitehat002 hackyzh002@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Link: https://lore.kernel.org/r/20220127071638.4057899-1-gregkh@linuxfoundation.or... Signed-off-by: Ulf Hansson ulf.hansson@linaro.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/mmc/host/moxart-mmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mmc/host/moxart-mmc.c +++ b/drivers/mmc/host/moxart-mmc.c @@ -696,12 +696,12 @@ static int moxart_remove(struct platform if (!IS_ERR(host->dma_chan_rx)) dma_release_channel(host->dma_chan_rx); mmc_remove_host(mmc); - mmc_free_host(mmc);
writel(0, host->base + REG_INTERRUPT_MASK); writel(0, host->base + REG_POWER_CONTROL); writel(readl(host->base + REG_CLOCK_CONTROL) | CLK_OFF, host->base + REG_CLOCK_CONTROL); + mmc_free_host(mmc); } return 0; }
From: luofei luofei@unicloud.com
When fd0e786d9d09 ("x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages") was backported to 4.14.y, the logic was reversed when calling memory_failure() to determine whether it needs to unmap the kernel page. Only when memory_failure() returns successfully, the kernel page can be unmapped.
Signed-off-by: luofei luofei@unicloud.com Cc: stable@vger.kernel.org #v4.14.x Cc: stable@vger.kernel.org #v4.15.x Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- arch/x86/kernel/cpu/mcheck/mce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -589,7 +589,7 @@ static int srao_decode_notifier(struct n
if (mce_usable_address(mce) && (mce->severity == MCE_AO_SEVERITY)) { pfn = mce->addr >> PAGE_SHIFT; - if (memory_failure(pfn, MCE_VECTOR, 0)) + if (!memory_failure(pfn, MCE_VECTOR, 0)) mce_unmap_kpfn(pfn); }
On Wed, 09 Feb 2022 20:13:37 +0100, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 4.14.266 release. There are 3 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Fri, 11 Feb 2022 19:12:41 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.266-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below.
thanks,
greg k-h
All tests passing for Tegra ...
Test results for stable-v4.14: 8 builds: 8 pass, 0 fail 16 boots: 16 pass, 0 fail 32 tests: 32 pass, 0 fail
Linux version: 4.14.266-rc1-g11dfe0b41849 Boards tested: tegra124-jetson-tk1, tegra20-ventana, tegra210-p2371-2180, tegra30-cardhu-a04
Tested-by: Jon Hunter jonathanh@nvidia.com
Jon
On Thu, 10 Feb 2022 at 00:44, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
This is the start of the stable review cycle for the 4.14.266 release. There are 3 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Fri, 11 Feb 2022 19:12:41 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.266-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below.
thanks,
greg k-h
Results from Linaro’s test farm. No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing lkft@linaro.org
## Build * kernel: 4.14.266-rc1 * git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc * git branch: linux-4.14.y * git commit: 11dfe0b418492a0075056a9db72fd2a34628c1cd * git describe: v4.14.264-74-g11dfe0b41849 * test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-4.14.y/build/v4.14....
## Test Regressions (compared to v4.14.264-70-g1d3edcc1650d) No test regressions found.
## Metric Regressions (compared to v4.14.264-70-g1d3edcc1650d) No metric regressions found.
## Test Fixes (compared to v4.14.264-70-g1d3edcc1650d) No test fixes found.
## Metric Fixes (compared to v4.14.264-70-g1d3edcc1650d) No metric fixes found.
## Test result summary total: 52019, pass: 43671, fail: 273, skip: 7413, xfail: 662
## Build Summary * arm: 126 total, 118 passed, 8 failed * arm64: 32 total, 32 passed, 0 failed * i386: 18 total, 18 passed, 0 failed * mips: 22 total, 22 passed, 0 failed * powerpc: 52 total, 0 passed, 52 failed * sparc: 12 total, 12 passed, 0 failed * x86_64: 31 total, 31 passed, 0 failed
## Test suites summary * fwts * kselftest-android * kselftest-breakpoints * kselftest-capabilities * kselftest-cgroup * kselftest-clone3 * kselftest-core * kselftest-cpu-hotplug * kselftest-cpufreq * kselftest-drivers * kselftest-efivarfs * kselftest-filesystems * kselftest-firmware * kselftest-fpu * kselftest-futex * kselftest-gpio * kselftest-intel_pstate * kselftest-ipc * kselftest-ir * kselftest-kcmp * kselftest-kvm * kselftest-lib * kselftest-livepatch * kselftest-membarrier * kselftest-net * kselftest-netfilter * kselftest-nsfs * kselftest-openat2 * kselftest-pid_namespace * kselftest-pidfd * kselftest-proc * kselftest-pstore * kselftest-ptrace * kselftest-rseq * kselftest-rtc * kselftest-seccomp * kselftest-sigaltstack * kselftest-size * kselftest-splice * kselftest-static_keys * kselftest-sync * kselftest-sysctl * kselftest-timens * kselftest-timers * kselftest-tmpfs * kselftest-tpm2 * kselftest-user * kselftest-vm * kselftest-x86 * kselftest-zram * kvm-unit-tests * libhugetlbfs * linux-log-parser * ltp-cap_bounds-tests * ltp-commands-tests * ltp-containers-tests * ltp-controllers-tests * ltp-cpuhotplug-tests * ltp-crypto-tests * ltp-cve-tests * ltp-dio-tests * ltp-fcntl-locktests-tests * ltp-filecaps-tests * ltp-fs-tests * ltp-fs_bind-tests * ltp-fs_perms_simple-tests * ltp-fsx-tests * ltp-hugetlb-tests * ltp-io-tests * ltp-ipc-tests * ltp-math-tests * ltp-mm-tests * ltp-nptl-tests * ltp-open-posix-tests * ltp-pty-tests * ltp-sched-tests * ltp-securebits-tests * ltp-syscalls-tests * ltp-tracing-tests * network-basic-tests * packetdrill * rcutorture * v4l2-compliance
-- Linaro LKFT https://lkft.linaro.org
On Wed, Feb 9, 2022, at 2:13 PM, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 4.14.266 release. There are 3 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Fri, 11 Feb 2022 19:12:41 +0000. Anything received after that time might be too late.
Compiled and booted 4.14.266-rc1 on my x86_64 test system successfully without errors or regressions.
Tested-by: Slade Watkins slade@sladewatkins.com
Thanks, Slade
On Wed, Feb 09, 2022 at 08:13:37PM +0100, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 4.14.266 release. There are 3 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Fri, 11 Feb 2022 19:12:41 +0000. Anything received after that time might be too late.
Build results: total: 168 pass: 168 fail: 0 Qemu test results: total: 424 pass: 424 fail: 0
Tested-by: Guenter Roeck linux@roeck-us.net
Guenter
linux-stable-mirror@lists.linaro.org
-
Greg Kroah-Hartman -
Guenter Roeck -
Jon Hunter -
Naresh Kamboju -
Slade Watkins