This is the start of the stable review cycle for the 4.9.220 release.
There are 125 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 24 Apr 2020 09:48:23 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.220-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 4.9.220-rc1
Samuel Neves <[email protected]>
x86/vdso: Fix lsl operand order
Evalds Iodzevics <[email protected]>
x86/microcode/intel: replace sync_core() with native_cpuid_reg(eax)
Borislav Petkov <[email protected]>
x86/CPU: Add native CPUID variants returning a single datum
Wen Yang <[email protected]>
mtd: phram: fix a double free issue in error path
Dan Carpenter <[email protected]>
mtd: lpddr: Fix a double free in probe()
Paul E. McKenney <[email protected]>
locktorture: Print ratio of acquisitions, not failures
Stephen Rothwell <[email protected]>
tty: evh_bytechan: Fix out of bounds accesses
Dan Carpenter <[email protected]>
fbdev: potential information leak in do_fb_ioctl()
Adrian Huang <[email protected]>
iommu/amd: Fix the configuration of GCR3 table root pointer
Dan Carpenter <[email protected]>
libnvdimm: Out of bounds read in __nd_ioctl()
Jan Kara <[email protected]>
ext2: fix debug reference to ext2_xattr_cache
Randy Dunlap <[email protected]>
ext2: fix empty body warnings when -Wextra is used
Trond Myklebust <[email protected]>
NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
David Hildenbrand <[email protected]>
KVM: s390: vsie: Fix possible race when shadowing region 3 tables
Vegard Nossum <[email protected]>
compiler.h: fix error in BUILD_BUG_ON() reporting
Qian Cai <[email protected]>
percpu_counter: fix a data race at vm_committed_as
Eric Sandeen <[email protected]>
ext4: do not commit super on read-only bdev
Nathan Chancellor <[email protected]>
powerpc/maple: Fix declaration made after definition
Alexander Gordeev <[email protected]>
s390/cpuinfo: fix wrong output when CPU0 is offline
Misono Tomohiro <[email protected]>
NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
Sowjanya Komatineni <[email protected]>
clk: tegra: Fix Tegra PMC clock out parents
Dmitry Osipenko <[email protected]>
power: supply: bq27xxx_battery: Silence deferred-probe error
Claudiu Beznea <[email protected]>
clk: at91: usb: continue if clk_hw_round_rate() return zero
Frank Rowand <[email protected]>
of: unittest: kmemleak in of_unittest_platform_populate()
Arnd Bergmann <[email protected]>
arm64: cpu_errata: include required headers
Rob Herring <[email protected]>
of: fix missing kobject init for !SYSFS && OF_DYNAMIC config
Chris Lew <[email protected]>
soc: qcom: smem: Use le32_to_cpu for comparison
Lior David <[email protected]>
wil6210: fix length check in __wmi_send
Mohit Aggarwal <[email protected]>
rtc: pm8xxx: Fix issue in RTC write path
Dedy Lansky <[email protected]>
wil6210: rate limit wil_rx_refill error
Subhash Jadavani <[email protected]>
scsi: ufs: ufs-qcom: remove broken hci version quirk
Venkat Gopalakrishnan <[email protected]>
scsi: ufs: make sure all interrupts are processed
Dedy Lansky <[email protected]>
wil6210: fix temperature debugfs
Hamad Kadmany <[email protected]>
wil6210: increase firmware ready timeout
Timur Tabi <[email protected]>
Revert "gpio: set up initial state from .get_direction()"
Joe Moriarty <[email protected]>
drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
Nathan Chancellor <[email protected]>
video: fbdev: sis: Remove unnecessary parentheses and commented code
Frank Rowand <[email protected]>
of: unittest: kmemleak on changeset destroy
Takashi Iwai <[email protected]>
ALSA: hda: Don't release card at firmware loading error
Li Bin <[email protected]>
scsi: sg: add sg_remove_request in sg_common_write
Josh Poimboeuf <[email protected]>
objtool: Fix switch table detection in .text.unlikely
Xiao Yang <[email protected]>
tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation
Maurizio Lombardi <[email protected]>
scsi: target: fix hang when multiple threads try to destroy the same iscsi session
Maurizio Lombardi <[email protected]>
scsi: target: remove boilerplate code
Jim Mattson <[email protected]>
kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
Goldwyn Rodrigues <[email protected]>
dm flakey: check for null arg_name in parse_features()
Jan Kara <[email protected]>
ext4: do not zeroout extents beyond i_disksize
Tuomas Tynkkynen <[email protected]>
mac80211_hwsim: Use kstrndup() in place of kasprintf()
Josef Bacik <[email protected]>
btrfs: check commit root generation in should_ignore_root
Takashi Iwai <[email protected]>
ALSA: usb-audio: Don't override ignore_ctl_error value from the map
Colin Ian King <[email protected]>
ASoC: Intel: mrfld: return error codes when an error occurs
Colin Ian King <[email protected]>
ASoC: Intel: mrfld: fix incorrect check on p->sink
Josh Triplett <[email protected]>
ext4: fix incorrect inodes per group in error message
Josh Triplett <[email protected]>
ext4: fix incorrect group count in ext4_fill_super error message
zhangyi (F) <[email protected]>
jbd2: improve comments about freeing data buffers whose page mapping is NULL
Can Guo <[email protected]>
scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
Tim Stallard <[email protected]>
net: ipv6: do not consider routes via gateways for anycast address check
Wang Wenhu <[email protected]>
net: qrtr: send msgs from local of same id as broadcast
Taras Chornyi <[email protected]>
net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
Taehee Yoo <[email protected]>
hsr: check protocol version in hsr_newlink()
Andy Shevchenko <[email protected]>
mfd: dln2: Fix sanity checking for endpoints
Nathan Chancellor <[email protected]>
misc: echo: Remove unnecessary parentheses and simplify check for zero
Laurentiu Tudor <[email protected]>
powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
Wen Yang <[email protected]>
ipmi: fix hung processes in __get_guid()
Chris Wilson <[email protected]>
drm: Remove PageReserved manipulation from drm_pci_alloc
Lyude Paul <[email protected]>
drm/dp_mst: Fix clearing payload state on topology disable
Filipe Manana <[email protected]>
Btrfs: fix crash during unmount due to race with delayed inode workers
Michael Ellerman <[email protected]>
powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
Kai-Heng Feng <[email protected]>
libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set
Simon Gander <[email protected]>
hfsplus: fix crash and filesystem corruption when deleting files
Oliver O'Halloran <[email protected]>
cpufreq: powernv: Fix use-after-free
Eric Biggers <[email protected]>
kmod: make request_module() return an error when autoloading is disabled
Hans de Goede <[email protected]>
Input: i8042 - add Acer Aspire 5738z to nomux list
Michael Mueller <[email protected]>
s390/diag: fix display of diagnose call statistics
Changwei Ge <[email protected]>
ocfs2: no need try to truncate file beyond i_size
Qian Cai <[email protected]>
ext4: fix a data race at inode->i_blocks
Nathan Chancellor <[email protected]>
rtc: omap: Use define directive for PIN_CONFIG_ACTIVE_HIGH
Fredrik Strupe <[email protected]>
arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
Steffen Maier <[email protected]>
scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point
Shetty, Harshini X (EXT-Sony Mobile) <[email protected]>
dm verity fec: fix memory leak in verity_fec_dtr
Alexander Duyck <[email protected]>
mm: Use fixed constant in page_frag_alloc instead of size + 1
Anssi Hannula <[email protected]>
tools: gpio: Fix out-of-tree build regression
Zhenzhong Duan <[email protected]>
x86/speculation: Remove redundant arch_smt_update() invocation
Takashi Iwai <[email protected]>
ALSA: hda: Initialize power_state field properly
Rosioru Dragos <[email protected]>
crypto: mxs-dcp - fix scatterlist linearization for hash
Josef Bacik <[email protected]>
btrfs: drop block from cache on error in relocation
Vitaly Kuznetsov <[email protected]>
KVM: VMX: fix crash cleanup when KVM wasn't used
Sean Christopherson <[email protected]>
KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support
Sean Christopherson <[email protected]>
KVM: x86: Allocate new rmap and large page tracking when moving memslot
David Hildenbrand <[email protected]>
KVM: s390: vsie: Fix delivery of addressing exceptions
David Hildenbrand <[email protected]>
KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks
Thomas Gleixner <[email protected]>
x86/entry/32: Add missing ASM_CLAC to general_protection entry
Eric W. Biederman <[email protected]>
signal: Extend exec_id to 64bits
Remi Pommarel <[email protected]>
ath9k: Handle txpower changes even when TPC is disabled
Gustavo A. R. Silva <[email protected]>
MIPS: OCTEON: irq: Fix potential NULL pointer dereference
Sungbo Eo <[email protected]>
irqchip/versatile-fpga: Apply clear-mask earlier
Yang Xu <[email protected]>
KEYS: reaching the keys quotas correctly
Martin Blumenstingl <[email protected]>
thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
Jan Engelhardt <[email protected]>
acpi/x86: ignore unspecified bit positions in the ACPI global lock field
Benoit Parrot <[email protected]>
media: ti-vpe: cal: fix disable_irqs to only the intended target
Takashi Iwai <[email protected]>
ALSA: pcm: oss: Fix regression by buffer overflow fix
Takashi Iwai <[email protected]>
ALSA: ice1724: Fix invalid access for enumerated ctl items
Takashi Iwai <[email protected]>
ALSA: hda: Fix potential access overflow in beep helper
Takashi Iwai <[email protected]>
ALSA: hda: Add driver blacklist
Takashi Iwai <[email protected]>
ALSA: usb-audio: Add mixer workaround for TRX40 and co
Thinh Nguyen <[email protected]>
usb: gadget: composite: Inform controller driver of self-powered
Sriharsha Allenki <[email protected]>
usb: gadget: f_fs: Fix use after free issue as part of queue failure
이경택 <[email protected]>
ASoC: topology: use name_prefix for new kcontrol
이경택 <[email protected]>
ASoC: dpcm: allow start or stop during pause for backend
이경택 <[email protected]>
ASoC: dapm: connect virtual mux with default value
이경택 <[email protected]>
ASoC: fix regwmask
YueHaibing <[email protected]>
misc: rtsx: set correct pcr_ops for rts522A
Josef Bacik <[email protected]>
btrfs: track reloc roots based on their commit root bytenr
Josef Bacik <[email protected]>
btrfs: remove a BUG_ON() from merge_reloc_roots()
Boqun Feng <[email protected]>
locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
Arvind Sankar <[email protected]>
x86/boot: Use unsigned comparison for addresses
Bob Peterson <[email protected]>
gfs2: Don't demote a glock until its revokes are written
John Garry <[email protected]>
libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
Andy Lutomirski <[email protected]>
selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
Michael Wang <[email protected]>
sched: Avoid scale real weight down to zero
Sungbo Eo <[email protected]>
irqchip/versatile-fpga: Handle chained IRQs properly
Alain Volmat <[email protected]>
i2c: st: fix missing struct parameter description
Xu Wang <[email protected]>
qlcnic: Fix bad kzalloc null test
Zheng Wei <[email protected]>
net: vxge: fix wrong __VA_ARGS__ usage
Ondrej Jirman <[email protected]>
bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
-------------
Diffstat:
Makefile | 4 +-
arch/arm64/kernel/armv8_deprecated.c | 2 +-
arch/arm64/kernel/cpu_errata.c | 2 +
arch/mips/cavium-octeon/octeon-irq.c | 3 +
arch/powerpc/kernel/signal_64.c | 4 +-
arch/powerpc/mm/tlb_nohash_low.S | 12 +++-
arch/powerpc/platforms/maple/setup.c | 34 +++++-----
arch/s390/kernel/diag.c | 2 +-
arch/s390/kernel/processor.c | 5 +-
arch/s390/kvm/vsie.c | 1 +
arch/s390/mm/gmap.c | 7 +-
arch/x86/boot/compressed/head_32.S | 2 +-
arch/x86/boot/compressed/head_64.S | 4 +-
arch/x86/entry/entry_32.S | 1 +
arch/x86/include/asm/microcode_intel.h | 2 +-
arch/x86/include/asm/processor.h | 18 +++++
arch/x86/include/asm/vgtod.h | 2 +-
arch/x86/kernel/acpi/boot.c | 2 +-
arch/x86/kvm/cpuid.c | 3 +-
arch/x86/kvm/vmx.c | 79 +++++++---------------
arch/x86/kvm/x86.c | 11 +++
drivers/ata/libata-pmp.c | 1 +
drivers/ata/libata-scsi.c | 9 +--
drivers/bus/sunxi-rsb.c | 2 +-
drivers/char/ipmi/ipmi_msghandler.c | 4 +-
drivers/clk/at91/clk-usb.c | 3 +
drivers/clk/tegra/clk-tegra-pmc.c | 12 ++--
drivers/cpufreq/powernv-cpufreq.c | 6 ++
drivers/crypto/mxs-dcp.c | 58 ++++++++--------
drivers/gpio/gpiolib.c | 31 ++-------
drivers/gpu/drm/drm_dp_mst_topology.c | 15 ++--
drivers/gpu/drm/drm_pci.c | 25 +------
drivers/i2c/busses/i2c-st.c | 1 +
drivers/input/serio/i8042-x86ia64io.h | 11 +++
drivers/iommu/amd_iommu_types.h | 2 +-
drivers/irqchip/irq-versatile-fpga.c | 18 +++--
drivers/md/dm-flakey.c | 5 ++
drivers/md/dm-verity-fec.c | 1 +
drivers/media/platform/ti-vpe/cal.c | 16 ++---
drivers/mfd/dln2.c | 9 ++-
drivers/mfd/rts5227.c | 1 +
drivers/misc/echo/echo.c | 2 +-
drivers/mtd/devices/phram.c | 15 ++--
drivers/mtd/lpddr/lpddr_cmds.c | 1 -
drivers/net/ethernet/neterion/vxge/vxge-config.h | 2 +-
drivers/net/ethernet/neterion/vxge/vxge-main.h | 14 ++--
.../net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c | 2 +-
drivers/net/wireless/ath/ath9k/main.c | 3 +
drivers/net/wireless/ath/wil6210/debugfs.c | 7 +-
drivers/net/wireless/ath/wil6210/interrupt.c | 22 +++++-
drivers/net/wireless/ath/wil6210/main.c | 2 +-
drivers/net/wireless/ath/wil6210/txrx.c | 4 +-
drivers/net/wireless/ath/wil6210/wmi.c | 2 +-
drivers/net/wireless/mac80211_hwsim.c | 12 ++--
drivers/nvdimm/bus.c | 6 +-
drivers/of/base.c | 3 -
drivers/of/unittest.c | 11 ++-
drivers/power/supply/bq27xxx_battery.c | 5 +-
drivers/rtc/rtc-omap.c | 4 +-
drivers/rtc/rtc-pm8xxx.c | 49 +++++++++++---
drivers/s390/scsi/zfcp_erp.c | 2 +-
drivers/scsi/sg.c | 4 +-
drivers/scsi/ufs/ufs-qcom.c | 2 +-
drivers/scsi/ufs/ufshcd.c | 32 ++++++---
drivers/soc/qcom/smem.c | 2 +-
drivers/target/iscsi/iscsi_target.c | 79 +++++++---------------
drivers/target/iscsi/iscsi_target.h | 1 -
drivers/target/iscsi/iscsi_target_configfs.c | 5 +-
drivers/target/iscsi/iscsi_target_login.c | 5 +-
drivers/tty/ehv_bytechan.c | 21 +++++-
drivers/usb/gadget/composite.c | 9 +++
drivers/usb/gadget/function/f_fs.c | 1 +
drivers/video/fbdev/core/fbmem.c | 2 +-
drivers/video/fbdev/sis/init301.c | 4 +-
fs/btrfs/async-thread.c | 8 +++
fs/btrfs/async-thread.h | 2 +
fs/btrfs/disk-io.c | 13 ++++
fs/btrfs/relocation.c | 39 +++++++----
fs/exec.c | 2 +-
fs/ext2/xattr.c | 8 +--
fs/ext4/extents.c | 8 +--
fs/ext4/inode.c | 2 +-
fs/ext4/super.c | 9 +--
fs/gfs2/glock.c | 3 +
fs/hfsplus/attributes.c | 4 ++
fs/jbd2/commit.c | 7 +-
fs/nfs/direct.c | 2 +
fs/nfs/pagelist.c | 17 +++--
fs/ocfs2/alloc.c | 4 ++
include/linux/compiler.h | 2 +-
include/linux/devfreq_cooling.h | 2 +-
include/linux/percpu_counter.h | 4 +-
include/linux/sched.h | 4 +-
include/net/ip6_route.h | 1 +
include/target/iscsi/iscsi_target_core.h | 2 +-
kernel/cpu.c | 5 +-
kernel/kmod.c | 4 +-
kernel/locking/lockdep.c | 4 ++
kernel/locking/locktorture.c | 8 +--
kernel/sched/sched.h | 8 ++-
kernel/signal.c | 2 +-
kernel/trace/trace_events_trigger.c | 10 +--
mm/page_alloc.c | 8 +--
net/hsr/hsr_netlink.c | 9 ++-
net/ipv4/devinet.c | 13 ++--
net/qrtr/qrtr.c | 7 +-
security/keys/key.c | 2 +-
security/keys/keyctl.c | 4 +-
sound/core/oss/pcm_plugin.c | 32 ++++++---
sound/pci/hda/hda_beep.c | 6 +-
sound/pci/hda/hda_codec.c | 1 +
sound/pci/hda/hda_intel.c | 35 ++++++----
sound/pci/ice1712/prodigy_hifi.c | 4 +-
sound/soc/intel/atom/sst-atom-controls.c | 2 +-
sound/soc/intel/atom/sst/sst_pci.c | 2 +-
sound/soc/soc-dapm.c | 8 ++-
sound/soc/soc-ops.c | 4 +-
sound/soc/soc-pcm.c | 6 +-
sound/soc/soc-topology.c | 2 +-
sound/usb/mixer.c | 2 +-
sound/usb/mixer_maps.c | 28 ++++++++
tools/gpio/Makefile | 2 +-
tools/objtool/check.c | 5 +-
tools/testing/selftests/x86/ptrace_syscall.c | 8 ++-
124 files changed, 685 insertions(+), 454 deletions(-)
From: Josef Bacik <[email protected]>
commit 8e19c9732ad1d127b5575a10f4fbcacf740500ff upstream.
If we have an error while building the backref tree in relocation we'll
process all the pending edges and then free the node. However if we
integrated some edges into the cache we'll lose our link to those edges
by simply freeing this node, which means we'll leak memory and
references to any roots that we've found.
Instead we need to use remove_backref_node(), which walks through all of
the edges that are still linked to this node and free's them up and
drops any root references we may be holding.
CC: [email protected] # 4.9+
Reviewed-by: Qu Wenruo <[email protected]>
Signed-off-by: Josef Bacik <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/btrfs/relocation.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -1185,7 +1185,7 @@ out:
free_backref_node(cache, lower);
}
- free_backref_node(cache, node);
+ remove_backref_node(cache, node);
return ERR_PTR(err);
}
ASSERT(!node || !node->detached);
On Wed, Apr 22, 2020 at 11:55:17AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.9.220 release.
> There are 125 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 24 Apr 2020 09:48:23 +0000.
> Anything received after that time might be too late.
>
I see a number of unit test crashes in ppc images. Looks like UAF.
This affects 4.4.y, 4.9.y, and 4.14.y. I'll bisect.
Guenter
---
BUG: Unable to handle kernel data access at 0x6b6b6b6b6b6b6b6b
Faulting instruction address: 0xc0000000006651dc
Oops: Kernel access of bad area, sig: 11 [#1]
PREEMPT SMP NR_CPUS=32
PowerMac
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.220-rc1-00126-gf6cef26 #1
task: c00000003c1c8010 task.stack: c00000003c1c4000
NIP: c0000000006651dc LR: c00000000066824c CTR: c000000000668230
REGS: c00000003c1c7320 TRAP: 0380 Not tainted (4.9.220-rc1-00126-gf6cef26)
MSR: 800000000000b032 <SF,EE,FP,ME,IR,DR,RI> CR: 28004448 XER: 00000000
SOFTE: 0
GPR00: 00000000743a2027 c00000003c1c75a0 c0000000011e1000 c000000001e926cc
GPR04: c000000001e92aa0 c000000001e92aa0 04ffffff000affff 0000000000000000
GPR08: c0000000006646b0 ffffffffffffffff 6b6b6b6b6b6b6b6b 0000000000000001
GPR12: 0000000044004448 c00000000fff9000 c00000000000ffc0 0000000000000000
GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20: c00000003c1c7878 0000000000000000 0000000000000002 c00000003c1c7880
GPR24: c000000000e506ae 0000000000000025 c000000001e926c0 0000000000000020
GPR28: 00000000000003e0 c000000001e92aa0 c000000000e506ae c000000001e926cc
NIP [c0000000006651dc] .string+0x1c/0xe0
LR [c00000000066824c] .vsnprintf+0x1ac/0x490
Call Trace:
[c00000003c1c75a0] [c00000003a512af8] 0xc00000003a512af8 (unreliable)
[c00000003c1c7670] [c000000000668548] .vscnprintf+0x18/0x60
[c00000003c1c76f0] [c0000000001386cc] .vprintk_emit+0x12c/0x6d0
[c00000003c1c77c0] [c000000000bc3d84] .printk+0xa0/0xbc
[c00000003c1c7840] [c00000000065a9b0] .kobject_put+0x150/0x170
[c00000003c1c78d0] [c0000000009819bc] .of_node_put+0x2c/0x50
[c00000003c1c7950] [c000000000f7998c] .of_unittest_changeset+0x710/0x75c
[c00000003c1c7b00] [c000000000f7c280] .of_unittest+0x22b8/0x2978
[c00000003c1c7c20] [c00000000000f554] .do_one_initcall+0x64/0x1e0
[c00000003c1c7d00] [c000000000f236a8] .kernel_init_freeable+0x298/0x38c
[c00000003c1c7db0] [c00000000000ffe4] .kernel_init+0x24/0x160
[c00000003c1c7e30] [c00000000000c330] .ret_from_kernel_thread+0x58/0x68
Instruction dump:
4b9f3c45 60000000 e80100a0 7c0803a6 4bffffd4 2ba50fff 7caa2b78 7cc90734
7c852378 409d0030 2fa90000 419e00b8 <890a0000> 394a0001 2fa80000 419e00a8
---[ end trace f5bca90605285cbd ]---
On Wed, Apr 22, 2020 at 01:34:30PM -0700, Guenter Roeck wrote:
> On Wed, Apr 22, 2020 at 11:55:17AM +0200, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 4.9.220 release.
> > There are 125 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Fri, 24 Apr 2020 09:48:23 +0000.
> > Anything received after that time might be too late.
> >
>
> I see a number of unit test crashes in ppc images. Looks like UAF.
> This affects 4.4.y, 4.9.y, and 4.14.y. I'll bisect.
>
Bisect log attached. I suspect the real culprit is commit a4f91f0de905
("of: unittest: clean up changeset test"), or at least it changes the
code enough for the offending patch not to work in v4.14.y and older.
Either case, reverting upstream commit b3fb36ed694b ("of: unittest:
kmemleak on changeset destroy") fixes the problem and thus needs to
be dropped from v4.4.y, v4.9.y, and v4.14.y.
Guenter
---
# bad: [f6cef26090da1763de1a7fc87205c8442d57bc80] Linux 4.9.220-rc1
# good: [5188957a315f664d46ff58fedecbc0f7503f1b22] Linux 4.9.219
git bisect start 'HEAD' 'v4.9.219'
# good: [0a499a93529e488ccccf83493c48e82b0bdea615] powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
git bisect good 0a499a93529e488ccccf83493c48e82b0bdea615
# bad: [f0b256f314141838039a084b81750d7a9dbc1e16] scsi: ufs: make sure all interrupts are processed
git bisect bad f0b256f314141838039a084b81750d7a9dbc1e16
# good: [9eb52f304182868156a97244618a09898d2dc37b] mac80211_hwsim: Use kstrndup() in place of kasprintf()
git bisect good 9eb52f304182868156a97244618a09898d2dc37b
# good: [cddafffc473da45d9eb419000ab9409824ef8f20] scsi: sg: add sg_remove_request in sg_common_write
git bisect good cddafffc473da45d9eb419000ab9409824ef8f20
# bad: [19976f5df09c19ce1bb0563055586998dda609dd] drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
git bisect bad 19976f5df09c19ce1bb0563055586998dda609dd
# bad: [9dbcfb15960da712fc134b5d4a133386721497c5] of: unittest: kmemleak on changeset destroy
git bisect bad 9dbcfb15960da712fc134b5d4a133386721497c5
# good: [52b90d68b8c200b86e66434e0bc86e87510863f3] ALSA: hda: Don't release card at firmware loading error
git bisect good 52b90d68b8c200b86e66434e0bc86e87510863f3
# first bad commit: [9dbcfb15960da712fc134b5d4a133386721497c5] of: unittest: kmemleak on changeset destroy
On Wed, Apr 22, 2020 at 01:54:02PM -0700, Guenter Roeck wrote:
> On Wed, Apr 22, 2020 at 01:34:30PM -0700, Guenter Roeck wrote:
> > On Wed, Apr 22, 2020 at 11:55:17AM +0200, Greg Kroah-Hartman wrote:
> > > This is the start of the stable review cycle for the 4.9.220 release.
> > > There are 125 patches in this series, all will be posted as a response
> > > to this one. If anyone has any issues with these being applied, please
> > > let me know.
> > >
> > > Responses should be made by Fri, 24 Apr 2020 09:48:23 +0000.
> > > Anything received after that time might be too late.
> > >
> >
> > I see a number of unit test crashes in ppc images. Looks like UAF.
> > This affects 4.4.y, 4.9.y, and 4.14.y. I'll bisect.
> >
>
> Bisect log attached. I suspect the real culprit is commit a4f91f0de905
> ("of: unittest: clean up changeset test"), or at least it changes the
> code enough for the offending patch not to work in v4.14.y and older.
> Either case, reverting upstream commit b3fb36ed694b ("of: unittest:
> kmemleak on changeset destroy") fixes the problem and thus needs to
> be dropped from v4.4.y, v4.9.y, and v4.14.y.
Thanks for letting me know, I've now dropped it from all of those trees.
greg k-h
On 22/04/2020 10:55, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.9.220 release.
> There are 125 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 24 Apr 2020 09:48:23 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.220-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests are passing for Tegra
Test results for stable-v4.9:
8 builds: 8 pass, 0 fail
16 boots: 16 pass, 0 fail
24 tests: 24 pass, 0 fail
Linux version: 4.9.220-rc1-gf6cef26090da
Boards tested: tegra124-jetson-tk1, tegra20-ventana,
tegra210-p2371-2180, tegra30-cardhu-a04
Cheers
Jon
--
nvpublic
On 4/23/20 1:02 AM, Greg Kroah-Hartman wrote:
> On Wed, Apr 22, 2020 at 01:54:02PM -0700, Guenter Roeck wrote:
>> On Wed, Apr 22, 2020 at 01:34:30PM -0700, Guenter Roeck wrote:
>>> On Wed, Apr 22, 2020 at 11:55:17AM +0200, Greg Kroah-Hartman wrote:
>>>> This is the start of the stable review cycle for the 4.9.220 release.
>>>> There are 125 patches in this series, all will be posted as a response
>>>> to this one. If anyone has any issues with these being applied, please
>>>> let me know.
>>>>
>>>> Responses should be made by Fri, 24 Apr 2020 09:48:23 +0000.
>>>> Anything received after that time might be too late.
>>>>
>>>
>>> I see a number of unit test crashes in ppc images. Looks like UAF.
>>> This affects 4.4.y, 4.9.y, and 4.14.y. I'll bisect.
>>>
>>
>> Bisect log attached. I suspect the real culprit is commit a4f91f0de905
>> ("of: unittest: clean up changeset test"), or at least it changes the
>> code enough for the offending patch not to work in v4.14.y and older.
>> Either case, reverting upstream commit b3fb36ed694b ("of: unittest:
>> kmemleak on changeset destroy") fixes the problem and thus needs to
>> be dropped from v4.4.y, v4.9.y, and v4.14.y.
>
> Thanks for letting me know, I've now dropped it from all of those trees.
>
Did you (or do you plan to) push the updated branches ? My builders
didn't pick it up yet.
Guenter
On Thu, Apr 23, 2020 at 03:26:23AM -0700, Guenter Roeck wrote:
> On 4/23/20 1:02 AM, Greg Kroah-Hartman wrote:
> > On Wed, Apr 22, 2020 at 01:54:02PM -0700, Guenter Roeck wrote:
> >> On Wed, Apr 22, 2020 at 01:34:30PM -0700, Guenter Roeck wrote:
> >>> On Wed, Apr 22, 2020 at 11:55:17AM +0200, Greg Kroah-Hartman wrote:
> >>>> This is the start of the stable review cycle for the 4.9.220 release.
> >>>> There are 125 patches in this series, all will be posted as a response
> >>>> to this one. If anyone has any issues with these being applied, please
> >>>> let me know.
> >>>>
> >>>> Responses should be made by Fri, 24 Apr 2020 09:48:23 +0000.
> >>>> Anything received after that time might be too late.
> >>>>
> >>>
> >>> I see a number of unit test crashes in ppc images. Looks like UAF.
> >>> This affects 4.4.y, 4.9.y, and 4.14.y. I'll bisect.
> >>>
> >>
> >> Bisect log attached. I suspect the real culprit is commit a4f91f0de905
> >> ("of: unittest: clean up changeset test"), or at least it changes the
> >> code enough for the offending patch not to work in v4.14.y and older.
> >> Either case, reverting upstream commit b3fb36ed694b ("of: unittest:
> >> kmemleak on changeset destroy") fixes the problem and thus needs to
> >> be dropped from v4.4.y, v4.9.y, and v4.14.y.
> >
> > Thanks for letting me know, I've now dropped it from all of those trees.
> >
>
> Did you (or do you plan to) push the updated branches ? My builders
> didn't pick it up yet.
Sorry about that, have now pushed out a -rc2 for all of those 3
branches.
greg k-h