This is the start of the stable review cycle for the 5.7.2 release.
There are 24 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 11 Jun 2020 17:41:38 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.7.2-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.7.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 5.7.2-rc1
Oleg Nesterov <[email protected]>
uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned
Josh Poimboeuf <[email protected]>
x86/speculation: Add Ivy Bridge to affected list
Mark Gross <[email protected]>
x86/speculation: Add SRBDS vulnerability and mitigation documentation
Mark Gross <[email protected]>
x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
Mark Gross <[email protected]>
x86/cpu: Add 'table' argument to cpu_matches()
Mark Gross <[email protected]>
x86/cpu: Add a steppings field to struct x86_cpu_id
Srinivas Kandagatla <[email protected]>
nvmem: qfprom: remove incorrect write support
Oliver Neukum <[email protected]>
CDC-ACM: heed quirk also in error handling
Pascal Terjan <[email protected]>
staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
Jiri Slaby <[email protected]>
tty: hvc_console, fix crashes on parallel open/close
Dmitry Torokhov <[email protected]>
vt: keyboard: avoid signed integer overflow in k_ascii
Josh Triplett <[email protected]>
serial: 8250: Enable 16550A variants by default on non-x86
Paul Cercueil <[email protected]>
usb: musb: jz4740: Prevent lockup when CONFIG_SMP is set
Dinghao Liu <[email protected]>
usb: musb: Fix runtime PM imbalance on error
Bin Liu <[email protected]>
usb: musb: start session in resume for host port
Fabrice Gasnier <[email protected]>
iio: adc: stm32-adc: fix a wrong error message when probing interrupts
Jonathan Cameron <[email protected]>
iio:chemical:pms7003: Fix timestamp alignment and prevent data leak.
Mathieu Othacehe <[email protected]>
iio: vcnl4000: Fix i2c swapped word reading.
Jonathan Cameron <[email protected]>
iio:chemical:sps30: Fix timestamp alignment
Johan Hovold <[email protected]>
USB: serial: ch341: fix lockup of devices with limited prescaler
Michael Hanselmann <[email protected]>
USB: serial: ch341: add basis for quirk detection
Daniele Palmas <[email protected]>
USB: serial: option: add Telit LE910C1-EUX compositions
Bin Liu <[email protected]>
USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
Matt Jolly <[email protected]>
USB: serial: qcserial: add DW5816e QDL support
-------------
Diffstat:
Documentation/ABI/testing/sysfs-devices-system-cpu | 1 +
Documentation/admin-guide/hw-vuln/index.rst | 1 +
.../special-register-buffer-data-sampling.rst | 149 +++++++++++++++++++++
Documentation/admin-guide/kernel-parameters.txt | 20 +++
Makefile | 4 +-
arch/x86/include/asm/cpu_device_id.h | 27 +++-
arch/x86/include/asm/cpufeatures.h | 2 +
arch/x86/include/asm/msr-index.h | 4 +
arch/x86/kernel/cpu/bugs.c | 106 +++++++++++++++
arch/x86/kernel/cpu/common.c | 56 ++++++--
arch/x86/kernel/cpu/cpu.h | 1 +
arch/x86/kernel/cpu/match.c | 7 +-
drivers/base/cpu.c | 8 ++
drivers/iio/adc/stm32-adc-core.c | 34 ++---
drivers/iio/chemical/pms7003.c | 17 ++-
drivers/iio/chemical/sps30.c | 9 +-
drivers/iio/light/vcnl4000.c | 6 +-
drivers/nvmem/qfprom.c | 14 --
drivers/staging/rtl8712/wifi.h | 9 +-
drivers/tty/hvc/hvc_console.c | 23 ++--
drivers/tty/serial/8250/Kconfig | 1 +
drivers/tty/vt/keyboard.c | 26 ++--
drivers/usb/class/cdc-acm.c | 2 +-
drivers/usb/musb/jz4740.c | 4 +-
drivers/usb/musb/musb_core.c | 7 +
drivers/usb/musb/musb_debugfs.c | 10 +-
drivers/usb/serial/ch341.c | 68 +++++++++-
drivers/usb/serial/option.c | 4 +
drivers/usb/serial/qcserial.c | 1 +
drivers/usb/serial/usb_wwan.c | 4 +
include/linux/mod_devicetable.h | 2 +
kernel/events/uprobes.c | 16 ++-
32 files changed, 532 insertions(+), 111 deletions(-)
From: Oleg Nesterov <[email protected]>
commit 013b2deba9a6b80ca02f4fafd7dedf875e9b4450 upstream.
uprobe_write_opcode() must not cross page boundary; prepare_uprobe()
relies on arch_uprobe_analyze_insn() which should validate "vaddr" but
some architectures (csky, s390, and sparc) don't do this.
We can remove the BUG_ON() check in prepare_uprobe() and validate the
offset early in __uprobe_register(). The new IS_ALIGNED() check matches
the alignment check in arch_prepare_kprobe() on supported architectures,
so I think that all insns must be aligned to UPROBE_SWBP_INSN_SIZE.
Another problem is __update_ref_ctr() which was wrong from the very
beginning, it can read/write outside of kmap'ed page unless "vaddr" is
aligned to sizeof(short), __uprobe_register() should check this too.
Reported-by: Linus Torvalds <[email protected]>
Suggested-by: Linus Torvalds <[email protected]>
Signed-off-by: Oleg Nesterov <[email protected]>
Reviewed-by: Srikar Dronamraju <[email protected]>
Acked-by: Christian Borntraeger <[email protected]>
Tested-by: Sven Schnelle <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: [email protected]
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
kernel/events/uprobes.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
--- a/kernel/events/uprobes.c
+++ b/kernel/events/uprobes.c
@@ -867,10 +867,6 @@ static int prepare_uprobe(struct uprobe
if (ret)
goto out;
- /* uprobe_write_opcode() assumes we don't cross page boundary */
- BUG_ON((uprobe->offset & ~PAGE_MASK) +
- UPROBE_SWBP_INSN_SIZE > PAGE_SIZE);
-
smp_wmb(); /* pairs with the smp_rmb() in handle_swbp() */
set_bit(UPROBE_COPY_INSN, &uprobe->flags);
@@ -1166,6 +1162,15 @@ static int __uprobe_register(struct inod
if (offset > i_size_read(inode))
return -EINVAL;
+ /*
+ * This ensures that copy_from_page(), copy_to_page() and
+ * __update_ref_ctr() can't cross page boundary.
+ */
+ if (!IS_ALIGNED(offset, UPROBE_SWBP_INSN_SIZE))
+ return -EINVAL;
+ if (!IS_ALIGNED(ref_ctr_offset, sizeof(short)))
+ return -EINVAL;
+
retry:
uprobe = alloc_uprobe(inode, offset, ref_ctr_offset);
if (!uprobe)
@@ -2014,6 +2019,9 @@ static int is_trap_at_addr(struct mm_str
uprobe_opcode_t opcode;
int result;
+ if (WARN_ON_ONCE(!IS_ALIGNED(vaddr, UPROBE_SWBP_INSN_SIZE)))
+ return -EINVAL;
+
pagefault_disable();
result = __get_user(opcode, (uprobe_opcode_t __user *)vaddr);
pagefault_enable();
From: Srinivas Kandagatla <[email protected]>
commit 8d9eb0d6d59a5d7028c80a30831143d3e75515a7 upstream.
qfprom has different address spaces for read and write. Reads are
always done from corrected address space, where as writes are done
on raw address space.
Writing to corrected address space is invalid and ignored, so it
does not make sense to have this support in the driver which only
supports corrected address space regions at the moment.
Fixes: 4ab11996b489 ("nvmem: qfprom: Add Qualcomm QFPROM support.")
Signed-off-by: Srinivas Kandagatla <[email protected]>
Reviewed-by: Douglas Anderson <[email protected]>
Cc: stable <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/nvmem/qfprom.c | 14 --------------
1 file changed, 14 deletions(-)
--- a/drivers/nvmem/qfprom.c
+++ b/drivers/nvmem/qfprom.c
@@ -27,25 +27,11 @@ static int qfprom_reg_read(void *context
return 0;
}
-static int qfprom_reg_write(void *context,
- unsigned int reg, void *_val, size_t bytes)
-{
- struct qfprom_priv *priv = context;
- u8 *val = _val;
- int i = 0, words = bytes;
-
- while (words--)
- writeb(*val++, priv->base + reg + i++);
-
- return 0;
-}
-
static struct nvmem_config econfig = {
.name = "qfprom",
.stride = 1,
.word_size = 1,
.reg_read = qfprom_reg_read,
- .reg_write = qfprom_reg_write,
};
static int qfprom_probe(struct platform_device *pdev)
From: Jonathan Cameron <[email protected]>
commit a5bf6fdd19c327bcfd9073a8740fa19ca4525fd4 upstream.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver which uses an array of smaller elements on the stack.
Fixes: 232e0f6ddeae ("iio: chemical: add support for Sensirion SPS30 sensor")
Reported-by: Lars-Peter Clausen <[email protected]>
Signed-off-by: Jonathan Cameron <[email protected]>
Cc: <[email protected]>
Acked-by: Tomasz Duszynski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/iio/chemical/sps30.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/iio/chemical/sps30.c
+++ b/drivers/iio/chemical/sps30.c
@@ -230,15 +230,18 @@ static irqreturn_t sps30_trigger_handler
struct iio_dev *indio_dev = pf->indio_dev;
struct sps30_state *state = iio_priv(indio_dev);
int ret;
- s32 data[4 + 2]; /* PM1, PM2P5, PM4, PM10, timestamp */
+ struct {
+ s32 data[4]; /* PM1, PM2P5, PM4, PM10 */
+ s64 ts;
+ } scan;
mutex_lock(&state->lock);
- ret = sps30_do_meas(state, data, 4);
+ ret = sps30_do_meas(state, scan.data, ARRAY_SIZE(scan.data));
mutex_unlock(&state->lock);
if (ret)
goto err;
- iio_push_to_buffers_with_timestamp(indio_dev, data,
+ iio_push_to_buffers_with_timestamp(indio_dev, &scan,
iio_get_time_ns(indio_dev));
err:
iio_trigger_notify_done(indio_dev->trig);
From: Bin Liu <[email protected]>
commit 986c1748c84d7727defeaeca74a73b37f7d5cce1 upstream.
usb_wwan_indat_callback() shouldn't resubmit rx urb if the previous urb
status is a fatal error. Or the usb controller would keep processing the
new urbs then run into interrupt storm, and has no chance to recover.
Fixes: 6c1ee66a0b2b ("USB-Serial: Fix error handling of usb_wwan")
Cc: [email protected]
Signed-off-by: Bin Liu <[email protected]>
Signed-off-by: Johan Hovold <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/serial/usb_wwan.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/serial/usb_wwan.c
+++ b/drivers/usb/serial/usb_wwan.c
@@ -270,6 +270,10 @@ static void usb_wwan_indat_callback(stru
if (status) {
dev_dbg(dev, "%s: nonzero status: %d on endpoint %02x.\n",
__func__, status, endpoint);
+
+ /* don't resubmit on fatal errors */
+ if (status == -ESHUTDOWN || status == -ENOENT)
+ return;
} else {
if (urb->actual_length) {
tty_insert_flip_string(&port->port, data,
On Tue, 9 Jun 2020 at 23:25, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 5.7.2 release.
> There are 24 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 11 Jun 2020 17:41:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.7.2-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.7.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Summary
------------------------------------------------------------------------
kernel: 5.7.2-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-5.7.y
git commit: 00f7cc67908be43cf52f961c4c880108b00d68e8
git describe: v5.7.1-25-g00f7cc67908b
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.7-oe/build/v5.7.1-25-g00f7cc67908b
No regressions (compared to build v5.7-15-g676bb83805a9)
No fixes (compared to build v5.7-15-g676bb83805a9)
Ran 36794 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c
- hi6220-hikey
- i386
- juno-r2
- juno-r2-compat
- juno-r2-kasan
- nxp-ls2088
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15
- x86
- x86-kasan
Test Suites
-----------
* build
* install-android-platform-tools-r2600
* install-android-platform-tools-r2800
* kselftest
* kselftest/drivers
* kselftest/filesystems
* kselftest/net
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-sched-tests
* ltp-syscalls-tests
* perf
* v4l2-compliance
* libgpiod
* ltp-cve-tests
* ltp-hugetlb-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-securebits-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-io-tests
* ltp-open-posix-tests
* network-basic-tests
* kvm-unit-tests
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-native/drivers
* kselftest-vsyscall-mode-native/filesystems
* kselftest-vsyscall-mode-native/net
* kselftest-vsyscall-mode-none
* kselftest-vsyscall-mode-none/drivers
* kselftest-vsyscall-mode-none/filesystems
* kselftest-vsyscall-mode-none/net
--
Linaro LKFT
https://lkft.linaro.org
On 09/06/2020 18:45, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.7.2 release.
> There are 24 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 11 Jun 2020 17:41:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.7.2-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.7.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests are passing for Tegra ...
Test results for stable-v5.7:
11 builds: 11 pass, 0 fail
26 boots: 26 pass, 0 fail
50 tests: 50 pass, 0 fail
Linux version: 5.7.2-rc1-g00f7cc67908b
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra20-ventana,
tegra210-p2371-2180, tegra210-p3450-0000,
tegra30-cardhu-a04
Cheers
Jon
--
nvpublic
On Wed, Jun 10, 2020 at 12:30:28PM +0100, Jon Hunter wrote:
>
> On 09/06/2020 18:45, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.7.2 release.
> > There are 24 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Thu, 11 Jun 2020 17:41:38 +0000.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.7.2-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.7.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
> All tests are passing for Tegra ...
>
> Test results for stable-v5.7:
> 11 builds: 11 pass, 0 fail
> 26 boots: 26 pass, 0 fail
> 50 tests: 50 pass, 0 fail
>
> Linux version: 5.7.2-rc1-g00f7cc67908b
> Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
> tegra194-p2972-0000, tegra20-ventana,
> tegra210-p2371-2180, tegra210-p3450-0000,
> tegra30-cardhu-a04
Wonderful, thanks for testing all of these and letting me know.
greg k-h
On 6/9/20 11:45 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.7.2 release.
> There are 24 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 11 Jun 2020 17:41:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.7.2-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.7.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
thanks,
-- Shuah
On Tue, Jun 09, 2020 at 07:45:31PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.7.2 release.
> There are 24 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 11 Jun 2020 17:41:38 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 155 pass: 155 fail: 0
Qemu test results:
total: 431 pass: 431 fail: 0
Guenter
On Wed, Jun 10, 2020 at 11:47:30AM +0530, Naresh Kamboju wrote:
> On Tue, 9 Jun 2020 at 23:25, Greg Kroah-Hartman
> <[email protected]> wrote:
> >
> > This is the start of the stable review cycle for the 5.7.2 release.
> > There are 24 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Thu, 11 Jun 2020 17:41:38 +0000.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.7.2-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.7.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
> Results from Linaro’s test farm.
> No regressions on arm64, arm, x86_64, and i386.
Thanks for testing all of these and letting me know.
greg k-h
On Wed, Jun 10, 2020 at 12:11:33PM -0700, Guenter Roeck wrote:
> On Tue, Jun 09, 2020 at 07:45:31PM +0200, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.7.2 release.
> > There are 24 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Thu, 11 Jun 2020 17:41:38 +0000.
> > Anything received after that time might be too late.
> >
>
> Build results:
> total: 155 pass: 155 fail: 0
> Qemu test results:
> total: 431 pass: 431 fail: 0
Thanks for testing all of these and letting me know.
greg k-h