This is the start of the stable review cycle for the 5.16.6 release.
There are 43 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sun, 06 Feb 2022 09:19:05 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.16.6-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.16.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 5.16.6-rc1
Eric Dumazet <[email protected]>
tcp: add missing tcp_skb_can_collapse() test in tcp_shift_skb_data()
Eric Dumazet <[email protected]>
tcp: fix mem under-charging with zerocopy sendmsg()
Eric Dumazet <[email protected]>
af_packet: fix data-race in packet_setsockopt / packet_setsockopt
Sasha Neftin <[email protected]>
e1000e: Handshake with CSME starts from ADL platforms
Tianchen Ding <[email protected]>
cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
He Fengqing <[email protected]>
bpf: Fix possible race in inc_misses_counter
Alex Elder <[email protected]>
net: ipa: request IPA register values be retained
Eric Dumazet <[email protected]>
rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
Eric Dumazet <[email protected]>
net: sched: fix use-after-free in tc_new_tfilter()
Dan Carpenter <[email protected]>
fanotify: Fix stale file descriptor in copy_event_to_user()
Shyam Sundar S K <[email protected]>
net: amd-xgbe: Fix skb data length underflow
Raju Rangoju <[email protected]>
net: amd-xgbe: ensure to reset the tx_timer_active flag
Karen Sornek <[email protected]>
i40e: Fix reset path while removing the driver
Jedrzej Jagielski <[email protected]>
i40e: Fix reset bw limit when DCB enabled with 1 TC
Georgi Valkov <[email protected]>
ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
Roi Dayan <[email protected]>
net/mlx5e: Avoid implicit modify hdr for decap drop rule
Maor Dickman <[email protected]>
net/mlx5: E-Switch, Fix uninitialized variable modact
Khalid Manaa <[email protected]>
net/mlx5e: Fix broken SKB allocation in HW-GRO
Khalid Manaa <[email protected]>
net/mlx5e: Fix wrong calculation of header index in HW_GRO
Kees Cook <[email protected]>
net/mlx5e: Avoid field-overflowing memcpy()
Roi Dayan <[email protected]>
net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion
Maxim Mikityanskiy <[email protected]>
net/mlx5e: Don't treat small ceil values as unlimited in HTB offload
Dima Chumak <[email protected]>
net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE
Roi Dayan <[email protected]>
net/mlx5e: TC, Reject rules with forward and drop actions
Gal Pressman <[email protected]>
net/mlx5e: Fix module EEPROM query
Maher Sanalla <[email protected]>
net/mlx5: Use del_timer_sync in fw reset flow of halting poll
Maor Dickman <[email protected]>
net/mlx5e: Fix handling of wrong devices during bond netevent
Vlad Buslov <[email protected]>
net/mlx5: Bridge, ensure dev_name is null-terminated
Vlad Buslov <[email protected]>
net/mlx5: Bridge, take rtnl lock in init error handler
Roi Dayan <[email protected]>
net/mlx5e: TC, Reject rules with drop and modify hdr action
Raed Salem <[email protected]>
net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic
Raed Salem <[email protected]>
net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic
J. Bruce Fields <[email protected]>
lockd: fix failure to cleanup client locks
J. Bruce Fields <[email protected]>
lockd: fix server crash on reboot of client holding lock
Miklos Szeredi <[email protected]>
ovl: don't fail copy up if no fileattr support on upper
Jonathan McDowell <[email protected]>
net: phy: Fix qca8081 with speeds lower than 2.5Gb/s
John Hubbard <[email protected]>
Revert "mm/gup: small refactoring: simplify try_grab_page()"
Eric W. Biederman <[email protected]>
cgroup-v1: Require capabilities to set release_agent
Maxime Ripard <[email protected]>
drm/vc4: hdmi: Make sure the device is powered with CEC
Alex Elder <[email protected]>
net: ipa: prevent concurrent replenish
Alex Elder <[email protected]>
net: ipa: use a bitmap for endpoint replenish_enabled
Paolo Abeni <[email protected]>
selftests: mptcp: fix ipv6 routing setup
Lukas Wunner <[email protected]>
PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
-------------
Diffstat:
Makefile | 4 +-
drivers/gpu/drm/vc4/vc4_hdmi.c | 25 ++++++-----
drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 14 +++++-
drivers/net/ethernet/intel/e1000e/netdev.c | 6 ++-
drivers/net/ethernet/intel/i40e/i40e.h | 1 +
drivers/net/ethernet/intel/i40e/i40e_main.c | 31 ++++++++++++-
drivers/net/ethernet/mellanox/mlx5/core/en.h | 6 +--
drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 3 +-
.../net/ethernet/mellanox/mlx5/core/en/rep/bond.c | 32 ++++++-------
.../ethernet/mellanox/mlx5/core/en/rep/bridge.c | 6 ++-
drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h | 5 +++
drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 4 +-
.../mellanox/mlx5/core/en_accel/ipsec_rxtx.c | 13 +++++-
.../mellanox/mlx5/core/en_accel/ipsec_rxtx.h | 9 ++--
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 30 ++++++++-----
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 15 ++++++-
.../net/ethernet/mellanox/mlx5/core/esw/bridge.c | 4 ++
.../mlx5/core/esw/diag/bridge_tracepoint.h | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 2 +-
.../ethernet/mellanox/mlx5/core/lib/fs_chains.c | 9 ++--
drivers/net/ethernet/mellanox/mlx5/core/port.c | 9 ++--
drivers/net/ipa/ipa_endpoint.c | 21 +++++++--
drivers/net/ipa/ipa_endpoint.h | 17 ++++++-
drivers/net/ipa/ipa_power.c | 52 ++++++++++++++++++++++
drivers/net/ipa/ipa_power.h | 7 +++
drivers/net/ipa/ipa_uc.c | 5 +++
drivers/net/phy/at803x.c | 26 +++++------
drivers/net/usb/ipheth.c | 6 +--
drivers/pci/hotplug/pciehp_hpc.c | 7 +--
fs/lockd/svcsubs.c | 18 ++++----
fs/notify/fanotify/fanotify_user.c | 6 +--
fs/overlayfs/copy_up.c | 12 ++++-
kernel/bpf/trampoline.c | 5 ++-
kernel/cgroup/cgroup-v1.c | 14 ++++++
kernel/cgroup/cpuset.c | 3 +-
mm/gup.c | 35 ++++++++++++---
net/core/rtnetlink.c | 6 ++-
net/ipv4/tcp.c | 7 ++-
net/ipv4/tcp_input.c | 2 +
net/packet/af_packet.c | 8 +++-
net/sched/cls_api.c | 11 +++--
tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 ++-
42 files changed, 374 insertions(+), 129 deletions(-)
On 04/02/22 16.22, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.16.6 release.
> There are 43 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
Successfully cross-compiled for arm64 (bcm2711_defconfig from raspberry
pi kernel sources) and ppc64 (ps3_defconfig).
Tested-by: Bagas Sanjaya <[email protected]>
--
An old man doll... just what I always wanted! - Clara
From: Eric Dumazet <[email protected]>
commit c6f6f2444bdbe0079e41914a35081530d0409963 upstream.
While looking at one unrelated syzbot bug, I found the replay logic
in __rtnl_newlink() to potentially trigger use-after-free.
It is better to clear master_dev and m_ops inside the loop,
in case we have to replay it.
Fixes: ba7d49b1f0f8 ("rtnetlink: provide api for getting and setting slave info")
Signed-off-by: Eric Dumazet <[email protected]>
Cc: Jiri Pirko <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/core/rtnetlink.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -3254,8 +3254,8 @@ static int __rtnl_newlink(struct sk_buff
struct nlattr *slave_attr[RTNL_SLAVE_MAX_TYPE + 1];
unsigned char name_assign_type = NET_NAME_USER;
struct nlattr *linkinfo[IFLA_INFO_MAX + 1];
- const struct rtnl_link_ops *m_ops = NULL;
- struct net_device *master_dev = NULL;
+ const struct rtnl_link_ops *m_ops;
+ struct net_device *master_dev;
struct net *net = sock_net(skb->sk);
const struct rtnl_link_ops *ops;
struct nlattr *tb[IFLA_MAX + 1];
@@ -3293,6 +3293,8 @@ replay:
else
dev = NULL;
+ master_dev = NULL;
+ m_ops = NULL;
if (dev) {
master_dev = netdev_master_upper_dev_get(dev);
if (master_dev)
On Fri, Feb 04, 2022 at 10:22:07AM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.16.6 release.
> There are 43 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 06 Feb 2022 09:19:05 +0000.
> Anything received after that time might be too late.
Hi Greg,
5.16.6-rc1 tested.
Run tested on:
- Allwinner H6 (Tanix TX6)
- Intel Tiger Lake x86_64 (nuc11 i7-1165G7)
In addition - build tested on:
- Allwinner A64
- Allwinner H3
- Allwinner H5
- NXP iMX6
- NXP iMX8
- Qualcomm Dragonboard
- Rockchip RK3288
- Rockchip RK3328
- Rockchip RK3399pro
- Samsung Exynos
Tested-by: Rudi Heitbaum <[email protected]>
--
Rudi