From patchwork Thu Apr 15 14:46:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423374 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79227C433B4 for ; Thu, 15 Apr 2021 14:51:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5DC5961131 for ; Thu, 15 Apr 2021 14:51:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233897AbhDOOwE (ORCPT ); Thu, 15 Apr 2021 10:52:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:39128 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234095AbhDOOvV (ORCPT ); Thu, 15 Apr 2021 10:51:21 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id BD61E613A9; Thu, 15 Apr 2021 14:50:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498258; bh=Cl7ZrAP3yiXg+iRi11uR14V76FtA/bB7uBrf4q6kP/c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=q5+Z/GjJZntYnrYWswa/ogwpLf/6o0A+h5WEEpbsNIpb+dD/ItQEU8s9CGjtHgWfd qj/CiQl3KpTEo5Wo86lkOi1gaD4KBZ6ydr/ERGxDlFL7hR03YMr6+nBXYFPN9WnFIx a6gW8cFY1KQ0mlegoW8r+EbvJeYWHQ8A413O1rVQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ye Xiang , Stable@vger.kernel.org, Jonathan Cameron , Sudip Mukherjee Subject: [PATCH 4.9 02/47] iio: hid-sensor-prox: Fix scale not correct issue Date: Thu, 15 Apr 2021 16:46:54 +0200 Message-Id: <20210415144413.564376233@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Ye Xiang commit d68c592e02f6f49a88e705f13dfc1883432cf300 upstream Currently, the proxy sensor scale is zero because it just return the exponent directly. To fix this issue, this patch use hid_sensor_format_scale to process the scale first then return the output. Fixes: 39a3a0138f61 ("iio: hid-sensors: Added Proximity Sensor Driver") Signed-off-by: Ye Xiang Link: https://lore.kernel.org/r/20210130102530.31064-1-xiang.ye@intel.com Cc: Signed-off-by: Jonathan Cameron [sudip: adjust context] Signed-off-by: Sudip Mukherjee Signed-off-by: Greg Kroah-Hartman --- drivers/iio/light/hid-sensor-prox.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) --- a/drivers/iio/light/hid-sensor-prox.c +++ b/drivers/iio/light/hid-sensor-prox.c @@ -37,6 +37,9 @@ struct prox_state { struct hid_sensor_common common_attributes; struct hid_sensor_hub_attribute_info prox_attr; u32 human_presence; + int scale_pre_decml; + int scale_post_decml; + int scale_precision; }; /* Channel definitions */ @@ -105,8 +108,9 @@ static int prox_read_raw(struct iio_dev ret_type = IIO_VAL_INT; break; case IIO_CHAN_INFO_SCALE: - *val = prox_state->prox_attr.units; - ret_type = IIO_VAL_INT; + *val = prox_state->scale_pre_decml; + *val2 = prox_state->scale_post_decml; + ret_type = prox_state->scale_precision; break; case IIO_CHAN_INFO_OFFSET: *val = hid_sensor_convert_exponent( @@ -240,6 +244,12 @@ static int prox_parse_report(struct plat st->common_attributes.sensitivity.index, st->common_attributes.sensitivity.report_id); } + + st->scale_precision = hid_sensor_format_scale( + hsdev->usage, + &st->prox_attr, + &st->scale_pre_decml, &st->scale_post_decml); + return ret; } From patchwork Thu Apr 15 14:46:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423370 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E4C2C433B4 for ; Thu, 15 Apr 2021 14:52:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6A39C6113B for ; Thu, 15 Apr 2021 14:52:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234232AbhDOOwk (ORCPT ); Thu, 15 Apr 2021 10:52:40 -0400 Received: from mail.kernel.org ([198.145.29.99]:39522 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233606AbhDOOvm (ORCPT ); Thu, 15 Apr 2021 10:51:42 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 447E8613CC; Thu, 15 Apr 2021 14:51:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498279; bh=YUQgMlSEgtepU4She17fz62miPfplCtk5J0gCXpJpcs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aQF12Ya8CzngWyeES57IaKJSDSkfU8qyn9szlI+OjCaKRRkivsUc49qSPJzXA9Auu IlRZzQ/kZXLePdVfa2d/UByJR0I60jXEUQsLKlDE7dlXmvgkyIUTOLbw1KBG7CAO6x aA3XaH7izPxl5Wplg7b8nOz+VkAQYHEiWUrgxfvQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jonas Holmberg , Jaroslav Kysela , Takashi Iwai Subject: [PATCH 4.9 03/47] ALSA: aloop: Fix initialization of controls Date: Thu, 15 Apr 2021 16:46:55 +0200 Message-Id: <20210415144413.593823596@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jonas Holmberg commit 168632a495f49f33a18c2d502fc249d7610375e9 upstream. Add a control to the card before copying the id so that the numid field is initialized in the copy. Otherwise the numid field of active_id, format_id, rate_id and channels_id will be the same (0) and snd_ctl_notify() will not queue the events properly. Signed-off-by: Jonas Holmberg Reviewed-by: Jaroslav Kysela Cc: Link: https://lore.kernel.org/r/20210407075428.2666787-1-jonashg@axis.com Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman --- sound/drivers/aloop.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) --- a/sound/drivers/aloop.c +++ b/sound/drivers/aloop.c @@ -1062,6 +1062,14 @@ static int loopback_mixer_new(struct loo return -ENOMEM; kctl->id.device = dev; kctl->id.subdevice = substr; + + /* Add the control before copying the id so that + * the numid field of the id is set in the copy. + */ + err = snd_ctl_add(card, kctl); + if (err < 0) + return err; + switch (idx) { case ACTIVE_IDX: setup->active_id = kctl->id; @@ -1078,9 +1086,6 @@ static int loopback_mixer_new(struct loo default: break; } - err = snd_ctl_add(card, kctl); - if (err < 0) - return err; } } } From patchwork Thu Apr 15 14:46:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422421 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F1CC7C433B4 for ; Thu, 15 Apr 2021 14:52:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CB0EE613D8 for ; Thu, 15 Apr 2021 14:52:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234249AbhDOOxA (ORCPT ); Thu, 15 Apr 2021 10:53:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:38804 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233625AbhDOOvp (ORCPT ); Thu, 15 Apr 2021 10:51:45 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id B43CE6113B; Thu, 15 Apr 2021 14:51:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498282; bh=0G2t/u4UGpcS50sYNbUfPHmfD+IG25lvJtbd9qHARL0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tOci1fLZM4kZL7E5bJP+y9uuAAfeMB/NbxfkUs74MXpBxjDYPQ1Mx3jtmumF96PFn s+qjs3e9Afz6y5aLuug/bTP/siQNZVLZUUEevcIu6ok5T31QR5ZvdoI2LwVg1fyWDW Ba/9awh58YLFCjGntK8BvnDb5X2T4MUDAUuo4lqc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pierre-Louis Bossart , Hans de Goede , Mark Brown Subject: [PATCH 4.9 04/47] ASoC: intel: atom: Stop advertising non working S24LE support Date: Thu, 15 Apr 2021 16:46:56 +0200 Message-Id: <20210415144413.623616016@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Hans de Goede commit aa65bacdb70e549a81de03ec72338e1047842883 upstream. The SST firmware's media and deep-buffer inputs are hardcoded to S16LE, the corresponding DAIs don't have a hw_params callback and their prepare callback also does not take the format into account. So far the advertising of non working S24LE support has not caused issues because pulseaudio defaults to S16LE, but changing pulse-audio's config to use S24LE will result in broken sound. Pipewire is replacing pulse now and pipewire prefers S24LE over S16LE when available, causing the problem of the broken S24LE support to come to the surface now. Cc: stable@vger.kernel.org BugLink: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/866 Fixes: 098c2cd281409 ("ASoC: Intel: Atom: add 24-bit support for media playback and capture") Acked-by: Pierre-Louis Bossart Signed-off-by: Hans de Goede Link: https://lore.kernel.org/r/20210324132711.216152-2-hdegoede@redhat.com Signed-off-by: Mark Brown Signed-off-by: Greg Kroah-Hartman --- sound/soc/intel/atom/sst-mfld-platform-pcm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/sound/soc/intel/atom/sst-mfld-platform-pcm.c +++ b/sound/soc/intel/atom/sst-mfld-platform-pcm.c @@ -508,14 +508,14 @@ static struct snd_soc_dai_driver sst_pla .channels_min = SST_STEREO, .channels_max = SST_STEREO, .rates = SNDRV_PCM_RATE_44100|SNDRV_PCM_RATE_48000, - .formats = SNDRV_PCM_FMTBIT_S16_LE | SNDRV_PCM_FMTBIT_S24_LE, + .formats = SNDRV_PCM_FMTBIT_S16_LE, }, .capture = { .stream_name = "Headset Capture", .channels_min = 1, .channels_max = 2, .rates = SNDRV_PCM_RATE_44100|SNDRV_PCM_RATE_48000, - .formats = SNDRV_PCM_FMTBIT_S16_LE | SNDRV_PCM_FMTBIT_S24_LE, + .formats = SNDRV_PCM_FMTBIT_S16_LE, }, }, { @@ -526,7 +526,7 @@ static struct snd_soc_dai_driver sst_pla .channels_min = SST_STEREO, .channels_max = SST_STEREO, .rates = SNDRV_PCM_RATE_44100|SNDRV_PCM_RATE_48000, - .formats = SNDRV_PCM_FMTBIT_S16_LE | SNDRV_PCM_FMTBIT_S24_LE, + .formats = SNDRV_PCM_FMTBIT_S16_LE, }, }, { From patchwork Thu Apr 15 14:46:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423369 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0FBFDC43460 for ; Thu, 15 Apr 2021 14:53:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E61BF613EF for ; Thu, 15 Apr 2021 14:53:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233763AbhDOOxc (ORCPT ); Thu, 15 Apr 2021 10:53:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:39614 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234072AbhDOOvt (ORCPT ); Thu, 15 Apr 2021 10:51:49 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id A2321613BB; Thu, 15 Apr 2021 14:51:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498285; bh=rKs7XCrUW6sXmV4U4qBajC/vDGRR/PNicC23f4ay+QM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hkimSMeYcU/Qgg/xcKbnNdXJeYjfd8Jy7D9aUFNbs2DBeAwbvAlQq4A0s0An6ABTM hmWaaFcI5/ayNp3soisq4Q6M3ABauVTPrNOypEd+AUugoRzTHS8CHPCW4OVCBhhyLL AbFW1uXv/cQlmvgWfG+4XbA+RHNw13858/EQVTts= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?utf-8?q?kiyin_?= , Xiaoming Ni , "David S. Miller" Subject: [PATCH 4.9 05/47] nfc: fix refcount leak in llcp_sock_bind() Date: Thu, 15 Apr 2021 16:46:57 +0200 Message-Id: <20210415144413.652529355@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Xiaoming Ni commit c33b1cc62ac05c1dbb1cdafe2eb66da01c76ca8d upstream. nfc_llcp_local_get() is invoked in llcp_sock_bind(), but nfc_llcp_local_put() is not invoked in subsequent failure branches. As a result, refcount leakage occurs. To fix it, add calling nfc_llcp_local_put(). fix CVE-2020-25670 Fixes: c7aa12252f51 ("NFC: Take a reference on the LLCP local pointer when creating a socket") Reported-by: "kiyin(尹亮)" Link: https://www.openwall.com/lists/oss-security/2020/11/01/1 Cc: #v3.6 Signed-off-by: Xiaoming Ni Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/nfc/llcp_sock.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -119,11 +119,13 @@ static int llcp_sock_bind(struct socket llcp_sock->service_name_len, GFP_KERNEL); if (!llcp_sock->service_name) { + nfc_llcp_local_put(llcp_sock->local); ret = -ENOMEM; goto put_dev; } llcp_sock->ssap = nfc_llcp_get_sdp_ssap(local, llcp_sock); if (llcp_sock->ssap == LLCP_SAP_MAX) { + nfc_llcp_local_put(llcp_sock->local); kfree(llcp_sock->service_name); llcp_sock->service_name = NULL; ret = -EADDRINUSE; From patchwork Thu Apr 15 14:46:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422420 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3F841C43460 for ; Thu, 15 Apr 2021 14:53:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 21477613F5 for ; Thu, 15 Apr 2021 14:53:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234076AbhDOOxm (ORCPT ); Thu, 15 Apr 2021 10:53:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:38990 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233610AbhDOOvu (ORCPT ); Thu, 15 Apr 2021 10:51:50 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 413D7613C3; Thu, 15 Apr 2021 14:51:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498287; bh=oFAqnnUADnTEWjykGov1rmLc69VHpj5dRjoLHjvP8p0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=yhQoSrKHlb5ifR39r8NRvjBYQHXaf3SHvUgu5cbKK8ItDgAe19wgSvjS3naAev2Q1 Qa+L18Qb8chKUPT3eVMizK3eutks6qmajaXV44Kq71/DMdWu55DEDkCP2/DwBLBagI LNXFuo+pH3vJHXHe1LZbMUwqwLqMaUh4QhuvJSYE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?utf-8?q?kiyin_?= , Xiaoming Ni , "David S. Miller" Subject: [PATCH 4.9 06/47] nfc: fix refcount leak in llcp_sock_connect() Date: Thu, 15 Apr 2021 16:46:58 +0200 Message-Id: <20210415144413.682053007@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Xiaoming Ni commit 8a4cd82d62b5ec7e5482333a72b58a4eea4979f0 upstream. nfc_llcp_local_get() is invoked in llcp_sock_connect(), but nfc_llcp_local_put() is not invoked in subsequent failure branches. As a result, refcount leakage occurs. To fix it, add calling nfc_llcp_local_put(). fix CVE-2020-25671 Fixes: c7aa12252f51 ("NFC: Take a reference on the LLCP local pointer when creating a socket") Reported-by: "kiyin(尹亮)" Link: https://www.openwall.com/lists/oss-security/2020/11/01/1 Cc: #v3.6 Signed-off-by: Xiaoming Ni Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/nfc/llcp_sock.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -716,6 +716,7 @@ static int llcp_sock_connect(struct sock llcp_sock->local = nfc_llcp_local_get(local); llcp_sock->ssap = nfc_llcp_get_local_ssap(local); if (llcp_sock->ssap == LLCP_SAP_MAX) { + nfc_llcp_local_put(llcp_sock->local); ret = -ENOMEM; goto put_dev; } @@ -753,6 +754,7 @@ static int llcp_sock_connect(struct sock sock_unlink: nfc_llcp_put_ssap(local, llcp_sock->ssap); + nfc_llcp_local_put(llcp_sock->local); nfc_llcp_sock_unlink(&local->connecting_sockets, sk); From patchwork Thu Apr 15 14:46:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423368 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03CDEC43461 for ; Thu, 15 Apr 2021 14:53:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D62DA613CE for ; Thu, 15 Apr 2021 14:53:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234137AbhDOOxm (ORCPT ); Thu, 15 Apr 2021 10:53:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:39738 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233869AbhDOOvx (ORCPT ); Thu, 15 Apr 2021 10:51:53 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id C9EE4613CE; Thu, 15 Apr 2021 14:51:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498290; bh=fS+acfzHDpcFBoB9lxUE8LdI66SI5ldM2rL2MT5kA+M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HVVwpYIf4wxBt1IV3jYB5l0S3alyAvlxQi5/bGalBP5zi6a7nWuMp9+YzafB21vPt VaGxmPggFhblqdyAGng28mB8iKKDdjcSXf7Cx4W4DxPAhNnM133cpe5j8mlBMWt9ku uVM4SzkZ685jxNCDaQokN2UR6kd1fduFvJaMG1N8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?utf-8?q?kiyin_?= , Xiaoming Ni , "David S. Miller" Subject: [PATCH 4.9 07/47] nfc: fix memory leak in llcp_sock_connect() Date: Thu, 15 Apr 2021 16:46:59 +0200 Message-Id: <20210415144413.716748940@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Xiaoming Ni commit 7574fcdbdcb335763b6b322f6928dc0fd5730451 upstream. In llcp_sock_connect(), use kmemdup to allocate memory for "llcp_sock->service_name". The memory is not released in the sock_unlink label of the subsequent failure branch. As a result, memory leakage occurs. fix CVE-2020-25672 Fixes: d646960f7986 ("NFC: Initial LLCP support") Reported-by: "kiyin(尹亮)" Link: https://www.openwall.com/lists/oss-security/2020/11/01/1 Cc: #v3.3 Signed-off-by: Xiaoming Ni Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/nfc/llcp_sock.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -757,6 +757,8 @@ sock_unlink: nfc_llcp_local_put(llcp_sock->local); nfc_llcp_sock_unlink(&local->connecting_sockets, sk); + kfree(llcp_sock->service_name); + llcp_sock->service_name = NULL; put_dev: nfc_put_device(dev); From patchwork Thu Apr 15 14:47:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423361 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 387A8C43461 for ; Thu, 15 Apr 2021 14:54:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1E0A0613FB for ; Thu, 15 Apr 2021 14:54:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233778AbhDOOyp (ORCPT ); Thu, 15 Apr 2021 10:54:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:39798 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234166AbhDOOv5 (ORCPT ); Thu, 15 Apr 2021 10:51:57 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7783360FDC; Thu, 15 Apr 2021 14:51:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498293; bh=xhkDpRFRfP5r+hTYDvg5s+DyIrSAUNmXl65UQahiBLU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LfT8LHMoQ7tF1yKUln0BEwenkTnLvMCuxAzEakTs6nLk/4GpCrAVu9GDR09zEq6k2 sJRQnPJKe7nPDrPz0rVAEEXc+k4X/NQKN0yvfA/HFyHCjacBd6n1+un9HtS6pyqcrc tWu/q8ezWqdKHcxIRp9aEYe9ijs4QSk9eqCXsxD0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?utf-8?q?kiyin_?= , Xiaoming Ni , "David S. Miller" Subject: [PATCH 4.9 08/47] nfc: Avoid endless loops caused by repeated llcp_sock_connect() Date: Thu, 15 Apr 2021 16:47:00 +0200 Message-Id: <20210415144413.747208914@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Xiaoming Ni commit 4b5db93e7f2afbdfe3b78e37879a85290187e6f1 upstream. When sock_wait_state() returns -EINPROGRESS, "sk->sk_state" is LLCP_CONNECTING. In this case, llcp_sock_connect() is repeatedly invoked, nfc_llcp_sock_link() will add sk to local->connecting_sockets twice. sk->sk_node->next will point to itself, that will make an endless loop and hang-up the system. To fix it, check whether sk->sk_state is LLCP_CONNECTING in llcp_sock_connect() to avoid repeated invoking. Fixes: b4011239a08e ("NFC: llcp: Fix non blocking sockets connections") Reported-by: "kiyin(尹亮)" Link: https://www.openwall.com/lists/oss-security/2020/11/01/1 Cc: #v3.11 Signed-off-by: Xiaoming Ni Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/nfc/llcp_sock.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -685,6 +685,10 @@ static int llcp_sock_connect(struct sock ret = -EISCONN; goto error; } + if (sk->sk_state == LLCP_CONNECTING) { + ret = -EINPROGRESS; + goto error; + } dev = nfc_get_device(addr->dev_idx); if (dev == NULL) { From patchwork Thu Apr 15 14:47:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423360 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E686BC43461 for ; Thu, 15 Apr 2021 14:54:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C3C68613FB for ; Thu, 15 Apr 2021 14:54:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233772AbhDOOyp (ORCPT ); Thu, 15 Apr 2021 10:54:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:39830 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233924AbhDOOv6 (ORCPT ); Thu, 15 Apr 2021 10:51:58 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 0BA13613B0; Thu, 15 Apr 2021 14:51:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498295; bh=K1H/WDsuHcpkW1bvmk3llw5IfZ/OlVUWjq84KZVpwiQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CtId4pMEUUaxtJeRreKVtAQ7qFCfjmQq7ROjfcNgg7p7zkGCsnRYRyog5vyn1sQer PVNPT88UYYgYd6DeSpivoF+vn1rIdCdZ3/p/ONxYYCqXdr1D96eQfjTCXIzMwZRspA cCWPVkHYvBmLOkIbrRBqE7uVq4QIzbeR4MjO24ck= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Luca Fancellu , Julien Grall , Wei Liu , Boris Ostrovsky Subject: [PATCH 4.9 09/47] xen/evtchn: Change irq_info lock to raw_spinlock_t Date: Thu, 15 Apr 2021 16:47:01 +0200 Message-Id: <20210415144413.777394121@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Luca Fancellu commit d120198bd5ff1d41808b6914e1eb89aff937415c upstream. Unmask operation must be called with interrupt disabled, on preempt_rt spin_lock_irqsave/spin_unlock_irqrestore don't disable/enable interrupts, so use raw_* implementation and change lock variable in struct irq_info from spinlock_t to raw_spinlock_t Cc: stable@vger.kernel.org Fixes: 25da4618af24 ("xen/events: don't unmask an event channel when an eoi is pending") Signed-off-by: Luca Fancellu Reviewed-by: Julien Grall Reviewed-by: Wei Liu Link: https://lore.kernel.org/r/20210406105105.10141-1-luca.fancellu@arm.com Signed-off-by: Boris Ostrovsky Signed-off-by: Greg Kroah-Hartman --- drivers/xen/events/events_base.c | 10 +++++----- drivers/xen/events/events_internal.h | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -222,7 +222,7 @@ static int xen_irq_info_common_setup(str info->evtchn = evtchn; info->cpu = cpu; info->mask_reason = EVT_MASK_REASON_EXPLICIT; - spin_lock_init(&info->lock); + raw_spin_lock_init(&info->lock); ret = set_evtchn_to_irq(evtchn, irq); if (ret < 0) @@ -374,28 +374,28 @@ static void do_mask(struct irq_info *inf { unsigned long flags; - spin_lock_irqsave(&info->lock, flags); + raw_spin_lock_irqsave(&info->lock, flags); if (!info->mask_reason) mask_evtchn(info->evtchn); info->mask_reason |= reason; - spin_unlock_irqrestore(&info->lock, flags); + raw_spin_unlock_irqrestore(&info->lock, flags); } static void do_unmask(struct irq_info *info, u8 reason) { unsigned long flags; - spin_lock_irqsave(&info->lock, flags); + raw_spin_lock_irqsave(&info->lock, flags); info->mask_reason &= ~reason; if (!info->mask_reason) unmask_evtchn(info->evtchn); - spin_unlock_irqrestore(&info->lock, flags); + raw_spin_unlock_irqrestore(&info->lock, flags); } #ifdef CONFIG_X86 --- a/drivers/xen/events/events_internal.h +++ b/drivers/xen/events/events_internal.h @@ -47,7 +47,7 @@ struct irq_info { unsigned short eoi_cpu; /* EOI must happen on this cpu */ unsigned int irq_epoch; /* If eoi_cpu valid: irq_epoch of event */ u64 eoi_time; /* Time in jiffies when to EOI. */ - spinlock_t lock; + raw_spinlock_t lock; union { unsigned short virq; From patchwork Thu Apr 15 14:47:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423378 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E8BAC433ED for ; Thu, 15 Apr 2021 14:51:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 71BB1613BA for ; Thu, 15 Apr 2021 14:51:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234023AbhDOOve (ORCPT ); Thu, 15 Apr 2021 10:51:34 -0400 Received: from mail.kernel.org ([198.145.29.99]:38540 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234018AbhDOOux (ORCPT ); Thu, 15 Apr 2021 10:50:53 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 64878613CC; Thu, 15 Apr 2021 14:50:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498230; bh=oNJ7nW236P+gK/BfG289r6FyJMKBLvxHsPXI/q0g6+c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YDu9OJqQOyFbUxAFebt70Yr5zhAXousxTxGpAL2iEc+DrrU6yDrq6V3+7UYNKqP0U h5Jd496+m+KjhmOmJX2OEt3Fyk+aIvc0Ml2dxKiS9iIcOj7fY/KCka420+ovCz5m1P dVTUTkHQJEFIjEF7oyMCFNvthQQfG0uC/qQpLlZ4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Muhammad Usama Anjum , "David S. Miller" Subject: [PATCH 4.9 10/47] net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh Date: Thu, 15 Apr 2021 16:47:02 +0200 Message-Id: <20210415144413.806295129@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Muhammad Usama Anjum commit 864db232dc7036aa2de19749c3d5be0143b24f8f upstream. nlh is being checked for validtity two times when it is dereferenced in this function. Check for validity again when updating the flags through nlh pointer to make the dereferencing safe. CC: Addresses-Coverity: ("NULL pointer dereference") Signed-off-by: Muhammad Usama Anjum Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv6/route.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -3069,9 +3069,11 @@ static int ip6_route_multipath_add(struc * nexthops have been replaced by first new, the rest should * be added to it. */ - cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | - NLM_F_REPLACE); - cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE; + if (cfg->fc_nlinfo.nlh) { + cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | + NLM_F_REPLACE); + cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE; + } nhn++; } From patchwork Thu Apr 15 14:47:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423379 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8A16C43461 for ; Thu, 15 Apr 2021 14:51:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C5843613BA for ; Thu, 15 Apr 2021 14:51:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233685AbhDOOvd (ORCPT ); Thu, 15 Apr 2021 10:51:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:37632 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232767AbhDOOu4 (ORCPT ); Thu, 15 Apr 2021 10:50:56 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 01D386113B; Thu, 15 Apr 2021 14:50:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498232; bh=y7Cv+OVHuX4wPsXxP2+C6mwyl21cXJ8vYFpW84dFT1Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hheCZu9b8PZSXZm9PFxl31W/3NOjUb8D2UxR5BW5s05np8NI6bUZ94ybyj28y4UIT Sh1udGRNSVNgOfctOyonC8nT5xl2SX/G5hOzBDCoZaYrXPn5/jMN/mfkWtuy02xCXV BzjWKv5Fk/a8xFV474zbK7vxQlXMgFKScD22u7DM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sergei Trofimovich , "Dmitry V. Levin" , Oleg Nesterov , Andrew Morton , Linus Torvalds Subject: [PATCH 4.9 11/47] ia64: fix user_stack_pointer() for ptrace() Date: Thu, 15 Apr 2021 16:47:03 +0200 Message-Id: <20210415144413.836396126@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Sergei Trofimovich commit 7ad1e366167837daeb93d0bacb57dee820b0b898 upstream. ia64 has two stacks: - memory stack (or stack), pointed at by by r12 - register backing store (register stack), pointed at by ar.bsp/ar.bspstore with complications around dirty register frame on CPU. In [1] Dmitry noticed that PTRACE_GET_SYSCALL_INFO returns the register stack instead memory stack. The bug comes from the fact that user_stack_pointer() and current_user_stack_pointer() don't return the same register: ulong user_stack_pointer(struct pt_regs *regs) { return regs->ar_bspstore; } #define current_user_stack_pointer() (current_pt_regs()->r12) The change gets both back in sync. I think ptrace(PTRACE_GET_SYSCALL_INFO) is the only affected user by this bug on ia64. The change fixes 'rt_sigreturn.gen.test' strace test where it was observed initially. Link: https://bugs.gentoo.org/769614 [1] Link: https://lkml.kernel.org/r/20210331084447.2561532-1-slyfox@gentoo.org Signed-off-by: Sergei Trofimovich Reported-by: Dmitry V. Levin Cc: Oleg Nesterov Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- arch/ia64/include/asm/ptrace.h | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) --- a/arch/ia64/include/asm/ptrace.h +++ b/arch/ia64/include/asm/ptrace.h @@ -53,8 +53,7 @@ static inline unsigned long user_stack_pointer(struct pt_regs *regs) { - /* FIXME: should this be bspstore + nr_dirty regs? */ - return regs->ar_bspstore; + return regs->r12; } static inline int is_syscall_success(struct pt_regs *regs) @@ -78,11 +77,6 @@ static inline long regs_return_value(str unsigned long __ip = instruction_pointer(regs); \ (__ip & ~3UL) + ((__ip & 3UL) << 2); \ }) -/* - * Why not default? Because user_stack_pointer() on ia64 gives register - * stack backing store instead... - */ -#define current_user_stack_pointer() (current_pt_regs()->r12) /* given a pointer to a task_struct, return the user's pt_regs */ # define task_pt_regs(t) (((struct pt_regs *) ((char *) (t) + IA64_STK_OFFSET)) - 1) From patchwork Thu Apr 15 14:47:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422430 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5858C43462 for ; Thu, 15 Apr 2021 14:51:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 98BB6613BA for ; Thu, 15 Apr 2021 14:51:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233926AbhDOOvd (ORCPT ); Thu, 15 Apr 2021 10:51:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:38598 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234034AbhDOOu6 (ORCPT ); Thu, 15 Apr 2021 10:50:58 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9A2BE613C7; Thu, 15 Apr 2021 14:50:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498235; bh=QCwKT2m+EHnoIAbXPb8UxtblpvP5x/JRzYwOQydAP4g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=P9tjIyD/eSlSmkpO3XK/nNw6mQFlQiQqBXW9t4B7OhlSubRANUxbsWqDNsGy2E4Ra 1aTBhpv4RLUADJ+s6F7o2isZBo90n08EZhQoWutC5NnEWcCzubNFR7QZQ7fPhjUAGS V5n2AvwHQGhhLZHgJ6lCUtjgZYFUetQCd8plszMY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Wengang Wang , Joseph Qi , Mark Fasheh , Joel Becker , Junxiao Bi , Changwei Ge , Gang He , Jun Piao , Andrew Morton , Linus Torvalds Subject: [PATCH 4.9 12/47] ocfs2: fix deadlock between setattr and dio_end_io_write Date: Thu, 15 Apr 2021 16:47:04 +0200 Message-Id: <20210415144413.867099958@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Wengang Wang commit 90bd070aae6c4fb5d302f9c4b9c88be60c8197ec upstream. The following deadlock is detected: truncate -> setattr path is waiting for pending direct IO to be done (inode->i_dio_count become zero) with inode->i_rwsem held (down_write). PID: 14827 TASK: ffff881686a9af80 CPU: 20 COMMAND: "ora_p005_hrltd9" #0 __schedule at ffffffff818667cc #1 schedule at ffffffff81866de6 #2 inode_dio_wait at ffffffff812a2d04 #3 ocfs2_setattr at ffffffffc05f322e [ocfs2] #4 notify_change at ffffffff812a5a09 #5 do_truncate at ffffffff812808f5 #6 do_sys_ftruncate.constprop.18 at ffffffff81280cf2 #7 sys_ftruncate at ffffffff81280d8e #8 do_syscall_64 at ffffffff81003949 #9 entry_SYSCALL_64_after_hwframe at ffffffff81a001ad dio completion path is going to complete one direct IO (decrement inode->i_dio_count), but before that it hung at locking inode->i_rwsem: #0 __schedule+700 at ffffffff818667cc #1 schedule+54 at ffffffff81866de6 #2 rwsem_down_write_failed+536 at ffffffff8186aa28 #3 call_rwsem_down_write_failed+23 at ffffffff8185a1b7 #4 down_write+45 at ffffffff81869c9d #5 ocfs2_dio_end_io_write+180 at ffffffffc05d5444 [ocfs2] #6 ocfs2_dio_end_io+85 at ffffffffc05d5a85 [ocfs2] #7 dio_complete+140 at ffffffff812c873c #8 dio_aio_complete_work+25 at ffffffff812c89f9 #9 process_one_work+361 at ffffffff810b1889 #10 worker_thread+77 at ffffffff810b233d #11 kthread+261 at ffffffff810b7fd5 #12 ret_from_fork+62 at ffffffff81a0035e Thus above forms ABBA deadlock. The same deadlock was mentioned in upstream commit 28f5a8a7c033 ("ocfs2: should wait dio before inode lock in ocfs2_setattr()"). It seems that that commit only removed the cluster lock (the victim of above dead lock) from the ABBA deadlock party. End-user visible effects: Process hang in truncate -> ocfs2_setattr path and other processes hang at ocfs2_dio_end_io_write path. This is to fix the deadlock itself. It removes inode_lock() call from dio completion path to remove the deadlock and add ip_alloc_sem lock in setattr path to synchronize the inode modifications. [wen.gang.wang@oracle.com: remove the "had_alloc_lock" as suggested] Link: https://lkml.kernel.org/r/20210402171344.1605-1-wen.gang.wang@oracle.com Link: https://lkml.kernel.org/r/20210331203654.3911-1-wen.gang.wang@oracle.com Signed-off-by: Wengang Wang Reviewed-by: Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Changwei Ge Cc: Gang He Cc: Jun Piao Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- fs/ocfs2/aops.c | 11 +---------- fs/ocfs2/file.c | 8 ++++++-- 2 files changed, 7 insertions(+), 12 deletions(-) --- a/fs/ocfs2/aops.c +++ b/fs/ocfs2/aops.c @@ -2301,7 +2301,7 @@ static void ocfs2_dio_end_io_write(struc struct ocfs2_alloc_context *meta_ac = NULL; handle_t *handle = NULL; loff_t end = offset + bytes; - int ret = 0, credits = 0, locked = 0; + int ret = 0, credits = 0; ocfs2_init_dealloc_ctxt(&dealloc); @@ -2312,13 +2312,6 @@ static void ocfs2_dio_end_io_write(struc !dwc->dw_orphaned) goto out; - /* ocfs2_file_write_iter will get i_mutex, so we need not lock if we - * are in that context. */ - if (dwc->dw_writer_pid != task_pid_nr(current)) { - inode_lock(inode); - locked = 1; - } - ret = ocfs2_inode_lock(inode, &di_bh, 1); if (ret < 0) { mlog_errno(ret); @@ -2393,8 +2386,6 @@ out: if (meta_ac) ocfs2_free_alloc_context(meta_ac); ocfs2_run_deallocs(osb, &dealloc); - if (locked) - inode_unlock(inode); ocfs2_dio_free_write_ctx(inode, dwc); } --- a/fs/ocfs2/file.c +++ b/fs/ocfs2/file.c @@ -1236,22 +1236,24 @@ int ocfs2_setattr(struct dentry *dentry, goto bail_unlock; } } + down_write(&OCFS2_I(inode)->ip_alloc_sem); handle = ocfs2_start_trans(osb, OCFS2_INODE_UPDATE_CREDITS + 2 * ocfs2_quota_trans_credits(sb)); if (IS_ERR(handle)) { status = PTR_ERR(handle); mlog_errno(status); - goto bail_unlock; + goto bail_unlock_alloc; } status = __dquot_transfer(inode, transfer_to); if (status < 0) goto bail_commit; } else { + down_write(&OCFS2_I(inode)->ip_alloc_sem); handle = ocfs2_start_trans(osb, OCFS2_INODE_UPDATE_CREDITS); if (IS_ERR(handle)) { status = PTR_ERR(handle); mlog_errno(status); - goto bail_unlock; + goto bail_unlock_alloc; } } @@ -1264,6 +1266,8 @@ int ocfs2_setattr(struct dentry *dentry, bail_commit: ocfs2_commit_trans(osb, handle); +bail_unlock_alloc: + up_write(&OCFS2_I(inode)->ip_alloc_sem); bail_unlock: if (status) { ocfs2_inode_unlock(inode, 1); From patchwork Thu Apr 15 14:47:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422429 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E587EC433B4 for ; Thu, 15 Apr 2021 14:51:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CD9F4613CC for ; Thu, 15 Apr 2021 14:51:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234121AbhDOOvf (ORCPT ); Thu, 15 Apr 2021 10:51:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:38004 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234046AbhDOOvB (ORCPT ); Thu, 15 Apr 2021 10:51:01 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 940F3613BA; Thu, 15 Apr 2021 14:50:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498238; bh=4lJThul/wz5GfpjV0ZclYVjx+hQZYcext+kvej/pxVg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=1tPNTpWuBI6XPjChpVol2JnMj2SQo1EmnyddJ9ipzNqii8JKpwTOxdyQ5eb3Mt9Ty NcKkLWpYEtOk33HeBEabYjURXbMDTjXKq8Kirj3+Sq+V5VAglWOPJlaPG/8CDO4GDE wZC9QeUEMJauOtpE3Usi97DNRl8KfZVCqEN96wx0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jack Qiu , Jan Kara , Andrew Morton , Linus Torvalds Subject: [PATCH 4.9 13/47] fs: direct-io: fix missing sdio->boundary Date: Thu, 15 Apr 2021 16:47:05 +0200 Message-Id: <20210415144413.897424022@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jack Qiu commit df41872b68601059dd4a84858952dcae58acd331 upstream. I encountered a hung task issue, but not a performance one. I run DIO on a device (need lba continuous, for example open channel ssd), maybe hungtask in below case: DIO: Checkpoint: get addr A(at boundary), merge into BIO, no submit because boundary missing flush dirty data(get addr A+1), wait IO(A+1) writeback timeout, because DIO(A) didn't submit get addr A+2 fail, because checkpoint is doing dio_send_cur_page() may clear sdio->boundary, so prevent it from missing a boundary. Link: https://lkml.kernel.org/r/20210322042253.38312-1-jack.qiu@huawei.com Fixes: b1058b981272 ("direct-io: submit bio after boundary buffer is added to it") Signed-off-by: Jack Qiu Reviewed-by: Jan Kara Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- fs/direct-io.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/fs/direct-io.c +++ b/fs/direct-io.c @@ -793,6 +793,7 @@ submit_page_section(struct dio *dio, str struct buffer_head *map_bh) { int ret = 0; + int boundary = sdio->boundary; /* dio_send_cur_page may clear it */ if (dio->op == REQ_OP_WRITE) { /* @@ -831,10 +832,10 @@ submit_page_section(struct dio *dio, str sdio->cur_page_fs_offset = sdio->block_in_file << sdio->blkbits; out: /* - * If sdio->boundary then we want to schedule the IO now to + * If boundary then we want to schedule the IO now to * avoid metadata seeks. */ - if (sdio->boundary) { + if (boundary) { ret = dio_send_cur_page(dio, sdio, map_bh); if (sdio->bio) dio_bio_submit(dio, sdio); From patchwork Thu Apr 15 14:47:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423377 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 182CEC433B4 for ; Thu, 15 Apr 2021 14:51:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F0D0F613CC for ; Thu, 15 Apr 2021 14:51:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233982AbhDOOvj (ORCPT ); Thu, 15 Apr 2021 10:51:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:38742 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233672AbhDOOvE (ORCPT ); Thu, 15 Apr 2021 10:51:04 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id BDA13613CD; Thu, 15 Apr 2021 14:50:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498241; bh=CdFy9NaQLEmg/PUPCmbb3Ug+hSGqUwHXpr81Mm0c7Xs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=i7TZY6NaeSqtPqSHSX7uFj/NS7d1ejFOnKgAnUHv8I/7N50AZQajzmLhcjC6L/fIr okDwEYkj3HixJehJ2M7KDwguATTXFIfrQ09OqnG044iTDGxAeLw2SxA3Df2clBuZuv 5/wmC+Seg5xYwrOk/jh5aAB9foiWqdViZKLLzPjA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, kernel test robot , Helge Deller Subject: [PATCH 4.9 14/47] parisc: parisc-agp requires SBA IOMMU driver Date: Thu, 15 Apr 2021 16:47:06 +0200 Message-Id: <20210415144413.926573109@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Helge Deller commit 9054284e8846b0105aad43a4e7174ca29fffbc44 upstream. Add a dependency to the SBA IOMMU driver to avoid: ERROR: modpost: "sba_list" [drivers/char/agp/parisc-agp.ko] undefined! Reported-by: kernel test robot Cc: stable@vger.kernel.org Signed-off-by: Helge Deller Signed-off-by: Greg Kroah-Hartman --- drivers/char/agp/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/char/agp/Kconfig +++ b/drivers/char/agp/Kconfig @@ -124,7 +124,7 @@ config AGP_HP_ZX1 config AGP_PARISC tristate "HP Quicksilver AGP support" - depends on AGP && PARISC && 64BIT + depends on AGP && PARISC && 64BIT && IOMMU_SBA help This option gives you AGP GART support for the HP Quicksilver AGP bus adapter on HP PA-RISC machines (Ok, just on the C8000 From patchwork Thu Apr 15 14:47:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422428 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, UNWANTED_LANGUAGE_BODY,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB753C433ED for ; Thu, 15 Apr 2021 14:51:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B4826613D3 for ; Thu, 15 Apr 2021 14:51:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233595AbhDOOvp (ORCPT ); Thu, 15 Apr 2021 10:51:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:38804 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233948AbhDOOvH (ORCPT ); Thu, 15 Apr 2021 10:51:07 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 844CC613C3; Thu, 15 Apr 2021 14:50:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498244; bh=7gOT+euCVm7O7XlWbv/g4fgdzJgd7Y8iqX0HZT1O+14=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tzLijPWxuVazA6Lactn7spz/eFeHQkMoEcAJ+CrXNHvnpuO+qIcWRiEMODgZmOiqj 80CGNA7/a5PcGiCFMikAw1Uek7ST+Q7lmH8ZUdnTdPbgqjv4fLLdptdOYCfor5X/xE 8BtcIQ3JZTtEa3EIcTIpojU3ge9pah6UyjKOjnsU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Liam Beguin , Helge Deller , Gao Xiang Subject: [PATCH 4.9 15/47] parisc: avoid a warning on u8 cast for cmpxchg on u8 pointers Date: Thu, 15 Apr 2021 16:47:07 +0200 Message-Id: <20210415144413.954642795@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Gao Xiang commit 4d752e5af63753ab5140fc282929b98eaa4bd12e upstream. commit b344d6a83d01 ("parisc: add support for cmpxchg on u8 pointers") can generate a sparse warning ("cast truncates bits from constant value"), which has been reported several times [1] [2] [3]. The original code worked as expected, but anyway, let silence such sparse warning as what others did [4]. [1] https://lore.kernel.org/r/202104061220.nRMBwCXw-lkp@intel.com [2] https://lore.kernel.org/r/202012291914.T5Agcn99-lkp@intel.com [3] https://lore.kernel.org/r/202008210829.KVwn7Xeh%25lkp@intel.com [4] https://lore.kernel.org/r/20210315131512.133720-2-jacopo+renesas@jmondi.org Cc: Liam Beguin Cc: Helge Deller Cc: stable@vger.kernel.org # v5.8+ Signed-off-by: Gao Xiang Signed-off-by: Helge Deller Signed-off-by: Greg Kroah-Hartman --- arch/parisc/include/asm/cmpxchg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/parisc/include/asm/cmpxchg.h +++ b/arch/parisc/include/asm/cmpxchg.h @@ -71,7 +71,7 @@ __cmpxchg(volatile void *ptr, unsigned l #endif case 4: return __cmpxchg_u32((unsigned int *)ptr, (unsigned int)old, (unsigned int)new_); - case 1: return __cmpxchg_u8((u8 *)ptr, (u8)old, (u8)new_); + case 1: return __cmpxchg_u8((u8 *)ptr, old & 0xff, new_ & 0xff); } __cmpxchg_called_with_bad_pointer(); return old; From patchwork Thu Apr 15 14:47:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423376 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63947C43460 for ; Thu, 15 Apr 2021 14:51:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3BE28613D2 for ; Thu, 15 Apr 2021 14:51:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233637AbhDOOvr (ORCPT ); Thu, 15 Apr 2021 10:51:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:38902 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234064AbhDOOvK (ORCPT ); Thu, 15 Apr 2021 10:51:10 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6472F613E5; Thu, 15 Apr 2021 14:50:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498247; bh=DLR0pGJjcSajgW7bLSQSy341cTYopg9t6bizjkjVZ/k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=I38hJmzscpQDS4tC8IOt/IJUa7J7/2PeLjxHr7fiPXnOpNfZa1msq8dKP027So1vF UnY9g8yxJABbdgMrl/ljWcvZVSQYPVmsUQ9dK5apJhBB5ApZYKf1VaLWWEpgraoBCW OafcSl2mAplKlsLib3gXfpudZM9DFM8Jj91NS8b4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot , Tetsuo Handa , Sven Eckelmann , "David S. Miller" Subject: [PATCH 4.9 16/47] batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field Date: Thu, 15 Apr 2021 16:47:08 +0200 Message-Id: <20210415144413.985626514@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Tetsuo Handa commit 08c27f3322fec11950b8f1384aa0f3b11d028528 upstream. KMSAN found uninitialized value at batadv_tt_prepare_tvlv_local_data() [1], for commit ced72933a5e8ab52 ("batman-adv: use CRC32C instead of CRC16 in TT code") inserted 'reserved' field into "struct batadv_tvlv_tt_data" and commit 7ea7b4a142758dea ("batman-adv: make the TT CRC logic VLAN specific") moved that field to "struct batadv_tvlv_tt_vlan_data" but left that field uninitialized. [1] https://syzkaller.appspot.com/bug?id=07f3e6dba96f0eb3cabab986adcd8a58b9bdbe9d Reported-by: syzbot Tested-by: syzbot Signed-off-by: Tetsuo Handa Fixes: ced72933a5e8ab52 ("batman-adv: use CRC32C instead of CRC16 in TT code") Fixes: 7ea7b4a142758dea ("batman-adv: make the TT CRC logic VLAN specific") Acked-by: Sven Eckelmann Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/batman-adv/translation-table.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/batman-adv/translation-table.c +++ b/net/batman-adv/translation-table.c @@ -897,6 +897,7 @@ batadv_tt_prepare_tvlv_global_data(struc hlist_for_each_entry_rcu(vlan, &orig_node->vlan_list, list) { tt_vlan->vid = htons(vlan->vid); tt_vlan->crc = htonl(vlan->tt.crc); + tt_vlan->reserved = 0; tt_vlan++; } @@ -980,6 +981,7 @@ batadv_tt_prepare_tvlv_local_data(struct tt_vlan->vid = htons(vlan->vid); tt_vlan->crc = htonl(vlan->tt.crc); + tt_vlan->reserved = 0; tt_vlan++; } From patchwork Thu Apr 15 14:47:09 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422427 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E325C433ED for ; Thu, 15 Apr 2021 14:51:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E2DE4613CF for ; Thu, 15 Apr 2021 14:51:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234152AbhDOOvu (ORCPT ); Thu, 15 Apr 2021 10:51:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:38990 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234078AbhDOOvM (ORCPT ); Thu, 15 Apr 2021 10:51:12 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 114DB613C5; Thu, 15 Apr 2021 14:50:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498249; bh=8YhNqd0bxrphCpCc3EdA9iz1v9qb0MULPkODsT5opLA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=1ZYyAPpEfDWpSiFoOlQStHfkusDq0lmMv57mR619VzFyQkwTfGLaktPCfs0vnG/XO L6k38fZk8xmA+9Fq/8ZhWBzmybGYMCiYh3+ebKMknyTRHHPtXslVJaYT0wnTYJ5SQ6 oWLkfaQQkB5CABOkwLxffrhBeuTqqkehQNvZZ544= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pavel Tikhomirov , Eric Dumazet , "David S. Miller" Subject: [PATCH 4.9 17/47] net: sched: sch_teql: fix null-pointer dereference Date: Thu, 15 Apr 2021 16:47:09 +0200 Message-Id: <20210415144414.017068339@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Pavel Tikhomirov commit 1ffbc7ea91606e4abd10eb60de5367f1c86daf5e upstream. Reproduce: modprobe sch_teql tc qdisc add dev teql0 root teql0 This leads to (for instance in Centos 7 VM) OOPS: [ 532.366633] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a8 [ 532.366733] IP: [] teql_destroy+0x18/0x100 [sch_teql] [ 532.366825] PGD 80000001376d5067 PUD 137e37067 PMD 0 [ 532.366906] Oops: 0000 [#1] SMP [ 532.366987] Modules linked in: sch_teql ... [ 532.367945] CPU: 1 PID: 3026 Comm: tc Kdump: loaded Tainted: G ------------ T 3.10.0-1062.7.1.el7.x86_64 #1 [ 532.368041] Hardware name: Virtuozzo KVM, BIOS 1.11.0-2.vz7.2 04/01/2014 [ 532.368125] task: ffff8b7d37d31070 ti: ffff8b7c9fdbc000 task.ti: ffff8b7c9fdbc000 [ 532.368224] RIP: 0010:[] [] teql_destroy+0x18/0x100 [sch_teql] [ 532.368320] RSP: 0018:ffff8b7c9fdbf8e0 EFLAGS: 00010286 [ 532.368394] RAX: ffffffffc0612490 RBX: ffff8b7cb1565e00 RCX: ffff8b7d35ba2000 [ 532.368476] RDX: ffff8b7d35ba2000 RSI: 0000000000000000 RDI: ffff8b7cb1565e00 [ 532.368557] RBP: ffff8b7c9fdbf8f8 R08: ffff8b7d3fd1f140 R09: ffff8b7d3b001600 [ 532.368638] R10: ffff8b7d3b001600 R11: ffffffff84c7d65b R12: 00000000ffffffd8 [ 532.368719] R13: 0000000000008000 R14: ffff8b7d35ba2000 R15: ffff8b7c9fdbf9a8 [ 532.368800] FS: 00007f6a4e872740(0000) GS:ffff8b7d3fd00000(0000) knlGS:0000000000000000 [ 532.368885] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 532.368961] CR2: 00000000000000a8 CR3: 00000001396ee000 CR4: 00000000000206e0 [ 532.369046] Call Trace: [ 532.369159] [] qdisc_create+0x36e/0x450 [ 532.369268] [] ? ns_capable+0x29/0x50 [ 532.369366] [] ? nla_parse+0x32/0x120 [ 532.369442] [] tc_modify_qdisc+0x13c/0x610 [ 532.371508] [] rtnetlink_rcv_msg+0xa7/0x260 [ 532.372668] [] ? sock_has_perm+0x75/0x90 [ 532.373790] [] ? rtnl_newlink+0x890/0x890 [ 532.374914] [] netlink_rcv_skb+0xab/0xc0 [ 532.376055] [] rtnetlink_rcv+0x28/0x30 [ 532.377204] [] netlink_unicast+0x170/0x210 [ 532.378333] [] netlink_sendmsg+0x308/0x420 [ 532.379465] [] sock_sendmsg+0xb6/0xf0 [ 532.380710] [] ? __xfs_filemap_fault+0x8e/0x1d0 [xfs] [ 532.381868] [] ? xfs_filemap_fault+0x2c/0x30 [xfs] [ 532.383037] [] ? __do_fault.isra.61+0x8a/0x100 [ 532.384144] [] ___sys_sendmsg+0x3e9/0x400 [ 532.385268] [] ? handle_mm_fault+0x39d/0x9b0 [ 532.386387] [] ? __do_page_fault+0x238/0x500 [ 532.387472] [] __sys_sendmsg+0x51/0x90 [ 532.388560] [] SyS_sendmsg+0x12/0x20 [ 532.389636] [] system_call_fastpath+0x25/0x2a [ 532.390704] [] ? system_call_after_swapgs+0xae/0x146 [ 532.391753] Code: 00 00 00 00 00 00 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 89 e5 41 55 41 54 53 48 8b b7 48 01 00 00 48 89 fb <48> 8b 8e a8 00 00 00 48 85 c9 74 43 48 89 ca eb 0f 0f 1f 80 00 [ 532.394036] RIP [] teql_destroy+0x18/0x100 [sch_teql] [ 532.395127] RSP [ 532.396179] CR2: 00000000000000a8 Null pointer dereference happens on master->slaves dereference in teql_destroy() as master is null-pointer. When qdisc_create() calls teql_qdisc_init() it imediately fails after check "if (m->dev == dev)" because both devices are teql0, and it does not set qdisc_priv(sch)->m leaving it zero on error path, then qdisc_create() imediately calls teql_destroy() which does not expect zero master pointer and we get OOPS. Fixes: 87b60cfacf9f ("net_sched: fix error recovery at qdisc creation") Signed-off-by: Pavel Tikhomirov Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/sched/sch_teql.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/sched/sch_teql.c +++ b/net/sched/sch_teql.c @@ -138,6 +138,9 @@ teql_destroy(struct Qdisc *sch) struct teql_sched_data *dat = qdisc_priv(sch); struct teql_master *master = dat->m; + if (!master) + return; + prev = master->slaves; if (prev) { do { From patchwork Thu Apr 15 14:47:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423375 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8A13C433ED for ; Thu, 15 Apr 2021 14:51:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AC28C613D1 for ; Thu, 15 Apr 2021 14:51:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233849AbhDOOvw (ORCPT ); Thu, 15 Apr 2021 10:51:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:39040 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233890AbhDOOvQ (ORCPT ); Thu, 15 Apr 2021 10:51:16 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id CD1AB613CF; Thu, 15 Apr 2021 14:50:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498252; bh=o+2YVePM07Ah8r+F1VQN/NSYIeLaggCg4UFIYgiiZFk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NXLwqPTlkxwyOSirfNPAV8jPOKR3P82h4eZ14OZAkXbQtvhfKv9XbDQzQpNwDi/Vn W2yKbkhETEZfKgax/FPEPUF0BLpWQyRv32kzKwfBx+3cFAQ2UZwDGe2br3dYQfP3yD eHfCLac9t03tPhy8dQLhabnJkvtd1F4iDPHRVFpg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Dumazet , syzbot , "David S. Miller" , Sasha Levin Subject: [PATCH 4.9 18/47] sch_red: fix off-by-one checks in red_check_params() Date: Thu, 15 Apr 2021 16:47:10 +0200 Message-Id: <20210415144414.046260214@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Eric Dumazet [ Upstream commit 3a87571f0ffc51ba3bf3ecdb6032861d0154b164 ] This fixes following syzbot report: UBSAN: shift-out-of-bounds in ./include/net/red.h:237:23 shift exponent 32 is too large for 32-bit type 'unsigned int' CPU: 1 PID: 8418 Comm: syz-executor170 Not tainted 5.12.0-rc4-next-20210324-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327 red_set_parms include/net/red.h:237 [inline] choke_change.cold+0x3c/0xc8 net/sched/sch_choke.c:414 qdisc_create+0x475/0x12f0 net/sched/sch_api.c:1247 tc_modify_qdisc+0x4c8/0x1a50 net/sched/sch_api.c:1663 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5553 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x43f039 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffdfa725168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f039 RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 RBP: 0000000000403020 R08: 0000000000400488 R09: 0000000000400488 R10: 0000000000400488 R11: 0000000000000246 R12: 00000000004030b0 R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 Fixes: 8afa10cbe281 ("net_sched: red: Avoid illegal values") Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- include/net/red.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/net/red.h b/include/net/red.h index b3ab5c6bfa83..117a3654d319 100644 --- a/include/net/red.h +++ b/include/net/red.h @@ -170,9 +170,9 @@ static inline void red_set_vars(struct red_vars *v) static inline bool red_check_params(u32 qth_min, u32 qth_max, u8 Wlog, u8 Scell_log, u8 *stab) { - if (fls(qth_min) + Wlog > 32) + if (fls(qth_min) + Wlog >= 32) return false; - if (fls(qth_max) + Wlog > 32) + if (fls(qth_max) + Wlog >= 32) return false; if (Scell_log >= 32) return false; From patchwork Thu Apr 15 14:47:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422426 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 640F2C433B4 for ; Thu, 15 Apr 2021 14:51:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 465E1613CB for ; Thu, 15 Apr 2021 14:51:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234160AbhDOOvy (ORCPT ); Thu, 15 Apr 2021 10:51:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:39080 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233974AbhDOOvS (ORCPT ); Thu, 15 Apr 2021 10:51:18 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3CE1A61029; Thu, 15 Apr 2021 14:50:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498255; bh=yFWFdwe/l5RfnHawH3PEDm4eqH7gjiv+qyEtQCzirbg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zW0ANU/oZx1cLgLz/nH4OEpsmaZh7MxI7dGRf/nJxNH1urzLhJj77/IsdbVsQPZsU jDH8mLobU7113HgMFw7JJzK4zx8FT0w1YJjFA07oyabCMnPzrDvfJ7gPAZplPqXbkv o8IjOjnVs0UnowwjFDwHefx9e5OYoNyvwm1AlNq0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Claudiu Manoil , "David S. Miller" , Sasha Levin Subject: [PATCH 4.9 19/47] gianfar: Handle error code at MAC address change Date: Thu, 15 Apr 2021 16:47:11 +0200 Message-Id: <20210415144414.076051464@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Claudiu Manoil [ Upstream commit bff5b62585123823842833ab20b1c0a7fa437f8c ] Handle return error code of eth_mac_addr(); Fixes: 3d23a05c75c7 ("gianfar: Enable changing mac addr when if up") Signed-off-by: Claudiu Manoil Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/ethernet/freescale/gianfar.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c index 2df646348dbd..9fd68cfdd973 100644 --- a/drivers/net/ethernet/freescale/gianfar.c +++ b/drivers/net/ethernet/freescale/gianfar.c @@ -485,7 +485,11 @@ static struct net_device_stats *gfar_get_stats(struct net_device *dev) static int gfar_set_mac_addr(struct net_device *dev, void *p) { - eth_mac_addr(dev, p); + int ret; + + ret = eth_mac_addr(dev, p); + if (ret) + return ret; gfar_set_mac_for_addr(dev, 0, dev->dev_addr); From patchwork Thu Apr 15 14:47:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422425 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7F6CC433B4 for ; Thu, 15 Apr 2021 14:51:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 865AF613CB for ; Thu, 15 Apr 2021 14:51:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234174AbhDOOwH (ORCPT ); Thu, 15 Apr 2021 10:52:07 -0400 Received: from mail.kernel.org ([198.145.29.99]:37126 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234106AbhDOOvX (ORCPT ); Thu, 15 Apr 2021 10:51:23 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6B6BB6137D; Thu, 15 Apr 2021 14:51:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498260; bh=cwZi0PoEX5UxhnDCSVxN0fDAN9c/3MRRvsCLAFqVNqQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=om2Fi8LLJurG0Pqjen4CQdF+B3fMhEv9GVZIbnMzPXs4iu75PZEqNkaRfxxfb9QcL ft/vpU859IvxHeNB5zdEuE8vfgaJh3XbX2VDoHGLwYOTv7Wnti0rqsdVJJnut9mMFT k4apVuGKoSha4DvOCGO5ePVzUALCbt02r/kBt3Bg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lv Yunlong , "David S. Miller" , Sasha Levin Subject: [PATCH 4.9 20/47] net:tipc: Fix a double free in tipc_sk_mcast_rcv Date: Thu, 15 Apr 2021 16:47:12 +0200 Message-Id: <20210415144414.108806356@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Lv Yunlong [ Upstream commit 6bf24dc0cc0cc43b29ba344b66d78590e687e046 ] In the if(skb_peek(arrvq) == skb) branch, it calls __skb_dequeue(arrvq) to get the skb by skb = skb_peek(arrvq). Then __skb_dequeue() unlinks the skb from arrvq and returns the skb which equals to skb_peek(arrvq). After __skb_dequeue(arrvq) finished, the skb is freed by kfree_skb(__skb_dequeue(arrvq)) in the first time. Unfortunately, the same skb is freed in the second time by kfree_skb(skb) after the branch completed. My patch removes kfree_skb() in the if(skb_peek(arrvq) == skb) branch, because this skb will be freed by kfree_skb(skb) finally. Fixes: cb1b728096f54 ("tipc: eliminate race condition at multicast reception") Signed-off-by: Lv Yunlong Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/tipc/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tipc/socket.c b/net/tipc/socket.c index 57df99ca6347..804cab8f9509 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c @@ -741,7 +741,7 @@ void tipc_sk_mcast_rcv(struct net *net, struct sk_buff_head *arrvq, spin_lock_bh(&inputq->lock); if (skb_peek(arrvq) == skb) { skb_queue_splice_tail_init(&tmpq, inputq); - kfree_skb(__skb_dequeue(arrvq)); + __skb_dequeue(arrvq); } spin_unlock_bh(&inputq->lock); __skb_queue_purge(&tmpq); From patchwork Thu Apr 15 14:47:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 421779 Delivered-To: patch@linaro.org Received: by 2002:a02:6a6f:0:0:0:0:0 with SMTP id m47csp545784jaf; Thu, 15 Apr 2021 07:51:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxKh11s71oX4zmzIfNmzcMLJpRtkB26lPXv9yhrFlOtkR361cK60aVnXPWqYIWchZ0YUl9N X-Received: by 2002:a63:c60a:: with SMTP id w10mr3733228pgg.421.1618498317047; Thu, 15 Apr 2021 07:51:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618498317; cv=none; d=google.com; s=arc-20160816; b=xHFNEv1G45rDNSNOoWTOcK+FVpOWVgL9diJCj4ou2ogWYzIwDiyFT00ezMD8FQBXFC Ozo1ZVPUJUX2zKAnPxtb9uH2qenF98JJwtgvDnGh2O7qIIDC+SUl79I9D5BNiTfcz7th A4PwyjSNcHg9n37A0vZAAXKTBvGDvWvorG9cgC3D08WkJfdL7V0xBxIDWYyZ+Eyko3D/ Xilfc1q3Zpnh/weXtCQBL5J+Qz5C3OkGqSAB0bH1upeYQuZBihxh7zBqarSaddCmBtPR wt0JPLJIbWC1LHzJNDBJNets3um0NbPS+ZD6vvaSQHrYUH6gll25iwoMRGfe4JQ9CdUm 2CiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=GnewX8nXkedF3uNxbipGTVlG7AuosuDg15X347vvEdw=; b=aFzW/LV5KrGWEV2ZURzTkkvpRIXlJkWxmXFLACeqjmPeAkGd0T3gXELZ5pTeaB90JQ lXEj0ZVc+BNTDfTt8o1faIyHeli2xQcfseAL2SONI1MNjRKDMpT3vbHde5xwF0SslJWq DFukDz3DZIP3C+lo9yCprEV8RsCa0DCVIPDmpFDVBVI8GHgN/X3o/pY0g6mVRzxTw1h0 PMTuzoxSFHNPXsYrBo6YyQqYLyJIcD/QL+EuJaNgl9VWkRFeH979aSQzjKl9gXLLLnWc bxidf99u8zGtEhr/ZqQbe86/sB8q3RraUC/gXAP0bbhatEkpzF6kTLogdJTZIe5u3MLi BpOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=VV+zQnLY; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cu8si3128702pjb.173.2021.04.15.07.51.56; Thu, 15 Apr 2021 07:51:57 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=VV+zQnLY; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233592AbhDOOwN (ORCPT + 12 others); Thu, 15 Apr 2021 10:52:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:38396 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233930AbhDOOv0 (ORCPT ); Thu, 15 Apr 2021 10:51:26 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 1CB01613D0; Thu, 15 Apr 2021 14:51:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498263; bh=5iChbmaVFrwaC3V63U4+d/uRVDNWpfM0cEYzF0hTvNY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VV+zQnLY2hmJNT5Kuc3hQaU8FxfJU5imV5TGLkWAoayVQmIjDthPgJk/ukHAZ5qOb MGjnyTEzT/HFgm8fg9yRx9W8F42d4URq1AqSrfsRrEQCF+IE3E2/ZpyNiSgfaDtWID dDsA/y/jGQZA4LzMsqJwEt3Mp0WU1Br5u0zkSTdI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Arnd Bergmann , Sasha Levin Subject: [PATCH 4.9 21/47] soc/fsl: qbman: fix conflicting alignment attributes Date: Thu, 15 Apr 2021 16:47:13 +0200 Message-Id: <20210415144414.138078411@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Arnd Bergmann [ Upstream commit 040f31196e8b2609613f399793b9225271b79471 ] When building with W=1, gcc points out that the __packed attribute on struct qm_eqcr_entry conflicts with the 8-byte alignment attribute on struct qm_fd inside it: drivers/soc/fsl/qbman/qman.c:189:1: error: alignment 1 of 'struct qm_eqcr_entry' is less than 8 [-Werror=packed-not-aligned] I assume that the alignment attribute is the correct one, and that qm_eqcr_entry cannot actually be unaligned in memory, so add the same alignment on the outer struct. Fixes: c535e923bb97 ("soc/fsl: Introduce DPAA 1.x QMan device driver") Signed-off-by: Arnd Bergmann Link: https://lore.kernel.org/r/20210323131530.2619900-1-arnd@kernel.org' Signed-off-by: Arnd Bergmann Signed-off-by: Sasha Levin --- drivers/soc/fsl/qbman/qman.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.30.2 diff --git a/drivers/soc/fsl/qbman/qman.c b/drivers/soc/fsl/qbman/qman.c index 91f5c951850f..44463afb8015 100644 --- a/drivers/soc/fsl/qbman/qman.c +++ b/drivers/soc/fsl/qbman/qman.c @@ -146,7 +146,7 @@ struct qm_eqcr_entry { u32 tag; struct qm_fd fd; u8 __reserved3[32]; -} __packed; +} __packed __aligned(8); #define QM_EQCR_VERB_VBIT 0x80 #define QM_EQCR_VERB_CMD_MASK 0x61 /* but only one value; */ #define QM_EQCR_VERB_CMD_ENQUEUE 0x01 From patchwork Thu Apr 15 14:47:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422424 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BEB31C43460 for ; Thu, 15 Apr 2021 14:51:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A56F7613B7 for ; Thu, 15 Apr 2021 14:51:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234202AbhDOOwO (ORCPT ); Thu, 15 Apr 2021 10:52:14 -0400 Received: from mail.kernel.org ([198.145.29.99]:39244 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234110AbhDOOva (ORCPT ); Thu, 15 Apr 2021 10:51:30 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id A1897613B7; Thu, 15 Apr 2021 14:51:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498266; bh=rqb5Q7z0UyJBQEDy03SP4fu5yDVD6BF6zCzSK2Dkrwk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=E5oFtB8zCfuyXsr2yu21SkblBUs8YrlKDLtOMOHdoWHw/15GFpl+FVnGXqRnReRXn UpI5lj/7lyoZIsAv8qx+lKU3TiJy9Ma1NzfT/F2pRDtFFzeFaft8whxHI9WxLWv94E NlgDGmG3LWzgXlX12uSL8v5v4Nvypc8Vv2nSSJNI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lukasz Majczak , Lukasz Bartosik , Stephen Boyd , Sasha Levin Subject: [PATCH 4.9 22/47] clk: fix invalid usage of list cursor in unregister Date: Thu, 15 Apr 2021 16:47:14 +0200 Message-Id: <20210415144414.167647563@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Lukasz Bartosik [ Upstream commit 7045465500e465b09f09d6e5bdc260a9f1aab97b ] Fix invalid usage of a list_for_each_entry cursor in clk_notifier_unregister(). When list is empty or if the list is completely traversed (without breaking from the loop on one of the entries) then the list cursor does not point to a valid entry and therefore should not be used. The patch fixes a logical bug that hasn't been seen in pratice however it is analogus to the bug fixed in clk_notifier_register(). The issue was dicovered when running 5.12-rc1 kernel on x86_64 with KASAN enabled: BUG: KASAN: global-out-of-bounds in clk_notifier_register+0xab/0x230 Read of size 8 at addr ffffffffa0d10588 by task swapper/0/1 CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.12.0-rc1 #1 Hardware name: Google Caroline/Caroline, BIOS Google_Caroline.7820.430.0 07/20/2018 Call Trace: dump_stack+0xee/0x15c print_address_description+0x1e/0x2dc kasan_report+0x188/0x1ce ? clk_notifier_register+0xab/0x230 ? clk_prepare_lock+0x15/0x7b ? clk_notifier_register+0xab/0x230 clk_notifier_register+0xab/0x230 dw8250_probe+0xc01/0x10d4 ... Memory state around the buggy address: ffffffffa0d10480: 00 00 00 00 00 03 f9 f9 f9 f9 f9 f9 00 00 00 00 ffffffffa0d10500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 >ffffffffa0d10580: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffffffffa0d10600: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 ffffffffa0d10680: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00 ================================================================== Fixes: b2476490ef11 ("clk: introduce the common clock framework") Reported-by: Lukasz Majczak Signed-off-by: Lukasz Bartosik Link: https://lore.kernel.org/r/20210401225149.18826-2-lb@semihalf.com Signed-off-by: Stephen Boyd Signed-off-by: Sasha Levin --- drivers/clk/clk.c | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c index af4f2ffc4fc5..9d60b3f219f6 100644 --- a/drivers/clk/clk.c +++ b/drivers/clk/clk.c @@ -2990,32 +2990,28 @@ EXPORT_SYMBOL_GPL(clk_notifier_register); */ int clk_notifier_unregister(struct clk *clk, struct notifier_block *nb) { - struct clk_notifier *cn = NULL; - int ret = -EINVAL; + struct clk_notifier *cn; + int ret = -ENOENT; if (!clk || !nb) return -EINVAL; clk_prepare_lock(); - list_for_each_entry(cn, &clk_notifier_list, node) - if (cn->clk == clk) - break; - - if (cn->clk == clk) { - ret = srcu_notifier_chain_unregister(&cn->notifier_head, nb); + list_for_each_entry(cn, &clk_notifier_list, node) { + if (cn->clk == clk) { + ret = srcu_notifier_chain_unregister(&cn->notifier_head, nb); - clk->core->notifier_count--; + clk->core->notifier_count--; - /* XXX the notifier code should handle this better */ - if (!cn->notifier_head.head) { - srcu_cleanup_notifier_head(&cn->notifier_head); - list_del(&cn->node); - kfree(cn); + /* XXX the notifier code should handle this better */ + if (!cn->notifier_head.head) { + srcu_cleanup_notifier_head(&cn->notifier_head); + list_del(&cn->node); + kfree(cn); + } + break; } - - } else { - ret = -ENOENT; } clk_prepare_unlock(); From patchwork Thu Apr 15 14:47:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423372 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA24FC43461 for ; Thu, 15 Apr 2021 14:51:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8F4F9613C1 for ; Thu, 15 Apr 2021 14:51:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234206AbhDOOwP (ORCPT ); Thu, 15 Apr 2021 10:52:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:38482 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234003AbhDOOvc (ORCPT ); Thu, 15 Apr 2021 10:51:32 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4B733613C1; Thu, 15 Apr 2021 14:51:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498268; bh=HPuqvidDJ8JOu/ztHPpa7knjrlZvsLIhK2ifuXy5ccw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fS/hKtD85pivxJxj+bevtXkwY7CLWvPnq1VO6rtb96VrLN1rq+ub3FWmGiahTMxCf nUsb1a3Fk/qOQbkLU0uvww4+yIIWFO2MKZGbxWwQqqZa8hD1oRFd9VqDUngISZHO7C U+JjUVMNOTcoh3gUM+Ac3kdPlQW5UxhoznyoouFk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Zqiang , Lai Jiangshan , Tejun Heo , Sasha Levin Subject: [PATCH 4.9 23/47] workqueue: Move the position of debug_work_activate() in __queue_work() Date: Thu, 15 Apr 2021 16:47:15 +0200 Message-Id: <20210415144414.197213846@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Zqiang [ Upstream commit 0687c66b5f666b5ad433f4e94251590d9bc9d10e ] The debug_work_activate() is called on the premise that the work can be inserted, because if wq be in WQ_DRAINING status, insert work may be failed. Fixes: e41e704bc4f4 ("workqueue: improve destroy_workqueue() debuggability") Signed-off-by: Zqiang Reviewed-by: Lai Jiangshan Signed-off-by: Tejun Heo Signed-off-by: Sasha Levin --- kernel/workqueue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 205c3131f8b0..3231088afd73 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1377,7 +1377,6 @@ static void __queue_work(int cpu, struct workqueue_struct *wq, */ WARN_ON_ONCE(!irqs_disabled()); - debug_work_activate(work); /* if draining, only works from the same workqueue are allowed */ if (unlikely(wq->flags & __WQ_DRAINING) && @@ -1460,6 +1459,7 @@ retry: worklist = &pwq->delayed_works; } + debug_work_activate(work); insert_work(pwq, work, worklist, work_flags); spin_unlock(&pwq->pool->lock); From patchwork Thu Apr 15 14:47:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422423 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1379C433ED for ; Thu, 15 Apr 2021 14:51:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7D50F613C7 for ; Thu, 15 Apr 2021 14:51:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233904AbhDOOwT (ORCPT ); Thu, 15 Apr 2021 10:52:19 -0400 Received: from mail.kernel.org ([198.145.29.99]:38004 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234125AbhDOOvg (ORCPT ); Thu, 15 Apr 2021 10:51:36 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 92C8F613C7; Thu, 15 Apr 2021 14:51:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498271; bh=D+0MZIwCjVIkAh0pYeUB0k/Y8o720m5527efrRHJSe8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=p64xasl4C7EsTxFMSJdeGLgMcSSUyIV7Wu9jRwoqL/ubvqJBmIFjRAY221m2mg7vI xlS+fXbORUNuXaGIAWDKQ+Q8Yc7Mf6rVdb/9GTaSxddyv2v/oiqzstbIE3Ydk615iY DBTa+zVUdl1IKq9j4BVkrN1bl5BqpToXGI5Z9fP8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alexander Gordeev , Ilya Leoshkevich , Heiko Carstens , Sasha Levin Subject: [PATCH 4.9 24/47] s390/cpcmd: fix inline assembly register clobbering Date: Thu, 15 Apr 2021 16:47:16 +0200 Message-Id: <20210415144414.230752710@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Alexander Gordeev [ Upstream commit 7a2f91441b2c1d81b77c1cd816a4659f4abc9cbe ] Register variables initialized using arithmetic. That leads to kasan instrumentaton code corrupting the registers contents. Follow GCC guidlines and use temporary variables for assigning init values to register variables. Fixes: 94c12cc7d196 ("[S390] Inline assembly cleanup.") Signed-off-by: Alexander Gordeev Acked-by: Ilya Leoshkevich Link: https://gcc.gnu.org/onlinedocs/gcc-10.2.0/gcc/Local-Register-Variables.html Signed-off-by: Heiko Carstens Signed-off-by: Sasha Levin --- arch/s390/kernel/cpcmd.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/s390/kernel/cpcmd.c b/arch/s390/kernel/cpcmd.c index 7f48e568ac64..540912666740 100644 --- a/arch/s390/kernel/cpcmd.c +++ b/arch/s390/kernel/cpcmd.c @@ -37,10 +37,12 @@ static int diag8_noresponse(int cmdlen) static int diag8_response(int cmdlen, char *response, int *rlen) { + unsigned long _cmdlen = cmdlen | 0x40000000L; + unsigned long _rlen = *rlen; register unsigned long reg2 asm ("2") = (addr_t) cpcmd_buf; register unsigned long reg3 asm ("3") = (addr_t) response; - register unsigned long reg4 asm ("4") = cmdlen | 0x40000000L; - register unsigned long reg5 asm ("5") = *rlen; + register unsigned long reg4 asm ("4") = _cmdlen; + register unsigned long reg5 asm ("5") = _rlen; asm volatile( " sam31\n" From patchwork Thu Apr 15 14:47:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423371 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9D5BC433B4 for ; Thu, 15 Apr 2021 14:52:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ABF4D613F0 for ; Thu, 15 Apr 2021 14:52:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233582AbhDOOwb (ORCPT ); Thu, 15 Apr 2021 10:52:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:39406 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233943AbhDOOvi (ORCPT ); Thu, 15 Apr 2021 10:51:38 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 0613F613BA; Thu, 15 Apr 2021 14:51:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498274; bh=1XVwQV5TweGZisvRlVWPua+P13jqAujffcD8f+mkDJI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CSLt6v8i1MGsjD0Ax693N6mgYJcy4Qc3uElJFF69Wva0cTontIaVDfmN8gILmXzHX 5MiS+FQpQHKtFi8PmNBMW8LOyWfJMaOqXJcnFoP71EgMawbcYKhNSY4U/ZFLNKS//a hLp0yFJH9d2dprk+X+npagJ7lVTcJTvVVmftzDMs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Potnuri Bharat Teja , Jason Gunthorpe , Sasha Levin Subject: [PATCH 4.9 25/47] RDMA/cxgb4: check for ipv6 address properly while destroying listener Date: Thu, 15 Apr 2021 16:47:17 +0200 Message-Id: <20210415144414.265088216@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Potnuri Bharat Teja [ Upstream commit 603c4690b01aaffe3a6c3605a429f6dac39852ae ] ipv6 bit is wrongly set by the below which causes fatal adapter lookup engine errors for ipv4 connections while destroying a listener. Fix it to properly check the local address for ipv6. Fixes: 3408be145a5d ("RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server") Link: https://lore.kernel.org/r/20210331135715.30072-1-bharat@chelsio.com Signed-off-by: Potnuri Bharat Teja Signed-off-by: Jason Gunthorpe Signed-off-by: Sasha Levin --- drivers/infiniband/hw/cxgb4/cm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c index 8bd062635399..ed4397c3af1a 100644 --- a/drivers/infiniband/hw/cxgb4/cm.c +++ b/drivers/infiniband/hw/cxgb4/cm.c @@ -3478,7 +3478,8 @@ int c4iw_destroy_listen(struct iw_cm_id *cm_id) c4iw_init_wr_wait(&ep->com.wr_wait); err = cxgb4_remove_server( ep->com.dev->rdev.lldi.ports[0], ep->stid, - ep->com.dev->rdev.lldi.rxq_ids[0], true); + ep->com.dev->rdev.lldi.rxq_ids[0], + ep->com.local_addr.ss_family == AF_INET6); if (err) goto done; err = c4iw_wait_for_reply(&ep->com.dev->rdev, &ep->com.wr_wait, From patchwork Thu Apr 15 14:47:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422422 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A62AC433B4 for ; Thu, 15 Apr 2021 14:52:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1DD07613CD for ; Thu, 15 Apr 2021 14:52:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234045AbhDOOwc (ORCPT ); Thu, 15 Apr 2021 10:52:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:38742 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234139AbhDOOvk (ORCPT ); Thu, 15 Apr 2021 10:51:40 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id C9A46613D8; Thu, 15 Apr 2021 14:51:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498277; bh=ZdS0g/Yni3cf1SWjqXa/h9rdeNHnb/Tuqe1EZnoWBSc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0nwaE4yVhTU3v+6b4wMJBl57ZB/zwIi11Kr7xevOvH+axxx8LP+ZqgTQ27ZrRT36r 2EGe1cXXAG0UiRjetpdjDKgkK07fDRcPq7YHVtTDuTv2x9tB7Jp4aw6bMmN/hBHo7t o97aYEV3EQpvRlZLs/sdpUtVE085HoBjs3vmCGf8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Krzysztof Kozlowski , Dinh Nguyen , Stephen Boyd Subject: [PATCH 4.9 26/47] clk: socfpga: fix iomem pointer cast on 64-bit Date: Thu, 15 Apr 2021 16:47:18 +0200 Message-Id: <20210415144414.296601848@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Krzysztof Kozlowski commit 2867b9746cef78745c594894aece6f8ef826e0b4 upstream. Pointers should be cast with uintptr_t instead of integer. This fixes warning when compile testing on ARM64: drivers/clk/socfpga/clk-gate.c: In function ‘socfpga_clk_recalc_rate’: drivers/clk/socfpga/clk-gate.c:102:7: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] Fixes: b7cec13f082f ("clk: socfpga: Look for the GPIO_DB_CLK by its offset") Signed-off-by: Krzysztof Kozlowski Acked-by: Dinh Nguyen Link: https://lore.kernel.org/r/20210314110709.32599-1-krzysztof.kozlowski@canonical.com Signed-off-by: Stephen Boyd Signed-off-by: Greg Kroah-Hartman --- drivers/clk/socfpga/clk-gate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/clk/socfpga/clk-gate.c +++ b/drivers/clk/socfpga/clk-gate.c @@ -107,7 +107,7 @@ static unsigned long socfpga_clk_recalc_ val = readl(socfpgaclk->div_reg) >> socfpgaclk->shift; val &= GENMASK(socfpgaclk->width - 1, 0); /* Check for GPIO_DB_CLK by its offset */ - if ((int) socfpgaclk->div_reg & SOCFPGA_GPIO_DB_CLK_OFFSET) + if ((uintptr_t) socfpgaclk->div_reg & SOCFPGA_GPIO_DB_CLK_OFFSET) div = val + 1; else div = (1 << val); From patchwork Thu Apr 15 14:47:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422409 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1240EC433B4 for ; Thu, 15 Apr 2021 14:54:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ED116613F8 for ; Thu, 15 Apr 2021 14:54:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234244AbhDOOzN (ORCPT ); Thu, 15 Apr 2021 10:55:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:39920 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234284AbhDOOx5 (ORCPT ); Thu, 15 Apr 2021 10:53:57 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 09B6B613D3; Thu, 15 Apr 2021 14:52:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498354; bh=hXjEIDFshVrp9ActqGejmA9MCrvITxzEh3EaBUalbZU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aoY6Fs5oo1HIee0SCMifJvQ0LtJeko2spUAMEFjytYnbEw1MKkMhXO4wLfKZJ62rl FKQn7DG928s3sTotHpjIQhRZRIufodveD9EILeVF3ZT2Ne36ERYkMUxzL6dtKdeOKe mYgMSDoSGad7btdVR/z48L42XYqkmAGByRuUOBXg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hugh Dickins , Michal Hocko , David Rientjes , Gerald Schaefer , Andrew Morton , Linus Torvalds , Chen si , Baoyou Xie , Wen Yang , Zijiang Huang Subject: [PATCH 4.9 27/47] mm: add cond_resched() in gather_pte_stats() Date: Thu, 15 Apr 2021 16:47:19 +0200 Message-Id: <20210415144414.326518538@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Hugh Dickins commit a66c0410b97c07a5708881198528ce724f7a3226 upstream. The other pagetable walks in task_mmu.c have a cond_resched() after walking their ptes: add a cond_resched() in gather_pte_stats() too, for reading /proc//numa_maps. Only pagemap_pmd_range() has a cond_resched() in its (unusually expensive) pmd_trans_huge case: more should probably be added, but leave them unchanged for now. Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1612052157400.13021@eggly.anvils Signed-off-by: Hugh Dickins Acked-by: Michal Hocko Cc: David Rientjes Cc: Gerald Schaefer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Reported-by: Chen si Signed-off-by: Baoyou Xie Signed-off-by: Wen Yang Signed-off-by: Zijiang Huang Signed-off-by: Greg Kroah-Hartman --- fs/proc/task_mmu.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -1609,6 +1609,7 @@ static int gather_pte_stats(pmd_t *pmd, } while (pte++, addr += PAGE_SIZE, addr != end); pte_unmap_unlock(orig_pte, ptl); + cond_resched(); return 0; } #ifdef CONFIG_HUGETLB_PAGE From patchwork Thu Apr 15 14:47:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423359 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 260EBC433ED for ; Thu, 15 Apr 2021 14:54:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0A31B613FB for ; Thu, 15 Apr 2021 14:54:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233471AbhDOOyr (ORCPT ); Thu, 15 Apr 2021 10:54:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:39920 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233692AbhDOOwD (ORCPT ); Thu, 15 Apr 2021 10:52:03 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 1A61D613CF; Thu, 15 Apr 2021 14:51:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498300; bh=HPtoD8rfV4PdfEQYtYjkcpDbED7Bggou9Nnlh/4moUE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ys75ObbG+R55GgErZbvfzzSc6nkzaWCx+scmo3wK30XasxE8Y9qwVlh/z8Y6lKk/h bYLLSds2qUtdN2yryaEV7tRorhyDIUNxxgAS4CWcOPodCM5o3Ed7LZ+86lWnn8vz/B Ia0MubN33c+NU3gnBB5fThECPHu4QeWuXcFpY/gE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot , syzbot , syzbot , Tetsuo Handa , Shuah Khan , Tom Seewald Subject: [PATCH 4.9 28/47] usbip: fix vudc usbip_sockfd_store races leading to gpf Date: Thu, 15 Apr 2021 16:47:20 +0200 Message-Id: <20210415144414.362835324@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Shuah Khan commit 46613c9dfa964c0c60b5385dbdf5aaa18be52a9c upstream. usbip_sockfd_store() is invoked when user requests attach (import) detach (unimport) usb gadget device from usbip host. vhci_hcd sends import request and usbip_sockfd_store() exports the device if it is free for export. Export and unexport are governed by local state and shared state - Shared state (usbip device status, sockfd) - sockfd and Device status are used to determine if stub should be brought up or shut down. Device status is shared between host and client. - Local state (tcp_socket, rx and tx thread task_struct ptrs) A valid tcp_socket controls rx and tx thread operations while the device is in exported state. - While the device is exported, device status is marked used and socket, sockfd, and thread pointers are valid. Export sequence (stub-up) includes validating the socket and creating receive (rx) and transmit (tx) threads to talk to the client to provide access to the exported device. rx and tx threads depends on local and shared state to be correct and in sync. Unexport (stub-down) sequence shuts the socket down and stops the rx and tx threads. Stub-down sequence relies on local and shared states to be in sync. There are races in updating the local and shared status in the current stub-up sequence resulting in crashes. These stem from starting rx and tx threads before local and global state is updated correctly to be in sync. 1. Doesn't handle kthread_create() error and saves invalid ptr in local state that drives rx and tx threads. 2. Updates tcp_socket and sockfd, starts stub_rx and stub_tx threads before updating usbip_device status to SDEV_ST_USED. This opens up a race condition between the threads and usbip_sockfd_store() stub up and down handling. Fix the above problems: - Stop using kthread_get_run() macro to create/start threads. - Create threads and get task struct reference. - Add kthread_create() failure handling and bail out. - Hold usbip_device lock to update local and shared states after creating rx and tx threads. - Update usbip_device status to SDEV_ST_USED. - Update usbip_device tcp_socket, sockfd, tcp_rx, and tcp_tx - Start threads after usbip_device (tcp_socket, sockfd, tcp_rx, tcp_tx, and status) is complete. Credit goes to syzbot and Tetsuo Handa for finding and root-causing the kthread_get_run() improper error handling problem and others. This is a hard problem to find and debug since the races aren't seen in a normal case. Fuzzing forces the race window to be small enough for the kthread_get_run() error path bug and starting threads before updating the local and shared state bug in the stub-up sequence. Fixes: 9720b4bc76a83807 ("staging/usbip: convert to kthread") Cc: stable@vger.kernel.org Reported-by: syzbot Reported-by: syzbot Reported-by: syzbot Reported-by: Tetsuo Handa Signed-off-by: Shuah Khan Link: https://lore.kernel.org/r/b1c08b983ffa185449c9f0f7d1021dc8c8454b60.1615171203.git.skhan@linuxfoundation.org Signed-off-by: Tom Seewald Signed-off-by: Greg Kroah-Hartman --- drivers/usb/usbip/vudc_sysfs.c | 42 +++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) --- a/drivers/usb/usbip/vudc_sysfs.c +++ b/drivers/usb/usbip/vudc_sysfs.c @@ -103,8 +103,9 @@ unlock: } static BIN_ATTR_RO(dev_desc, sizeof(struct usb_device_descriptor)); -static ssize_t store_sockfd(struct device *dev, struct device_attribute *attr, - const char *in, size_t count) +static ssize_t store_sockfd(struct device *dev, + struct device_attribute *attr, + const char *in, size_t count) { struct vudc *udc = (struct vudc *) dev_get_drvdata(dev); int rv; @@ -113,6 +114,8 @@ static ssize_t store_sockfd(struct devic struct socket *socket; unsigned long flags; int ret; + struct task_struct *tcp_rx = NULL; + struct task_struct *tcp_tx = NULL; rv = kstrtoint(in, 0, &sockfd); if (rv != 0) @@ -158,24 +161,47 @@ static ssize_t store_sockfd(struct devic goto sock_err; } - udc->ud.tcp_socket = socket; - + /* unlock and create threads and get tasks */ spin_unlock_irq(&udc->ud.lock); spin_unlock_irqrestore(&udc->lock, flags); - udc->ud.tcp_rx = kthread_get_run(&v_rx_loop, - &udc->ud, "vudc_rx"); - udc->ud.tcp_tx = kthread_get_run(&v_tx_loop, - &udc->ud, "vudc_tx"); + tcp_rx = kthread_create(&v_rx_loop, &udc->ud, "vudc_rx"); + if (IS_ERR(tcp_rx)) { + sockfd_put(socket); + return -EINVAL; + } + tcp_tx = kthread_create(&v_tx_loop, &udc->ud, "vudc_tx"); + if (IS_ERR(tcp_tx)) { + kthread_stop(tcp_rx); + sockfd_put(socket); + return -EINVAL; + } + + /* get task structs now */ + get_task_struct(tcp_rx); + get_task_struct(tcp_tx); + /* lock and update udc->ud state */ spin_lock_irqsave(&udc->lock, flags); spin_lock_irq(&udc->ud.lock); + + udc->ud.tcp_socket = socket; + udc->ud.tcp_rx = tcp_rx; + udc->ud.tcp_rx = tcp_tx; udc->ud.status = SDEV_ST_USED; + spin_unlock_irq(&udc->ud.lock); do_gettimeofday(&udc->start_time); v_start_timer(udc); udc->connected = 1; + + spin_unlock_irqrestore(&udc->lock, flags); + + wake_up_process(udc->ud.tcp_rx); + wake_up_process(udc->ud.tcp_tx); + return count; + } else { if (!udc->connected) { dev_err(dev, "Device not connected"); From patchwork Thu Apr 15 14:47:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422415 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5393FC43461 for ; Thu, 15 Apr 2021 14:54:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 19DEE613EF for ; Thu, 15 Apr 2021 14:54:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234034AbhDOOyZ (ORCPT ); Thu, 15 Apr 2021 10:54:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:40544 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234133AbhDOOwd (ORCPT ); Thu, 15 Apr 2021 10:52:33 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 083A4613D0; Thu, 15 Apr 2021 14:52:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498330; bh=De9Bgla1KxE85ImPrHWA6wq2xSUN6YEMp5673MG5zx0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qW/omg/1diVm5fUb5QuCO/5EfVzSn9OyIe2egrx09VguabKY4LAfASEFJYpo8wldX PWPDhj4tzFSnOLe2K60ctP4HWxxhiDJ30BIi9d24PtIpp/XOroe5mwpdf1goRUY56L 8QSbKXMIGwqh7IJWmrYJ+E/T6+TTa75AFvE7wyyw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+5f9392825de654244975@syzkaller.appspotmail.com, Du Cheng , Johannes Berg Subject: [PATCH 4.9 29/47] cfg80211: remove WARN_ON() in cfg80211_sme_connect Date: Thu, 15 Apr 2021 16:47:21 +0200 Message-Id: <20210415144414.399241841@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Du Cheng commit 1b5ab825d9acc0f27d2f25c6252f3526832a9626 upstream. A WARN_ON(wdev->conn) would trigger in cfg80211_sme_connect(), if multiple send_msg(NL80211_CMD_CONNECT) system calls are made from the userland, which should be anticipated and handled by the wireless driver. Remove this WARN_ON() to prevent kernel panic if kernel is configured to "panic_on_warn". Bug reported by syzbot. Reported-by: syzbot+5f9392825de654244975@syzkaller.appspotmail.com Signed-off-by: Du Cheng Link: https://lore.kernel.org/r/20210407162756.6101-1-ducheng2@gmail.com Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- net/wireless/sme.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -512,7 +512,7 @@ static int cfg80211_sme_connect(struct w cfg80211_sme_free(wdev); } - if (WARN_ON(wdev->conn)) + if (wdev->conn) return -EINPROGRESS; wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL); From patchwork Thu Apr 15 14:47:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423362 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6061C43460 for ; Thu, 15 Apr 2021 14:54:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 970F4613EF for ; Thu, 15 Apr 2021 14:54:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234196AbhDOOy2 (ORCPT ); Thu, 15 Apr 2021 10:54:28 -0400 Received: from mail.kernel.org ([198.145.29.99]:38804 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233672AbhDOOws (ORCPT ); Thu, 15 Apr 2021 10:52:48 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 79C41613CC; Thu, 15 Apr 2021 14:52:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498336; bh=YuNTBLbC7rEeFr9uHOdBAar3Ew/yx4Ri5rXggYX/TOQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HeRhOjor5XRtPPpNev7rIBBGyLM+Igsr2CcpX03DwcJkvu7CjMJ+Xf1YRF1/UK/8c rJjjoIAQyLYqtVpjmXCtpFTRzTlHgBBk01NtMTMhRYyHcW9aTGc8AO/FR6Nam6YxKs EFXLLypPrc/ucV5VAHaKxvGupXcUksDm9A4oaZWM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+001516d86dbe88862cec@syzkaller.appspotmail.com, Phillip Potter , Eric Dumazet , "David S. Miller" Subject: [PATCH 4.9 30/47] net: tun: set tun->dev->addr_len during TUNSETLINK processing Date: Thu, 15 Apr 2021 16:47:22 +0200 Message-Id: <20210415144414.429033580@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Phillip Potter commit cca8ea3b05c972ffb5295367e6c544369b45fbdd upstream. When changing type with TUNSETLINK ioctl command, set tun->dev->addr_len to match the appropriate type, using new tun_get_addr_len utility function which returns appropriate address length for given type. Fixes a KMSAN-found uninit-value bug reported by syzbot at: https://syzkaller.appspot.com/bug?id=0766d38c656abeace60621896d705743aeefed51 Reported-by: syzbot+001516d86dbe88862cec@syzkaller.appspotmail.com Diagnosed-by: Eric Dumazet Signed-off-by: Phillip Potter Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/tun.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -72,6 +72,14 @@ #include #include #include +#include +#include +#include +#include +#include +#include +#include +#include #include @@ -2021,6 +2029,45 @@ unlock: return ret; } +/* Return correct value for tun->dev->addr_len based on tun->dev->type. */ +static unsigned char tun_get_addr_len(unsigned short type) +{ + switch (type) { + case ARPHRD_IP6GRE: + case ARPHRD_TUNNEL6: + return sizeof(struct in6_addr); + case ARPHRD_IPGRE: + case ARPHRD_TUNNEL: + case ARPHRD_SIT: + return 4; + case ARPHRD_ETHER: + return ETH_ALEN; + case ARPHRD_IEEE802154: + case ARPHRD_IEEE802154_MONITOR: + return IEEE802154_EXTENDED_ADDR_LEN; + case ARPHRD_PHONET_PIPE: + case ARPHRD_PPP: + case ARPHRD_NONE: + return 0; + case ARPHRD_6LOWPAN: + return EUI64_ADDR_LEN; + case ARPHRD_FDDI: + return FDDI_K_ALEN; + case ARPHRD_HIPPI: + return HIPPI_ALEN; + case ARPHRD_IEEE802: + return FC_ALEN; + case ARPHRD_ROSE: + return ROSE_ADDR_LEN; + case ARPHRD_NETROM: + return AX25_ADDR_LEN; + case ARPHRD_LOCALTLK: + return LTALK_ALEN; + default: + return 0; + } +} + static long __tun_chr_ioctl(struct file *file, unsigned int cmd, unsigned long arg, int ifreq_len) { @@ -2159,6 +2206,7 @@ static long __tun_chr_ioctl(struct file ret = -EBUSY; } else { tun->dev->type = (int) arg; + tun->dev->addr_len = tun_get_addr_len(tun->dev->type); tun_debug(KERN_INFO, tun, "linktype set to %d\n", tun->dev->type); ret = 0; From patchwork Thu Apr 15 14:47:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422412 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A798C433ED for ; Thu, 15 Apr 2021 14:54:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7DB2A613F6 for ; Thu, 15 Apr 2021 14:54:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233522AbhDOOzC (ORCPT ); Thu, 15 Apr 2021 10:55:02 -0400 Received: from mail.kernel.org ([198.145.29.99]:39614 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233953AbhDOOxc (ORCPT ); Thu, 15 Apr 2021 10:53:32 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id DDEBF613D5; Thu, 15 Apr 2021 14:52:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498338; bh=aZpCNt2XF25QtCJu1iUt7ziUpIDpur/9IVskh4YRI9U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=L0ALyEjiTMSHBgt66u2XxzOQ3uSKakM/59GQZ+Oyi2dhssrdPDlYNUTT+OIX9oVo0 EDjZF4lNNG4sC314comsCetTdSH862nVS6qGO7bYiBdrsLNp0BOor9x4CJ1d9iBeFz sEL5FicncbEyw4wh/H3/XVoDL9EujzBKC2Hz26uQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+28a246747e0a465127f3@syzkaller.appspotmail.com, Pavel Skripkin , "David S. Miller" Subject: [PATCH 4.9 31/47] drivers: net: fix memory leak in atusb_probe Date: Thu, 15 Apr 2021 16:47:23 +0200 Message-Id: <20210415144414.466627824@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Pavel Skripkin commit 6b9fbe16955152626557ec6f439f3407b7769941 upstream. syzbot reported memory leak in atusb_probe()[1]. The problem was in atusb_alloc_urbs(). Since urb is anchored, we need to release the reference to correctly free the urb backtrace: [] kmalloc include/linux/slab.h:559 [inline] [] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74 [] atusb_alloc_urbs drivers/net/ieee802154/atusb.c:362 [inline][2] [] atusb_probe+0x158/0x820 drivers/net/ieee802154/atusb.c:1038 [1] Reported-by: syzbot+28a246747e0a465127f3@syzkaller.appspotmail.com Signed-off-by: Pavel Skripkin Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/ieee802154/atusb.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/net/ieee802154/atusb.c +++ b/drivers/net/ieee802154/atusb.c @@ -341,6 +341,7 @@ static int atusb_alloc_urbs(struct atusb return -ENOMEM; } usb_anchor_urb(urb, &atusb->idle_urbs); + usb_free_urb(urb); n--; } return 0; From patchwork Thu Apr 15 14:47:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422411 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33131C43460 for ; Thu, 15 Apr 2021 14:54:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 13E21613FE for ; Thu, 15 Apr 2021 14:54:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234192AbhDOOzI (ORCPT ); Thu, 15 Apr 2021 10:55:08 -0400 Received: from mail.kernel.org ([198.145.29.99]:38990 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234100AbhDOOxm (ORCPT ); Thu, 15 Apr 2021 10:53:42 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 71216613D2; Thu, 15 Apr 2021 14:52:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498341; bh=YMJmvRqgAKFXe1O9FeTzS3jyLzAr4vpLmIwa9vaGvOQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GaZF0HmLgNYcV/1vp02TZycTYETW8GkYngp/k+JeNPB9xF/RFtb+6Hk3zNyRWCr56 udS9p4uxML9nsKk94wAiN9UNsw1R7V4CorcMW+NzsCBBEiRGtsIfT89vhDLuQPRHSf NatyTD4nt4YIQ6B9EG/Oc6M4Ksg2YKbn6B+5qhT4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+91adee8d9ebb9193d22d@syzkaller.appspotmail.com, Pavel Skripkin , "David S. Miller" Subject: [PATCH 4.9 32/47] drivers: net: fix memory leak in peak_usb_create_dev Date: Thu, 15 Apr 2021 16:47:24 +0200 Message-Id: <20210415144414.497577693@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Pavel Skripkin commit a0b96b4a62745397aee662670cfc2157bac03f55 upstream. syzbot reported memory leak in peak_usb. The problem was in case of failure after calling ->dev_init()[2] in peak_usb_create_dev()[1]. The data allocated int dev_init() wasn't freed, so simple ->dev_free() call fix this problem. backtrace: [<0000000079d6542a>] kmalloc include/linux/slab.h:552 [inline] [<0000000079d6542a>] kzalloc include/linux/slab.h:682 [inline] [<0000000079d6542a>] pcan_usb_fd_init+0x156/0x210 drivers/net/can/usb/peak_usb/pcan_usb_fd.c:868 [2] [<00000000c09f9057>] peak_usb_create_dev drivers/net/can/usb/peak_usb/pcan_usb_core.c:851 [inline] [1] [<00000000c09f9057>] peak_usb_probe+0x389/0x490 drivers/net/can/usb/peak_usb/pcan_usb_core.c:949 Reported-by: syzbot+91adee8d9ebb9193d22d@syzkaller.appspotmail.com Signed-off-by: Pavel Skripkin Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/can/usb/peak_usb/pcan_usb_core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/drivers/net/can/usb/peak_usb/pcan_usb_core.c +++ b/drivers/net/can/usb/peak_usb/pcan_usb_core.c @@ -880,7 +880,7 @@ static int peak_usb_create_dev(const str if (dev->adapter->dev_set_bus) { err = dev->adapter->dev_set_bus(dev, 0); if (err) - goto lbl_unregister_candev; + goto adap_dev_free; } /* get device number early */ @@ -892,6 +892,10 @@ static int peak_usb_create_dev(const str return 0; +adap_dev_free: + if (dev->adapter->dev_free) + dev->adapter->dev_free(dev); + lbl_unregister_candev: unregister_candev(netdev); From patchwork Thu Apr 15 14:47:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423358 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F9BFC433B4 for ; Thu, 15 Apr 2021 14:54:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 62969613FD for ; Thu, 15 Apr 2021 14:54:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234162AbhDOOzH (ORCPT ); Thu, 15 Apr 2021 10:55:07 -0400 Received: from mail.kernel.org ([198.145.29.99]:39738 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234077AbhDOOxm (ORCPT ); Thu, 15 Apr 2021 10:53:42 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3E183613DA; Thu, 15 Apr 2021 14:52:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498343; bh=CInIEyceU6K5xO6r9eiLdQPTABvm3UjymXGdGY9/G6Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=X1+VY1gTKd5zaL8PWzEUeDwB0BEZEKnlcCZ7KmnHQpS+nXTQ4rguUSe2a9bvc14Ti joQxLx6YOigeIHu2vKSqklo80/M9HVZSWVvu2/sgozg2Vqbj5G9oBla/0pa4me/q1c Xh02tJH8csD7Uejheuh52mjwRpEeu+ktwEY2+OV4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pavel Skripkin , syzbot+9ec037722d2603a9f52e@syzkaller.appspotmail.com, Alexander Aring , Stefan Schmidt Subject: [PATCH 4.9 33/47] net: mac802154: Fix general protection fault Date: Thu, 15 Apr 2021 16:47:25 +0200 Message-Id: <20210415144414.526372274@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Pavel Skripkin commit 1165affd484889d4986cf3b724318935a0b120d8 upstream. syzbot found general protection fault in crypto_destroy_tfm()[1]. It was caused by wrong clean up loop in llsec_key_alloc(). If one of the tfm array members is in IS_ERR() range it will cause general protection fault in clean up function [1]. Call Trace: crypto_free_aead include/crypto/aead.h:191 [inline] [1] llsec_key_alloc net/mac802154/llsec.c:156 [inline] mac802154_llsec_key_add+0x9e0/0xcc0 net/mac802154/llsec.c:249 ieee802154_add_llsec_key+0x56/0x80 net/mac802154/cfg.c:338 rdev_add_llsec_key net/ieee802154/rdev-ops.h:260 [inline] nl802154_add_llsec_key+0x3d3/0x560 net/ieee802154/nl802154.c:1584 genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502 genl_rcv+0x24/0x40 net/netlink/genetlink.c:811 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae Signed-off-by: Pavel Skripkin Reported-by: syzbot+9ec037722d2603a9f52e@syzkaller.appspotmail.com Acked-by: Alexander Aring Link: https://lore.kernel.org/r/20210304152125.1052825-1-paskripkin@gmail.com Signed-off-by: Stefan Schmidt Signed-off-by: Greg Kroah-Hartman --- net/mac802154/llsec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/mac802154/llsec.c +++ b/net/mac802154/llsec.c @@ -158,7 +158,7 @@ err_tfm0: crypto_free_skcipher(key->tfm0); err_tfm: for (i = 0; i < ARRAY_SIZE(key->tfm); i++) - if (key->tfm[i]) + if (!IS_ERR_OR_NULL(key->tfm[i])) crypto_free_aead(key->tfm[i]); kzfree(key); From patchwork Thu Apr 15 14:47:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423357 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3729C43461 for ; Thu, 15 Apr 2021 14:54:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B2E3A613F8 for ; Thu, 15 Apr 2021 14:54:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233688AbhDOOzK (ORCPT ); Thu, 15 Apr 2021 10:55:10 -0400 Received: from mail.kernel.org ([198.145.29.99]:39798 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234279AbhDOOx4 (ORCPT ); Thu, 15 Apr 2021 10:53:56 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 163D0613D4; Thu, 15 Apr 2021 14:52:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498346; bh=clS3TK94RoVp/7AJ9nUNT+La7QmdmF6hnBsBhzjIJjE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=t1eFvaw16+WbvaE7gUbXtitLQLGTFkHFdp77OejaSb4L4ozWWqZrLxBKnb4+XhKCA vvKv/b5jZ9/RYf9UG/A6FBcE7AIg7qnI2dyO7VRTXkH9UyvI9FzNBnhUrPZSirAA6Z hM1iTqezAf4cOacMxiSTthpQv/t19uqcNdscII0Y= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+d4c07de0144f6f63be3a@syzkaller.appspotmail.com, Alexander Aring , Stefan Schmidt Subject: [PATCH 4.9 34/47] net: ieee802154: nl-mac: fix check on panid Date: Thu, 15 Apr 2021 16:47:26 +0200 Message-Id: <20210415144414.555922875@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Alexander Aring commit 6f7f657f24405f426212c09260bf7fe8a52cef33 upstream. This patch fixes a null pointer derefence for panid handle by move the check for the netlink variable directly before accessing them. Reported-by: syzbot+d4c07de0144f6f63be3a@syzkaller.appspotmail.com Signed-off-by: Alexander Aring Link: https://lore.kernel.org/r/20210228151817.95700-4-aahringo@redhat.com Signed-off-by: Stefan Schmidt Signed-off-by: Greg Kroah-Hartman --- net/ieee802154/nl-mac.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/net/ieee802154/nl-mac.c +++ b/net/ieee802154/nl-mac.c @@ -559,9 +559,7 @@ ieee802154_llsec_parse_key_id(struct gen desc->mode = nla_get_u8(info->attrs[IEEE802154_ATTR_LLSEC_KEY_MODE]); if (desc->mode == IEEE802154_SCF_KEY_IMPLICIT) { - if (!info->attrs[IEEE802154_ATTR_PAN_ID] && - !(info->attrs[IEEE802154_ATTR_SHORT_ADDR] || - info->attrs[IEEE802154_ATTR_HW_ADDR])) + if (!info->attrs[IEEE802154_ATTR_PAN_ID]) return -EINVAL; desc->device_addr.pan_id = nla_get_shortaddr(info->attrs[IEEE802154_ATTR_PAN_ID]); @@ -570,6 +568,9 @@ ieee802154_llsec_parse_key_id(struct gen desc->device_addr.mode = IEEE802154_ADDR_SHORT; desc->device_addr.short_addr = nla_get_shortaddr(info->attrs[IEEE802154_ATTR_SHORT_ADDR]); } else { + if (!info->attrs[IEEE802154_ATTR_HW_ADDR]) + return -EINVAL; + desc->device_addr.mode = IEEE802154_ADDR_LONG; desc->device_addr.extended_addr = nla_get_hwaddr(info->attrs[IEEE802154_ATTR_HW_ADDR]); } From patchwork Thu Apr 15 14:47:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422410 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A78CDC43462 for ; Thu, 15 Apr 2021 14:54:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 87FB1613D7 for ; Thu, 15 Apr 2021 14:54:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234222AbhDOOzL (ORCPT ); Thu, 15 Apr 2021 10:55:11 -0400 Received: from mail.kernel.org ([198.145.29.99]:39830 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234280AbhDOOx4 (ORCPT ); Thu, 15 Apr 2021 10:53:56 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 940456113B; Thu, 15 Apr 2021 14:52:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498349; bh=adwfwwQMdygbQVB+/u0sDbUshgQoaHvxg2kwUrTHzro=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=acChM1YBoaEKp2Ee8xqBmKdIZPojrk8Fo5gPDR34xC37AJQfOHAKfXaBXH0XSvxq4 XrJF0b3uPp30C1li032cG9dIqo4bFAJIGzswjSnE1COfpNsoMvoDuXzRm8qS/NgqFN O5nOS9z0x+uvPzWakeRrmKwwH8uGWfK4FQy/Fr58= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+ac5c11d2959a8b3c4806@syzkaller.appspotmail.com, Alexander Aring , Stefan Schmidt Subject: [PATCH 4.9 35/47] net: ieee802154: fix nl802154 del llsec key Date: Thu, 15 Apr 2021 16:47:27 +0200 Message-Id: <20210415144414.584873414@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Alexander Aring commit 37feaaf5ceb2245e474369312bb7b922ce7bce69 upstream. This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_KEY is not set by the user. If this is the case nl802154 will return -EINVAL. Reported-by: syzbot+ac5c11d2959a8b3c4806@syzkaller.appspotmail.com Signed-off-by: Alexander Aring Link: https://lore.kernel.org/r/20210221174321.14210-1-aahringo@redhat.com Signed-off-by: Stefan Schmidt Signed-off-by: Greg Kroah-Hartman --- net/ieee802154/nl802154.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -1627,7 +1627,8 @@ static int nl802154_del_llsec_key(struct struct nlattr *attrs[NL802154_KEY_ATTR_MAX + 1]; struct ieee802154_llsec_key_id id; - if (nla_parse_nested(attrs, NL802154_KEY_ATTR_MAX, + if (!info->attrs[NL802154_ATTR_SEC_KEY] || + nla_parse_nested(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy)) return -EINVAL; From patchwork Thu Apr 15 14:47:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423356 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C60D5C433ED for ; Thu, 15 Apr 2021 14:54:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A87BF613D7 for ; Thu, 15 Apr 2021 14:54:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234237AbhDOOzM (ORCPT ); Thu, 15 Apr 2021 10:55:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:39858 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234282AbhDOOx5 (ORCPT ); Thu, 15 Apr 2021 10:53:57 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7329C613D7; Thu, 15 Apr 2021 14:52:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498352; bh=2W8o1gYyf2lPNJY4lrbNxni64c6yxSIkHaHfmmrXssw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RKSvdldTIq91Q/i1PW+iHk6BByyvC7a2xl+v+qY++erhkz8ARFyndxT3jvP5qYXSI gk1IjuQNJUgSx9xqKWxEe1+chUG/gXL75uu4TR6/Plp0hj4aQCfwWeJFlYKVsROaEz y29UBh2ozTyWUTKA8M3SZVGt+rQbUztHpuZepM9g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+d946223c2e751d136c94@syzkaller.appspotmail.com, Alexander Aring , Stefan Schmidt Subject: [PATCH 4.9 36/47] net: ieee802154: fix nl802154 del llsec dev Date: Thu, 15 Apr 2021 16:47:28 +0200 Message-Id: <20210415144414.615063660@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Alexander Aring commit 3d1eac2f45585690d942cf47fd7fbd04093ebd1b upstream. This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_DEVICE is not set by the user. If this is the case nl802154 will return -EINVAL. Reported-by: syzbot+d946223c2e751d136c94@syzkaller.appspotmail.com Signed-off-by: Alexander Aring Link: https://lore.kernel.org/r/20210221174321.14210-2-aahringo@redhat.com Signed-off-by: Stefan Schmidt Signed-off-by: Greg Kroah-Hartman --- net/ieee802154/nl802154.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -1796,7 +1796,8 @@ static int nl802154_del_llsec_dev(struct struct nlattr *attrs[NL802154_DEV_ATTR_MAX + 1]; __le64 extended_addr; - if (nla_parse_nested(attrs, NL802154_DEV_ATTR_MAX, + if (!info->attrs[NL802154_ATTR_SEC_DEVICE] || + nla_parse_nested(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy)) return -EINVAL; From patchwork Thu Apr 15 14:47:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422413 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64E8DC433B4 for ; Thu, 15 Apr 2021 14:54:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4DF34613FB for ; Thu, 15 Apr 2021 14:54:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233610AbhDOOys (ORCPT ); Thu, 15 Apr 2021 10:54:48 -0400 Received: from mail.kernel.org ([198.145.29.99]:39954 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234101AbhDOOwG (ORCPT ); Thu, 15 Apr 2021 10:52:06 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id CB0E961131; Thu, 15 Apr 2021 14:51:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498303; bh=WLwkVW7ARwuad7wlX3HpAR9iso5njstDWOSAv4yxZac=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cdQe/ir1copZynptqPJV73X4VifZv80NvZZd8jF7MRNEH5BMDpWw+/xyGeUA/21Nw HxjicLiRL0rlKn6Q6rRNd76pS/xC1aq3iVzFTj8+wNpJ3yu56L22EWs19VCmeLB56N x1D1Fw63+NJGRtiZbN6HAhyWr7iHXqk+A6Xi93GU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+ce4e062c2d51977ddc50@syzkaller.appspotmail.com, Alexander Aring , Stefan Schmidt Subject: [PATCH 4.9 37/47] net: ieee802154: fix nl802154 add llsec key Date: Thu, 15 Apr 2021 16:47:29 +0200 Message-Id: <20210415144414.646084458@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Alexander Aring commit 20d5fe2d7103f5c43ad11a3d6d259e9d61165c35 upstream. This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_KEY is not set by the user. If this is the case nl802154 will return -EINVAL. Reported-by: syzbot+ce4e062c2d51977ddc50@syzkaller.appspotmail.com Signed-off-by: Alexander Aring Link: https://lore.kernel.org/r/20210221174321.14210-3-aahringo@redhat.com Signed-off-by: Stefan Schmidt Signed-off-by: Greg Kroah-Hartman --- net/ieee802154/nl802154.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -1577,7 +1577,8 @@ static int nl802154_add_llsec_key(struct struct ieee802154_llsec_key_id id = { }; u32 commands[NL802154_CMD_FRAME_NR_IDS / 32] = { }; - if (nla_parse_nested(attrs, NL802154_KEY_ATTR_MAX, + if (!info->attrs[NL802154_ATTR_SEC_KEY] || + nla_parse_nested(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy)) return -EINVAL; From patchwork Thu Apr 15 14:47:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422419 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C70AC433ED for ; Thu, 15 Apr 2021 14:53:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0DC82613D0 for ; Thu, 15 Apr 2021 14:53:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233905AbhDOOyS (ORCPT ); Thu, 15 Apr 2021 10:54:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:40052 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233865AbhDOOwJ (ORCPT ); Thu, 15 Apr 2021 10:52:09 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 8411D613D1; Thu, 15 Apr 2021 14:51:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498306; bh=Qkqd7gRqO6pMQ0q5wAI66aq8qCPd0wKRf6sLy1zklss=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=atpoDgLGnxw+UJKyBSHNWWmbHNfKajxkWBB+FgmuKZojuDxhvah07jjE9sjqtjvOZ ptTEKFmxqEWQazpcK4t2qp0Whqqj/9aGGETwI7tTmdGfLTy4D2dzdFWeN0J9DqWnSM bbjNP1bKoihrOh8FtD8amN6YlVEK4qHniuRqZ4d8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+368672e0da240db53b5f@syzkaller.appspotmail.com, Alexander Aring , Stefan Schmidt Subject: [PATCH 4.9 38/47] net: ieee802154: fix nl802154 del llsec devkey Date: Thu, 15 Apr 2021 16:47:30 +0200 Message-Id: <20210415144414.676104917@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Alexander Aring commit 27c746869e1a135dffc2f2a80715bb7aa00445b4 upstream. This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_DEVKEY is not set by the user. If this is the case nl802154 will return -EINVAL. Reported-by: syzbot+368672e0da240db53b5f@syzkaller.appspotmail.com Signed-off-by: Alexander Aring Link: https://lore.kernel.org/r/20210221174321.14210-4-aahringo@redhat.com Signed-off-by: Stefan Schmidt Signed-off-by: Greg Kroah-Hartman --- net/ieee802154/nl802154.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -1958,7 +1958,8 @@ static int nl802154_del_llsec_devkey(str struct ieee802154_llsec_device_key key; __le64 extended_addr; - if (nla_parse_nested(attrs, NL802154_DEVKEY_ATTR_MAX, + if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] || + nla_parse_nested(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy)) return -EINVAL; From patchwork Thu Apr 15 14:47:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423367 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 701CAC43460 for ; Thu, 15 Apr 2021 14:53:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 47748613B7 for ; Thu, 15 Apr 2021 14:53:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233900AbhDOOyT (ORCPT ); Thu, 15 Apr 2021 10:54:19 -0400 Received: from mail.kernel.org ([198.145.29.99]:40110 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234192AbhDOOwL (ORCPT ); Thu, 15 Apr 2021 10:52:11 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 18A20613A9; Thu, 15 Apr 2021 14:51:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498308; bh=YVRokPv9P5rXy+IXNP0JsqC+WLGunSjk16whe9EFvv4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=O6KmL8qARYPWj/6UCkuKCBEbhyLzUFWbP/rlJX6E7xgFfE9kCohmGmOp5xbcw5pSk uwio8yOGuBC8dPXGBPB8w2lamrT3JBWmrEjbLvJJBbdm+RKwcATqTv2geMq45QFsHg ZPvBrbt01psScbjKfBUnBRr/RMLJMMhpuoRCMDgc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+8b6719da8a04beeafcc3@syzkaller.appspotmail.com, Alexander Aring , Stefan Schmidt Subject: [PATCH 4.9 39/47] net: ieee802154: forbid monitor for set llsec params Date: Thu, 15 Apr 2021 16:47:31 +0200 Message-Id: <20210415144414.706659260@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Alexander Aring commit 88c17855ac4291fb462e13a86b7516773b6c932e upstream. This patch forbids to set llsec params for monitor interfaces which we don't support yet. Reported-by: syzbot+8b6719da8a04beeafcc3@syzkaller.appspotmail.com Signed-off-by: Alexander Aring Link: https://lore.kernel.org/r/20210405003054.256017-3-aahringo@redhat.com Signed-off-by: Stefan Schmidt Signed-off-by: Greg Kroah-Hartman --- net/ieee802154/nl802154.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -1417,6 +1417,9 @@ static int nl802154_set_llsec_params(str u32 changed = 0; int ret; + if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) + return -EOPNOTSUPP; + if (info->attrs[NL802154_ATTR_SEC_ENABLED]) { u8 enabled; From patchwork Thu Apr 15 14:47:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422418 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8A4DC43461 for ; Thu, 15 Apr 2021 14:53:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BF5FA613F8 for ; Thu, 15 Apr 2021 14:53:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233935AbhDOOyT (ORCPT ); Thu, 15 Apr 2021 10:54:19 -0400 Received: from mail.kernel.org ([198.145.29.99]:38396 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233597AbhDOOwO (ORCPT ); Thu, 15 Apr 2021 10:52:14 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id C7ED2613CB; Thu, 15 Apr 2021 14:51:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498311; bh=An3o1657eqWgfjRCA59yDM6qIlxeuVQVe7A2S3mFIq4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gUfVR/n5/H2ubuy5riOK0PS4ANfIzSA9oRC6YJhd07HtMb13wgh9GvW7QuLxIsYUK Qppc/+X3kt26WsFLsEOfUBhVFCL7S/3oBEY0hxopbjiE11iAyBqofZyv5NzjiVZ8MA eTZVYzU5uEANsxYUioHgrLkdJFsEyuf8CzCpEaa8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+fbf4fc11a819824e027b@syzkaller.appspotmail.com, Alexander Aring , Stefan Schmidt Subject: [PATCH 4.9 40/47] net: ieee802154: forbid monitor for del llsec seclevel Date: Thu, 15 Apr 2021 16:47:32 +0200 Message-Id: <20210415144414.737250522@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Alexander Aring commit 9dde130937e95b72adfae64ab21d6e7e707e2dac upstream. This patch forbids to del llsec seclevel for monitor interfaces which we don't support yet. Otherwise we will access llsec mib which isn't initialized for monitors. Reported-by: syzbot+fbf4fc11a819824e027b@syzkaller.appspotmail.com Signed-off-by: Alexander Aring Link: https://lore.kernel.org/r/20210405003054.256017-15-aahringo@redhat.com Signed-off-by: Stefan Schmidt Signed-off-by: Greg Kroah-Hartman --- net/ieee802154/nl802154.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -2137,6 +2137,9 @@ static int nl802154_del_llsec_seclevel(s struct wpan_dev *wpan_dev = dev->ieee802154_ptr; struct ieee802154_llsec_seclevel sl; + if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) + return -EOPNOTSUPP; + if (!info->attrs[NL802154_ATTR_SEC_LEVEL] || llsec_parse_seclevel(info->attrs[NL802154_ATTR_SEC_LEVEL], &sl) < 0) From patchwork Thu Apr 15 14:47:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423366 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4218AC43470 for ; Thu, 15 Apr 2021 14:53:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 226C8613CF for ; Thu, 15 Apr 2021 14:53:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233978AbhDOOyU (ORCPT ); Thu, 15 Apr 2021 10:54:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:40268 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234025AbhDOOwR (ORCPT ); Thu, 15 Apr 2021 10:52:17 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id F34C66137D; Thu, 15 Apr 2021 14:51:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498314; bh=sh2QR11FGW1OAsUextuIhPlHZfAMwpddXXm+cERvfNY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=elvcv8yECiaxezAiwg90beLO92m8B145NsemA1Yf5n17TBi96GPKJHiLDE0Y3IBpc 7mUY/W9RGx0j5y0l9zM/aE7THWx4aFYPVCqTm5u3rvyw7v0xIdFImInL1nbKsZJdt2 brlCnn2tBxzNJtlXoUd5qOgpN5Xz856/FNHarJJI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+cde43a581a8e5f317bc2@syzkaller.appspotmail.com, Alexander Aring , Stefan Schmidt Subject: [PATCH 4.9 41/47] net: ieee802154: stop dump llsec params for monitors Date: Thu, 15 Apr 2021 16:47:33 +0200 Message-Id: <20210415144414.773252961@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Alexander Aring commit 1534efc7bbc1121e92c86c2dabebaf2c9dcece19 upstream. This patch stops dumping llsec params for monitors which we don't support yet. Otherwise we will access llsec mib which isn't initialized for monitors. Reported-by: syzbot+cde43a581a8e5f317bc2@syzkaller.appspotmail.com Signed-off-by: Alexander Aring Link: https://lore.kernel.org/r/20210405003054.256017-16-aahringo@redhat.com Signed-off-by: Stefan Schmidt Signed-off-by: Greg Kroah-Hartman --- net/ieee802154/nl802154.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -851,8 +851,13 @@ nl802154_send_iface(struct sk_buff *msg, goto nla_put_failure; #ifdef CONFIG_IEEE802154_NL802154_EXPERIMENTAL + if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) + goto out; + if (nl802154_get_llsec_params(msg, rdev, wpan_dev) < 0) goto nla_put_failure; + +out: #endif /* CONFIG_IEEE802154_NL802154_EXPERIMENTAL */ genlmsg_end(msg, hdr); From patchwork Thu Apr 15 14:47:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422417 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 333A5C43462 for ; Thu, 15 Apr 2021 14:53:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0E023613D1 for ; Thu, 15 Apr 2021 14:53:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234007AbhDOOyU (ORCPT ); Thu, 15 Apr 2021 10:54:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:40290 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233541AbhDOOwV (ORCPT ); Thu, 15 Apr 2021 10:52:21 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9DC4C613B7; Thu, 15 Apr 2021 14:51:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498317; bh=qbDjDKn73d1QE2n2oUIySTnqvXEfTVVTbKP2QAHET+U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=C8E3hMCFZ2JhQyS58kuNq/WNUrjpEeu3qCYvLP4E7cvit1DW6UMe7hr038CtMwP4E 00MHMiX5EdyxwzMK/oEEVQbdqW1lOfMQnIBUz5vvL9WfJZD5oa58jhLXMjHaYjDSzB cb9nUWBcoHqX3EHMuOQgBWOqNLF8787II47QD69U= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Salvatore Bonaccorso , Shyam Prasad N , Aurelien Aptel , Steve French , Sasha Levin Subject: [PATCH 4.9 42/47] Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath." Date: Thu, 15 Apr 2021 16:47:34 +0200 Message-Id: <20210415144414.803401748@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Greg Kroah-Hartman This reverts commit 742300e32db00f008e944acafaeba9a12730eff0 which is commit a738c93fb1c17e386a09304b517b1c6b2a6a5a8b upstream. It is reported to cause problems in older kernels, so revert it for now until we can figure it out... Reported-by: Salvatore Bonaccorso Link: https://lore.kernel.org/r/YG7r0UaivWZL762N@eldamar.lan Cc: Shyam Prasad N Cc: Aurelien Aptel Cc: Steve French Cc: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- fs/cifs/connect.c | 1 - 1 file changed, 1 deletion(-) --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -3488,7 +3488,6 @@ int cifs_setup_cifs_sb(struct smb_vol *p cifs_sb->prepath = kstrdup(pvolume_info->prepath, GFP_KERNEL); if (cifs_sb->prepath == NULL) return -ENOMEM; - cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH; } return 0; From patchwork Thu Apr 15 14:47:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 421780 Delivered-To: patch@linaro.org Received: by 2002:a02:6a6f:0:0:0:0:0 with SMTP id m47csp547347jaf; Thu, 15 Apr 2021 07:54:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzWGlX4+aGlzzg/7gk9zRhMgiiu+tHGmWA+2i2t5mqJGBl9d+78UZfGH424N3YzTqm3us6q X-Received: by 2002:a17:906:40da:: with SMTP id a26mr3810638ejk.513.1618498446100; Thu, 15 Apr 2021 07:54:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618498446; cv=none; d=google.com; s=arc-20160816; b=M0Rr2TvUUKH8VwrZMTEZD/kYDASDTUrcm9uorQSZZVWBYSWTBjXkFdCpe6i6ssgtin PtTlD8i0ay0FGQ7kz+Mn7y45UtEOdadGgdIM754dV2CGguI7KXXuXWRbE18g6BVkzW/A 5du/iTV6jjxHVARuO47cgqp2Et+Y0S6yzTqDriHLRJdTtfrmhq3EwFSQHu20YszNd4xa hIvx5ucaMH7d8kTVhZr/ORXKncfH43Udh8BtlKsMtm6fxBf9IfUyZtkF31NorXa1/qLd 82Zfpsu5lxa9H49q5Ko6X5B4Zi1E3VlTcgif9RFRPOlxxcDkk9fU8nRb+Gc84CtOc4l9 S+1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=eyaxKh5VSqFAzDreyR5TCIo1/uVTIaZLu3i9ntaShC4=; b=ZQk3XByqHYo0vThkhwRy0lC0DqyjvuBTdS7hiLJKFK1XQwcZjwSZA8ms/dVlICo72V AoeBm5nZPqGPLHScScUQCP42H2fZ/yR/K8/AKP1c1EXwbF3EPzP/u5PxJmMGIr6Pfbj1 LPMSLQtIrvicXcACRnT/Xr5rOvLswjUbWkBOiY2Rq0ucOwJApB69JI1ydhc8HJ++qugj oJsTsCa4OpcyJjzP8qpu9U8U4Hi8lwbBPwCG1xjvTM2bbqgpJyQolmnkb7/iEvIFsHB+ YA2pVW8nj/eu/YUY/rDNWu9K234LfQxS2enfNiMEbV3XvMot3XaDImCMlDUWkqpuAvtw 8WMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=YUwNry29; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b12si2349646edd.19.2021.04.15.07.54.05; Thu, 15 Apr 2021 07:54:06 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=YUwNry29; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234116AbhDOOyV (ORCPT + 12 others); Thu, 15 Apr 2021 10:54:21 -0400 Received: from mail.kernel.org ([198.145.29.99]:40358 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233889AbhDOOwX (ORCPT ); Thu, 15 Apr 2021 10:52:23 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4E8D8613C1; Thu, 15 Apr 2021 14:51:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498319; bh=NP6z82y8UYkzlwGvlhVl2v3BmtjsrN94IHTrZKg4lEo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YUwNry29cRl6/JDtL7z2LQ6qWd6ZIVkhN7yThXI+/UYRZbpBwgYPpivcVoIpEnVR0 9VRxFh2v4VUrZYG7rcEMwL8vObFrU6u0nDFok/rH2YX3lqPJQ+dZWmYtCVVIrTOId2 Mit2W+FC6GcRjZJ2NCdzyqwktQIKZEgV5/tVc2QE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Arnd Bergmann , Liu Ying , Philipp Zabel , Sasha Levin Subject: [PATCH 4.9 43/47] drm/imx: imx-ldb: fix out of bounds array access warning Date: Thu, 15 Apr 2021 16:47:35 +0200 Message-Id: <20210415144414.833339007@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Arnd Bergmann [ Upstream commit 33ce7f2f95cabb5834cf0906308a5cb6103976da ] When CONFIG_OF is disabled, building with 'make W=1' produces warnings about out of bounds array access: drivers/gpu/drm/imx/imx-ldb.c: In function 'imx_ldb_set_clock.constprop': drivers/gpu/drm/imx/imx-ldb.c:186:8: error: array subscript -22 is below array bounds of 'struct clk *[4]' [-Werror=array-bounds] Add an error check before the index is used, which helps with the warning, as well as any possible other error condition that may be triggered at runtime. The warning could be fixed by adding a Kconfig depedency on CONFIG_OF, but Liu Ying points out that the driver may hit the out-of-bounds problem at runtime anyway. Signed-off-by: Arnd Bergmann Reviewed-by: Liu Ying Signed-off-by: Philipp Zabel Signed-off-by: Sasha Levin --- drivers/gpu/drm/imx/imx-ldb.c | 10 ++++++++++ 1 file changed, 10 insertions(+) -- 2.30.2 diff --git a/drivers/gpu/drm/imx/imx-ldb.c b/drivers/gpu/drm/imx/imx-ldb.c index 2df407b2b0da..3a9d06de81b4 100644 --- a/drivers/gpu/drm/imx/imx-ldb.c +++ b/drivers/gpu/drm/imx/imx-ldb.c @@ -212,6 +212,11 @@ static void imx_ldb_encoder_enable(struct drm_encoder *encoder) int dual = ldb->ldb_ctrl & LDB_SPLIT_MODE_EN; int mux = drm_of_encoder_active_port_id(imx_ldb_ch->child, encoder); + if (mux < 0 || mux >= ARRAY_SIZE(ldb->clk_sel)) { + dev_warn(ldb->dev, "%s: invalid mux %d\n", __func__, mux); + return; + } + drm_panel_prepare(imx_ldb_ch->panel); if (dual) { @@ -270,6 +275,11 @@ imx_ldb_encoder_atomic_mode_set(struct drm_encoder *encoder, int mux = drm_of_encoder_active_port_id(imx_ldb_ch->child, encoder); u32 bus_format = imx_ldb_ch->bus_format; + if (mux < 0 || mux >= ARRAY_SIZE(ldb->clk_sel)) { + dev_warn(ldb->dev, "%s: invalid mux %d\n", __func__, mux); + return; + } + if (mode->clock > 170000) { dev_warn(ldb->dev, "%s: mode exceeds 170 MHz pixel clock\n", __func__); From patchwork Thu Apr 15 14:47:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422416 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 114C6C43460 for ; Thu, 15 Apr 2021 14:54:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E4614613D0 for ; Thu, 15 Apr 2021 14:54:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233755AbhDOOyW (ORCPT ); Thu, 15 Apr 2021 10:54:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:40392 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234018AbhDOOw0 (ORCPT ); Thu, 15 Apr 2021 10:52:26 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id E0E87613C7; Thu, 15 Apr 2021 14:52:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498322; bh=FqDLX8Hj/MTV3BG1nj6wwkQ9GYbozetX81W/+qlKXEA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SUNIZ4oiOfoIv1UYji+t/U/afKvijDJUTRP7Fm2UFnCYT3liuYcoCEnMngV6aNfuL PfyKJp/NM82nJCaK4Xy/zbA+Fb7EEh09xqmKgHJ4+jshhtnSqWgDoL/vekJtSYfP30 VK9gEZADR03kU6jmCRaV/upGeNkCRZ/drpSSQXXk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Bob Peterson , Andreas Gruenbacher , Sasha Levin Subject: [PATCH 4.9 44/47] gfs2: report "already frozen/thawed" errors Date: Thu, 15 Apr 2021 16:47:36 +0200 Message-Id: <20210415144414.865113918@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Bob Peterson [ Upstream commit ff132c5f93c06bd4432bbab5c369e468653bdec4 ] Before this patch, gfs2's freeze function failed to report an error when the target file system was already frozen as it should (and as generic vfs function freeze_super does. Similarly, gfs2's thaw function failed to report an error when trying to thaw a file system that is not frozen, as vfs function thaw_super does. The errors were checked, but it always returned a 0 return code. This patch adds the missing error return codes to gfs2 freeze and thaw. Signed-off-by: Bob Peterson Signed-off-by: Andreas Gruenbacher Signed-off-by: Sasha Levin --- fs/gfs2/super.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/gfs2/super.c b/fs/gfs2/super.c index 37496d83661a..ef401aecaa2c 100644 --- a/fs/gfs2/super.c +++ b/fs/gfs2/super.c @@ -986,11 +986,13 @@ void gfs2_freeze_func(struct work_struct *work) static int gfs2_freeze(struct super_block *sb) { struct gfs2_sbd *sdp = sb->s_fs_info; - int error = 0; + int error; mutex_lock(&sdp->sd_freeze_mutex); - if (atomic_read(&sdp->sd_freeze_state) != SFS_UNFROZEN) + if (atomic_read(&sdp->sd_freeze_state) != SFS_UNFROZEN) { + error = -EBUSY; goto out; + } if (test_bit(SDF_SHUTDOWN, &sdp->sd_flags)) { error = -EINVAL; @@ -1032,10 +1034,10 @@ static int gfs2_unfreeze(struct super_block *sb) struct gfs2_sbd *sdp = sb->s_fs_info; mutex_lock(&sdp->sd_freeze_mutex); - if (atomic_read(&sdp->sd_freeze_state) != SFS_FROZEN || + if (atomic_read(&sdp->sd_freeze_state) != SFS_FROZEN || !gfs2_holder_initialized(&sdp->sd_freeze_gh)) { mutex_unlock(&sdp->sd_freeze_mutex); - return 0; + return -EINVAL; } gfs2_glock_dq_uninit(&sdp->sd_freeze_gh); From patchwork Thu Apr 15 14:47:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423364 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9664BC43462 for ; Thu, 15 Apr 2021 14:54:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6FFD4613F5 for ; Thu, 15 Apr 2021 14:54:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234175AbhDOOyY (ORCPT ); Thu, 15 Apr 2021 10:54:24 -0400 Received: from mail.kernel.org ([198.145.29.99]:40448 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234223AbhDOOw3 (ORCPT ); Thu, 15 Apr 2021 10:52:29 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 85176613E7; Thu, 15 Apr 2021 14:52:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498325; bh=kGcNoQjNOE4bY27WAQbOKddLlzVqeJD87qMvICVikFY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=b/X1PyymSpR3AhlNONUFK41Rg4Jd792B1jCJAEwKtKCOGbgb1LSf2OfYTLvrrmV2K hNmPWcQ6h5iQW8ZKxUJKGzyUoMtGZRPpdEqaO0O35S7dGoW7QdcF40JyXDYUEcPcyu nOKWd9TmEZIFZdRJGNeadhLEr9oxPFllKwBt3nqc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+cfc0247ac173f597aaaa@syzkaller.appspotmail.com, Andy Nguyen , Florian Westphal , Pablo Neira Ayuso Subject: [PATCH 4.9 45/47] netfilter: x_tables: fix compat match/target pad out-of-bound write Date: Thu, 15 Apr 2021 16:47:37 +0200 Message-Id: <20210415144414.894273434@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Florian Westphal commit b29c457a6511435960115c0f548c4360d5f4801d upstream. xt_compat_match/target_from_user doesn't check that zeroing the area to start of next rule won't write past end of allocated ruleset blob. Remove this code and zero the entire blob beforehand. Reported-by: syzbot+cfc0247ac173f597aaaa@syzkaller.appspotmail.com Reported-by: Andy Nguyen Fixes: 9fa492cdc160c ("[NETFILTER]: x_tables: simplify compat API") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- net/ipv4/netfilter/arp_tables.c | 2 ++ net/ipv4/netfilter/ip_tables.c | 2 ++ net/ipv6/netfilter/ip6_tables.c | 2 ++ net/netfilter/x_tables.c | 10 ++-------- 4 files changed, 8 insertions(+), 8 deletions(-) --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -1209,6 +1209,8 @@ static int translate_compat_table(struct if (!newinfo) goto out_unlock; + memset(newinfo->entries, 0, size); + newinfo->number = compatr->num_entries; for (i = 0; i < NF_ARP_NUMHOOKS; i++) { newinfo->hook_entry[i] = compatr->hook_entry[i]; --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -1451,6 +1451,8 @@ translate_compat_table(struct net *net, if (!newinfo) goto out_unlock; + memset(newinfo->entries, 0, size); + newinfo->number = compatr->num_entries; for (i = 0; i < NF_INET_NUMHOOKS; i++) { newinfo->hook_entry[i] = compatr->hook_entry[i]; --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -1476,6 +1476,8 @@ translate_compat_table(struct net *net, if (!newinfo) goto out_unlock; + memset(newinfo->entries, 0, size); + newinfo->number = compatr->num_entries; for (i = 0; i < NF_INET_NUMHOOKS; i++) { newinfo->hook_entry[i] = compatr->hook_entry[i]; --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -569,7 +569,7 @@ void xt_compat_match_from_user(struct xt { const struct xt_match *match = m->u.kernel.match; struct compat_xt_entry_match *cm = (struct compat_xt_entry_match *)m; - int pad, off = xt_compat_match_offset(match); + int off = xt_compat_match_offset(match); u_int16_t msize = cm->u.user.match_size; char name[sizeof(m->u.user.name)]; @@ -579,9 +579,6 @@ void xt_compat_match_from_user(struct xt match->compat_from_user(m->data, cm->data); else memcpy(m->data, cm->data, msize - sizeof(*cm)); - pad = XT_ALIGN(match->matchsize) - match->matchsize; - if (pad > 0) - memset(m->data + match->matchsize, 0, pad); msize += off; m->u.user.match_size = msize; @@ -927,7 +924,7 @@ void xt_compat_target_from_user(struct x { const struct xt_target *target = t->u.kernel.target; struct compat_xt_entry_target *ct = (struct compat_xt_entry_target *)t; - int pad, off = xt_compat_target_offset(target); + int off = xt_compat_target_offset(target); u_int16_t tsize = ct->u.user.target_size; char name[sizeof(t->u.user.name)]; @@ -937,9 +934,6 @@ void xt_compat_target_from_user(struct x target->compat_from_user(t->data, ct->data); else memcpy(t->data, ct->data, tsize - sizeof(*ct)); - pad = XT_ALIGN(target->targetsize) - target->targetsize; - if (pad > 0) - memset(t->data + target->targetsize, 0, pad); tsize += off; t->u.user.target_size = tsize; From patchwork Thu Apr 15 14:47:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 423363 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E47E0C43470 for ; Thu, 15 Apr 2021 14:54:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BBA61613EA for ; Thu, 15 Apr 2021 14:54:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233943AbhDOOyZ (ORCPT ); Thu, 15 Apr 2021 10:54:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:39406 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234015AbhDOOwb (ORCPT ); Thu, 15 Apr 2021 10:52:31 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6B9D9613BA; Thu, 15 Apr 2021 14:52:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498328; bh=4eBJrb+B+57qtxK6haNfl+LFHq7PAjGM070/C8ioxjo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ub8U89eG8x6lTrnYoD7laqmJAdj2S/u5H0Aw1XiHF8Tu7aEO3mU/13ssdW/1qcPu3 Xdb5360Le0XHZER3jjZQR4U3T1eK7qCbyx+UzLBNePH0+o1/VIN668yicMqCTMMh3j /9D903AYgRfoEMgHWsLv+svYSX1cknRMv++TFXVs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Arnaldo Carvalho de Melo , Anders Roxell Subject: [PATCH 4.9 46/47] perf map: Tighten snprintf() string precision to pass gcc check on some 32-bit arches Date: Thu, 15 Apr 2021 16:47:38 +0200 Message-Id: <20210415144414.932720430@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Arnaldo Carvalho de Melo commit 77d02bd00cea9f1a87afe58113fa75b983d6c23a upstream. Noticed on a debian:experimental mips and mipsel cross build build environment: perfbuilder@ec265a086e9b:~$ mips-linux-gnu-gcc --version | head -1 mips-linux-gnu-gcc (Debian 10.2.1-3) 10.2.1 20201224 perfbuilder@ec265a086e9b:~$ CC /tmp/build/perf/util/map.o util/map.c: In function 'map__new': util/map.c:109:5: error: '%s' directive output may be truncated writing between 1 and 2147483645 bytes into a region of size 4096 [-Werror=format-truncation=] 109 | "%s/platforms/%s/arch-%s/usr/lib/%s", | ^~ In file included from /usr/mips-linux-gnu/include/stdio.h:867, from util/symbol.h:11, from util/map.c:2: /usr/mips-linux-gnu/include/bits/stdio2.h:67:10: note: '__builtin___snprintf_chk' output 32 or more bytes (assuming 4294967321) into a destination of size 4096 67 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 68 | __bos (__s), __fmt, __va_arg_pack ()); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Since we have the lenghts for what lands in that place, use it to give the compiler more info and make it happy. Signed-off-by: Arnaldo Carvalho de Melo Cc: Anders Roxell Signed-off-by: Greg Kroah-Hartman --- tools/perf/util/map.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/tools/perf/util/map.c +++ b/tools/perf/util/map.c @@ -91,8 +91,7 @@ static inline bool replace_android_lib(c if (!strncmp(filename, "/system/lib/", 12)) { char *ndk, *app; const char *arch; - size_t ndk_length; - size_t app_length; + int ndk_length, app_length; ndk = getenv("NDK_ROOT"); app = getenv("APP_PLATFORM"); @@ -120,8 +119,8 @@ static inline bool replace_android_lib(c if (new_length > PATH_MAX) return false; snprintf(newfilename, new_length, - "%s/platforms/%s/arch-%s/usr/lib/%s", - ndk, app, arch, libname); + "%.*s/platforms/%.*s/arch-%s/usr/lib/%s", + ndk_length, ndk, app_length, app, arch, libname); return true; } From patchwork Thu Apr 15 14:47:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 422414 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96275C433ED for ; Thu, 15 Apr 2021 14:54:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 33877613F4 for ; Thu, 15 Apr 2021 14:54:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234183AbhDOOy0 (ORCPT ); Thu, 15 Apr 2021 10:54:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:39522 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234136AbhDOOwi (ORCPT ); Thu, 15 Apr 2021 10:52:38 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id B2B98613CD; Thu, 15 Apr 2021 14:52:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618498333; bh=kQqduttTBrndpbO+HeobweYb1pI7czrzBHj1JX/4t68=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sRwHaliLck4Fd1Xv9tesdZLmmdj3Wo6fy7CjHe5kxWoyfZKHycAilj9n1wmhEO0Lg 5E75VXSdzYz7ZqEcS0kbUNmbuf0irtNYjNl8eJVnWBcP+47rKXCvfktknB/nip0YsA b9DZdDmVPMlnlfrqcMhqjg7UADi6LlbfB+D704Ww= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Juergen Gross Subject: [PATCH 4.9 47/47] xen/events: fix setting irq affinity Date: Thu, 15 Apr 2021 16:47:39 +0200 Message-Id: <20210415144414.964377772@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210415144413.487943796@linuxfoundation.org> References: <20210415144413.487943796@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Juergen Gross The backport of upstream patch 25da4618af240fbec61 ("xen/events: don't unmask an event channel when an eoi is pending") introduced a regression for stable kernels 5.10 and older: setting IRQ affinity for IRQs related to interdomain events would no longer work, as moving the IRQ to its new cpu was not included in the irq_ack callback for those events. Fix that by adding the needed call. Note that kernels 5.11 and later don't need the explicit moving of the IRQ to the target cpu in the irq_ack callback, due to a rework of the affinity setting in kernel 5.11. Signed-off-by: Juergen Gross Signed-off-by: Greg Kroah-Hartman --- drivers/xen/events/events_base.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -1780,7 +1780,7 @@ static void lateeoi_ack_dynirq(struct ir if (VALID_EVTCHN(evtchn)) { do_mask(info, EVT_MASK_REASON_EOI_PENDING); - event_handler_exit(info); + ack_dynirq(data); } } @@ -1791,7 +1791,7 @@ static void lateeoi_mask_ack_dynirq(stru if (VALID_EVTCHN(evtchn)) { do_mask(info, EVT_MASK_REASON_EXPLICIT); - event_handler_exit(info); + ack_dynirq(data); } }