This is the start of the stable review cycle for the 5.19.15 release.
There are 48 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 12 Oct 2022 07:03:19 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.19.15-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 5.19.15-rc1
Tetsuo Handa <[email protected]>
Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works
Jules Irenge <[email protected]>
bpf: Fix resetting logic for unreferenced kptrs
Daniel Golle <[email protected]>
net: ethernet: mtk_eth_soc: fix state in __mtk_foe_entry_clear
Kumar Kartikeya Dwivedi <[email protected]>
bpf: Gate dynptr API behind CAP_BPF
Krzysztof Kozlowski <[email protected]>
rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
Brian Norris <[email protected]>
mmc: core: Terminate infinite loop in SD-UHS voltage switch
ChanWoo Lee <[email protected]>
mmc: core: Replace with already defined values for readability
Mario Limonciello <[email protected]>
gpiolib: acpi: Add a quirk for Asus UM325UAZ
Mario Limonciello <[email protected]>
gpiolib: acpi: Add support to ignore programming an interrupt
Johan Hovold <[email protected]>
USB: serial: ftdi_sio: fix 300 bps rate for SIO
Tadeusz Struk <[email protected]>
usb: mon: make mmapped memory read only
Zhang Qilong <[email protected]>
i2c: davinci: fix PM disable depth imbalance in davinci_i2c_probe
Al Viro <[email protected]>
don't use __kernel_write() on kmap_local_page()
Kan Liang <[email protected]>
perf/x86/intel: Fix unchecked MSR access error for Alder Lake N
Dmytro Laktyushkin <[email protected]>
drm/amd/display: increase dcn315 pstate change latency
Cruise Hung <[email protected]>
drm/amd/display: Fix DP MST timeslot issue when fallback happened
zhikzhai <[email protected]>
drm/amd/display: skip audio setup when audio stream is enabled
Hugo Hu <[email protected]>
drm/amd/display: update gamut remap if plane has changed
Michael Strauss <[email protected]>
drm/amd/display: Assume an LTTPR is always present on fixed_vs links
Leo Li <[email protected]>
drm/amd/display: Fix double cursor on non-video RGB MPO
Janis Schoetterl-Glausch <[email protected]>
KVM: s390: Pass initialized arg even if unused
Jianglei Nie <[email protected]>
net: atlantic: fix potential memory leak in aq_ndev_close()
David Gow <[email protected]>
arch: um: Mark the stack non-executable to fix a binutils warning
Linus Walleij <[email protected]>
gpio: ftgpio010: Make irqchip immutable
Lukas Straub <[email protected]>
um: Cleanup compiler warning in arch/x86/um/tls_32.c
Lukas Straub <[email protected]>
um: Cleanup syscall_handler_t cast in syscalls_32.h
Jaroslav Kysela <[email protected]>
ALSA: hda/hdmi: Fix the converter reuse for the silent stream
Oleksandr Mazur <[email protected]>
net: marvell: prestera: add support for for Aldrin2
Haimin Zhang <[email protected]>
net/ieee802154: fix uninit value bug in dgram_sendmsg
Letu Ren <[email protected]>
scsi: qedf: Fix a UAF bug in __qedf_probe()
Yifan Zhang <[email protected]>
drm/amdgpu/mes: zero the sdma_hqd_mask of 2nd SDMA engine for SDMA 6.0.1
Sergei Antonov <[email protected]>
ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
Jason A. Donenfeld <[email protected]>
wifi: iwlwifi: don't spam logs with NSS>2 messages
Swati Agarwal <[email protected]>
dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure
Swati Agarwal <[email protected]>
dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
Swati Agarwal <[email protected]>
dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
Frank Wunderlich <[email protected]>
arm64: dts: rockchip: fix upper usb port on BPI-R2-Pro
Cristian Marussi <[email protected]>
firmware: arm_scmi: Add SCMI PM driver remove routine
Cristian Marussi <[email protected]>
firmware: arm_scmi: Harden accesses to the sensor domains
Cristian Marussi <[email protected]>
firmware: arm_scmi: Improve checks in the info_get operations
Dongliang Mu <[email protected]>
fs: fix UAF/GPF bug in nilfs_mdt_destroy
Mikulas Patocka <[email protected]>
provide arch_test_bit_acquire for architectures that define test_bit
Mikulas Patocka <[email protected]>
wait_on_bit: add an acquire memory barrier
Jalal Mostafa <[email protected]>
xsk: Inherit need_wakeup flag for shared sockets
Shuah Khan <[email protected]>
docs: update mediator information in CoC docs
Kees Cook <[email protected]>
hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
Sami Tolvanen <[email protected]>
Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
Bart Van Assche <[email protected]>
sparc: Unbreak the build
-------------
Diffstat:
.../devicetree/bindings/dma/moxa,moxart-dma.txt | 4 +--
.../process/code-of-conduct-interpretation.rst | 2 +-
Makefile | 8 ++---
arch/alpha/include/asm/bitops.h | 7 ++++
arch/arm/boot/dts/moxart-uc7112lx.dts | 2 +-
arch/arm/boot/dts/moxart.dtsi | 4 +--
arch/arm64/boot/dts/rockchip/rk3568-bpi-r2-pro.dts | 2 +-
arch/hexagon/include/asm/bitops.h | 15 ++++++++
arch/ia64/include/asm/bitops.h | 7 ++++
arch/m68k/include/asm/bitops.h | 6 ++++
arch/s390/include/asm/bitops.h | 7 ++++
arch/s390/kvm/gaccess.c | 16 +++++++--
arch/sh/include/asm/bitops-op32.h | 7 ++++
arch/sparc/include/asm/smp_32.h | 15 ++++----
arch/sparc/kernel/leon_smp.c | 12 ++++---
arch/sparc/kernel/sun4d_smp.c | 12 ++++---
arch/sparc/kernel/sun4m_smp.c | 10 +++---
arch/sparc/mm/srmmu.c | 29 +++++++--------
arch/um/Makefile | 8 +++++
arch/x86/events/intel/core.c | 40 ++++++++++++++++++++-
arch/x86/events/intel/ds.c | 9 +++--
arch/x86/events/perf_event.h | 2 ++
arch/x86/include/asm/bitops.h | 21 +++++++++++
arch/x86/um/shared/sysdep/syscalls_32.h | 5 ++-
arch/x86/um/tls_32.c | 6 ----
arch/x86/um/vdso/Makefile | 2 +-
drivers/dma/xilinx/xilinx_dma.c | 21 ++++++-----
drivers/firmware/arm_scmi/clock.c | 6 +++-
drivers/firmware/arm_scmi/scmi_pm_domain.c | 20 +++++++++++
drivers/firmware/arm_scmi/sensors.c | 25 ++++++++++---
drivers/gpio/gpio-ftgpio010.c | 22 +++++++-----
drivers/gpio/gpiolib-acpi.c | 38 +++++++++++++++++---
drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 3 ++
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +++++--
.../amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c | 22 +++++++-----
drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c | 16 ++++++++-
.../amd/display/dc/dce110/dce110_hw_sequencer.c | 6 ++--
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 1 +
drivers/i2c/busses/i2c-davinci.c | 3 +-
drivers/mmc/core/sd.c | 3 +-
drivers/net/ethernet/aquantia/atlantic/aq_main.c | 3 --
.../net/ethernet/marvell/prestera/prestera_pci.c | 1 +
drivers/net/ethernet/mediatek/mtk_ppe.c | 2 +-
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 +--
drivers/rpmsg/qcom_glink_native.c | 2 +-
drivers/rpmsg/qcom_smd.c | 4 +--
drivers/scsi/qedf/qedf_main.c | 5 ---
drivers/usb/mon/mon_bin.c | 5 +++
drivers/usb/serial/ftdi_sio.c | 3 +-
fs/coredump.c | 38 +++++++++++++++++---
fs/inode.c | 7 ++--
fs/internal.h | 3 ++
fs/read_write.c | 22 +++++++-----
.../asm-generic/bitops/instrumented-non-atomic.h | 12 +++++++
include/asm-generic/bitops/non-atomic.h | 14 ++++++++
include/linux/buffer_head.h | 2 +-
include/linux/scmi_protocol.h | 4 +--
include/linux/wait_bit.h | 8 ++---
include/net/ieee802154_netdev.h | 37 +++++++++++++++++++
include/net/xsk_buff_pool.h | 2 +-
kernel/bpf/helpers.c | 28 +++++++--------
kernel/bpf/syscall.c | 2 +-
kernel/sched/wait_bit.c | 2 +-
net/bluetooth/hci_core.c | 15 ++++++--
net/bluetooth/hci_event.c | 6 ++--
net/ieee802154/socket.c | 42 ++++++++++++----------
net/xdp/xsk.c | 4 +--
net/xdp/xsk_buff_pool.c | 5 +--
scripts/Makefile.extrawarn | 1 +
security/Kconfig.hardening | 14 +++++---
sound/pci/hda/patch_hdmi.c | 1 +
71 files changed, 559 insertions(+), 195 deletions(-)
From: Letu Ren <[email protected]>
[ Upstream commit fbfe96869b782364caebae0445763969ddb6ea67 ]
In __qedf_probe(), if qedf->cdev is NULL which means
qed_ops->common->probe() failed, then the program will goto label err1, and
scsi_host_put() will free lport->host pointer. Because the memory qedf
points to is allocated by libfc_host_alloc(), it will be freed by
scsi_host_put(). However, the if statement below label err0 only checks
whether qedf is NULL but doesn't check whether the memory has been freed.
So a UAF bug can occur.
There are two ways to reach the statements below err0. The first one is
described as before, "qedf" should be set to NULL. The second one is goto
"err0" directly. In the latter scenario qedf hasn't been changed and it has
the initial value NULL. As a result the if statement is not reachable in
any situation.
The KASAN logs are as follows:
[ 2.312969] BUG: KASAN: use-after-free in __qedf_probe+0x5dcf/0x6bc0
[ 2.312969]
[ 2.312969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[ 2.312969] Call Trace:
[ 2.312969] dump_stack_lvl+0x59/0x7b
[ 2.312969] print_address_description+0x7c/0x3b0
[ 2.312969] ? __qedf_probe+0x5dcf/0x6bc0
[ 2.312969] __kasan_report+0x160/0x1c0
[ 2.312969] ? __qedf_probe+0x5dcf/0x6bc0
[ 2.312969] kasan_report+0x4b/0x70
[ 2.312969] ? kobject_put+0x25d/0x290
[ 2.312969] kasan_check_range+0x2ca/0x310
[ 2.312969] __qedf_probe+0x5dcf/0x6bc0
[ 2.312969] ? selinux_kernfs_init_security+0xdc/0x5f0
[ 2.312969] ? trace_rpm_return_int_rcuidle+0x18/0x120
[ 2.312969] ? rpm_resume+0xa5c/0x16e0
[ 2.312969] ? qedf_get_generic_tlv_data+0x160/0x160
[ 2.312969] local_pci_probe+0x13c/0x1f0
[ 2.312969] pci_device_probe+0x37e/0x6c0
Link: https://lore.kernel.org/r/[email protected]
Reported-by: Zheyu Ma <[email protected]>
Acked-by: Saurav Kashyap <[email protected]>
Co-developed-by: Wende Tan <[email protected]>
Signed-off-by: Wende Tan <[email protected]>
Signed-off-by: Letu Ren <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/scsi/qedf/qedf_main.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c
index 3d6b137314f3..bbc4d5890ae6 100644
--- a/drivers/scsi/qedf/qedf_main.c
+++ b/drivers/scsi/qedf/qedf_main.c
@@ -3686,11 +3686,6 @@ static int __qedf_probe(struct pci_dev *pdev, int mode)
err1:
scsi_host_put(lport->host);
err0:
- if (qedf) {
- QEDF_INFO(&qedf->dbg_ctx, QEDF_LOG_DISC, "Probe done.\n");
-
- clear_bit(QEDF_PROBING, &qedf->flags);
- }
return rc;
}
--
2.35.1
From: Lukas Straub <[email protected]>
[ Upstream commit d27fff3499671dc23a08efd01cdb8b3764a391c4 ]
arch.tls_array is statically allocated so checking for NULL doesn't
make sense. This causes the compiler warning below.
Remove the checks to silence these warnings.
../arch/x86/um/tls_32.c: In function 'get_free_idx':
../arch/x86/um/tls_32.c:68:13: warning: the comparison will always evaluate as 'true' for the address of 'tls_array' will never be NULL [-Waddress]
68 | if (!t->arch.tls_array)
| ^
In file included from ../arch/x86/um/asm/processor.h:10,
from ../include/linux/rcupdate.h:30,
from ../include/linux/rculist.h:11,
from ../include/linux/pid.h:5,
from ../include/linux/sched.h:14,
from ../arch/x86/um/tls_32.c:7:
../arch/x86/um/asm/processor_32.h:22:31: note: 'tls_array' declared here
22 | struct uml_tls_struct tls_array[GDT_ENTRY_TLS_ENTRIES];
| ^~~~~~~~~
../arch/x86/um/tls_32.c: In function 'get_tls_entry':
../arch/x86/um/tls_32.c:243:13: warning: the comparison will always evaluate as 'true' for the address of 'tls_array' will never be NULL [-Waddress]
243 | if (!t->arch.tls_array)
| ^
../arch/x86/um/asm/processor_32.h:22:31: note: 'tls_array' declared here
22 | struct uml_tls_struct tls_array[GDT_ENTRY_TLS_ENTRIES];
| ^~~~~~~~~
Signed-off-by: Lukas Straub <[email protected]>
Acked-by: Randy Dunlap <[email protected]> # build-tested
Signed-off-by: Richard Weinberger <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
arch/x86/um/tls_32.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/arch/x86/um/tls_32.c b/arch/x86/um/tls_32.c
index ac8eee093f9c..66162eafd8e8 100644
--- a/arch/x86/um/tls_32.c
+++ b/arch/x86/um/tls_32.c
@@ -65,9 +65,6 @@ static int get_free_idx(struct task_struct* task)
struct thread_struct *t = &task->thread;
int idx;
- if (!t->arch.tls_array)
- return GDT_ENTRY_TLS_MIN;
-
for (idx = 0; idx < GDT_ENTRY_TLS_ENTRIES; idx++)
if (!t->arch.tls_array[idx].present)
return idx + GDT_ENTRY_TLS_MIN;
@@ -240,9 +237,6 @@ static int get_tls_entry(struct task_struct *task, struct user_desc *info,
{
struct thread_struct *t = &task->thread;
- if (!t->arch.tls_array)
- goto clear;
-
if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
return -EINVAL;
--
2.35.1
On Mon, 10 Oct 2022 at 12:36, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 5.19.15 release.
> There are 48 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 12 Oct 2022 07:03:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.19.15-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro's test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <[email protected]>
NOTE:
1) Build warning which were reported on last round of stable rc review
Following build warning found on few arm configs which do not set Kconfig
# CONFIG_ELF_CORE is not set
- powerpc: tqm8xx_defconfig
- arm: keystone_defconfig and omap1_defconfig
- mips: ar7_defconfig
fs/coredump.c:835:12: warning: 'dump_emit_page' defined but not used
[-Wunused-function]
835 | static int dump_emit_page(struct coredump_params *cprm, struct
page *page)
| ^~~~~~~~~~~~~~
## Build
* kernel: 5.19.15-rc1
* git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
* git branch: linux-5.19.y
* git commit: 2e79dbde2710b3939943c5d2ea3028329b820e9f
* git describe: v5.19.14-49-g2e79dbde2710
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.19.y/build/v5.19.14-49-g2e79dbde2710
## Test Regressions (compared to v5.19.12-110-g30c780ac0f9f)
## Metric Regressions (compared to v5.19.12-110-g30c780ac0f9f)
## Test Fixes (compared to v5.19.12-110-g30c780ac0f9f)
## Metric Fixes (compared to v5.19.12-110-g30c780ac0f9f)
## Test result summary
total: 112321, pass: 100742, fail: 732, skip: 10568, xfail: 279
## Build Summary
* arc: 10 total, 10 passed, 0 failed
* arm: 339 total, 336 passed, 3 failed
* arm64: 72 total, 70 passed, 2 failed
* i386: 61 total, 55 passed, 6 failed
* mips: 62 total, 59 passed, 3 failed
* parisc: 14 total, 14 passed, 0 failed
* powerpc: 75 total, 66 passed, 9 failed
* riscv: 32 total, 27 passed, 5 failed
* s390: 26 total, 24 passed, 2 failed
* sh: 26 total, 24 passed, 2 failed
* sparc: 14 total, 14 passed, 0 failed
* x86_64: 65 total, 63 passed, 2 failed
## Test suites summary
* fwts
* igt-gpu-tools
* kunit
* kvm-unit-tests
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-test
* ltp-cap_bounds
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-cpuhotplug
* ltp-crypto
* ltp-cve
* ltp-dio
* ltp-fcntl-locktests
* ltp-filecaps
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-fsx
* ltp-hugetlb
* ltp-io
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-open-posix-tests
* ltp-pty
* ltp-sched
* ltp-securebits
* ltp-smoke
* ltp-syscalls
* ltp-tracing
* network-basic-tests
* packetdrill
* rcutorture
* v4l2-compliance
* vdso
--
Linaro LKFT
https://lkft.linaro.org
On Mon, Oct 10, 2022 at 09:04:58AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.19.15 release.
> There are 48 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 12 Oct 2022 07:03:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.19.15-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Tested rc1 against the Fedora build system (aarch64, armv7, ppc64le,
s390x, x86_64), and boot tested x86_64. No regressions noted.
Tested-by: Justin M. Forbes <[email protected]>
On 10/10/22 00:04, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.19.15 release.
> There are 48 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 12 Oct 2022 07:03:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.19.15-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels, build tested on
BMIPS_GENERIC:
Tested-by: Florian Fainelli <[email protected]>
--
Florian
On 10/10/22 01:04, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.19.15 release.
> There are 48 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 12 Oct 2022 07:03:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.19.15-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <[email protected]>
thanks,
-- Shuah
On Mon, Oct 10, 2022 at 09:04:58AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.19.15 release.
> There are 48 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
Successfully cross-compiled for arm64 (bcm2711_defconfig, GCC 10.2.0) and
powerpc (ps3_defconfig, GCC 12.1.0).
Tested-by: Bagas Sanjaya <[email protected]>
--
An old man doll... just what I always wanted! - Clara