This is the start of the stable review cycle for the 5.10.109 release.
There are 38 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sun, 27 Mar 2022 15:04:08 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.109-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 5.10.109-rc1
Arnd Bergmann <[email protected]>
nds32: fix access_ok() checks in get/put_user
Bryan O'Donoghue <[email protected]>
wcn36xx: Differentiate wcn3660 from wcn3620
James Bottomley <[email protected]>
tpm: use try_get_ops() in tpm-space.c
Linus Lüssing <[email protected]>
mac80211: fix potential double free on mesh join
Paul E. McKenney <[email protected]>
rcu: Don't deboost before reporting expedited quiescent state
Brian Norris <[email protected]>
Revert "ath: add support for special 0x0 regulatory domain"
Giovanni Cabiddu <[email protected]>
crypto: qat - disable registration of algorithms
Werner Sembach <[email protected]>
ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
Maximilian Luz <[email protected]>
ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
Mark Cilissen <[email protected]>
ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
Pablo Neira Ayuso <[email protected]>
netfilter: nf_tables: initialize registers in nft_do_chain()
Stephane Graber <[email protected]>
drivers: net: xgene: Fix regression in CRC stripping
Giacomo Guiduzzi <[email protected]>
ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
Jonathan Teh <[email protected]>
ALSA: cmipci: Restore aux vol on suspend/resume
Lars-Peter Clausen <[email protected]>
ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
Takashi Iwai <[email protected]>
ALSA: pcm: Add stream lock during PCM reset ioctl operations
Takashi Iwai <[email protected]>
ALSA: pcm: Fix races among concurrent prealloc proc writes
Takashi Iwai <[email protected]>
ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
Takashi Iwai <[email protected]>
ALSA: pcm: Fix races among concurrent read/write and buffer changes
Takashi Iwai <[email protected]>
ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
Jason Zheng <[email protected]>
ALSA: hda/realtek: Add quirk for ASUS GA402
huangwenhui <[email protected]>
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
Tim Crawford <[email protected]>
ALSA: hda/realtek: Add quirk for Clevo NP50PNJ
Tim Crawford <[email protected]>
ALSA: hda/realtek: Add quirk for Clevo NP70PNJ
Reza Jahanbakhshi <[email protected]>
ALSA: usb-audio: add mapping for new Corsair Virtuoso SE
Takashi Iwai <[email protected]>
ALSA: oss: Fix PCM OSS buffer allocation overflow
Takashi Iwai <[email protected]>
ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
Halil Pasic <[email protected]>
swiotlb: rework "fix info leak with DMA_FROM_DEVICE"
Halil Pasic <[email protected]>
swiotlb: fix info leak with DMA_FROM_DEVICE
Eric Dumazet <[email protected]>
llc: fix netdevice reference leaks in llc_ui_bind()
Oliver Graute <[email protected]>
staging: fbtft: fb_st7789v: reset display before initialization
Tadeusz Struk <[email protected]>
tpm: Fix error handling in async work
Michal Koutný <[email protected]>
cgroup-v1: Correct privileges check in release_agent writes
Tejun Heo <[email protected]>
cgroup: Use open-time cgroup namespace for process migration perm checks
Tejun Heo <[email protected]>
cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
Chen Li <[email protected]>
exfat: avoid incorrectly releasing for root inode
Tadeusz Struk <[email protected]>
net: ipv6: fix skb_over_panic in __ip6_append_data
Jordy Zomer <[email protected]>
nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
-------------
Diffstat:
Makefile | 4 +-
arch/nds32/include/asm/uaccess.h | 22 ++++--
arch/x86/kernel/acpi/boot.c | 24 ++++++
drivers/acpi/battery.c | 12 +++
drivers/acpi/video_detect.c | 75 ++++++++++++++++++
drivers/char/tpm/tpm-dev-common.c | 8 +-
drivers/char/tpm/tpm2-space.c | 8 +-
drivers/crypto/qat/qat_common/qat_crypto.c | 8 ++
drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 12 +--
drivers/net/wireless/ath/regd.c | 10 +--
drivers/net/wireless/ath/wcn36xx/main.c | 3 +
drivers/net/wireless/ath/wcn36xx/wcn36xx.h | 1 +
drivers/nfc/st21nfca/se.c | 10 +++
drivers/staging/fbtft/fb_st7789v.c | 2 +
fs/exfat/super.c | 2 +-
include/sound/pcm.h | 1 +
kernel/cgroup/cgroup-internal.h | 19 +++++
kernel/cgroup/cgroup-v1.c | 32 ++++----
kernel/cgroup/cgroup.c | 84 +++++++++++++-------
kernel/dma/swiotlb.c | 24 ++++--
kernel/rcu/tree_plugin.h | 9 ++-
net/ipv6/ip6_output.c | 4 +-
net/llc/af_llc.c | 8 ++
net/mac80211/cfg.c | 3 -
net/netfilter/nf_tables_core.c | 2 +-
sound/core/oss/pcm_oss.c | 12 ++-
sound/core/oss/pcm_plugin.c | 5 +-
sound/core/pcm.c | 2 +
sound/core/pcm_lib.c | 4 +
sound/core/pcm_memory.c | 11 ++-
sound/core/pcm_native.c | 97 +++++++++++++++---------
sound/pci/ac97/ac97_codec.c | 4 +-
sound/pci/cmipci.c | 3 +-
sound/pci/hda/patch_realtek.c | 4 +
sound/soc/sti/uniperif_player.c | 6 +-
sound/soc/sti/uniperif_reader.c | 2 +-
sound/usb/mixer_maps.c | 10 +++
sound/usb/mixer_quirks.c | 7 +-
38 files changed, 414 insertions(+), 140 deletions(-)
From: Takashi Iwai <[email protected]>
commit dca947d4d26dbf925a64a6cfb2ddbc035e831a3d upstream.
In the current PCM design, the read/write syscalls (as well as the
equivalent ioctls) are allowed before the PCM stream is running, that
is, at PCM PREPARED state. Meanwhile, we also allow to re-issue
hw_params and hw_free ioctl calls at the PREPARED state that may
change or free the buffers, too. The problem is that there is no
protection against those mix-ups.
This patch applies the previously introduced runtime->buffer_mutex to
the read/write operations so that the concurrent hw_params or hw_free
call can no longer interfere during the operation. The mutex is
unlocked before scheduling, so we don't take it too long.
Cc: <[email protected]>
Reviewed-by: Jaroslav Kysela <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/core/pcm_lib.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/sound/core/pcm_lib.c
+++ b/sound/core/pcm_lib.c
@@ -1871,9 +1871,11 @@ static int wait_for_avail(struct snd_pcm
if (avail >= runtime->twake)
break;
snd_pcm_stream_unlock_irq(substream);
+ mutex_unlock(&runtime->buffer_mutex);
tout = schedule_timeout(wait_time);
+ mutex_lock(&runtime->buffer_mutex);
snd_pcm_stream_lock_irq(substream);
set_current_state(TASK_INTERRUPTIBLE);
switch (runtime->status->state) {
@@ -2167,6 +2169,7 @@ snd_pcm_sframes_t __snd_pcm_lib_xfer(str
nonblock = !!(substream->f_flags & O_NONBLOCK);
+ mutex_lock(&runtime->buffer_mutex);
snd_pcm_stream_lock_irq(substream);
err = pcm_accessible_state(runtime);
if (err < 0)
@@ -2254,6 +2257,7 @@ snd_pcm_sframes_t __snd_pcm_lib_xfer(str
if (xfer > 0 && err >= 0)
snd_pcm_update_state(substream, runtime);
snd_pcm_stream_unlock_irq(substream);
+ mutex_unlock(&runtime->buffer_mutex);
return xfer > 0 ? (snd_pcm_sframes_t)xfer : err;
}
EXPORT_SYMBOL(__snd_pcm_lib_xfer);
From: Takashi Iwai <[email protected]>
commit efb6402c3c4a7c26d97c92d70186424097b6e366 upstream.
We've got syzbot reports hitting INT_MAX overflow at vmalloc()
allocation that is called from snd_pcm_plug_alloc(). Although we
apply the restrictions to input parameters, it's based only on the
hw_params of the underlying PCM device. Since the PCM OSS layer
allocates a temporary buffer for the data conversion, the size may
become unexpectedly large when more channels or higher rates is given;
in the reported case, it went over INT_MAX, hence it hits WARN_ON().
This patch is an attempt to avoid such an overflow and an allocation
for too large buffers. First off, it adds the limit of 1MB as the
upper bound for period bytes. This must be large enough for all use
cases, and we really don't want to handle a larger temporary buffer
than this size. The size check is performed at two places, where the
original period bytes is calculated and where the plugin buffer size
is calculated.
In addition, the driver uses array_size() and array3_size() for
multiplications to catch overflows for the converted period size and
buffer bytes.
Reported-by: [email protected]
Suggested-by: Linus Torvalds <[email protected]>
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/core/oss/pcm_oss.c | 12 ++++++++----
sound/core/oss/pcm_plugin.c | 5 ++++-
2 files changed, 12 insertions(+), 5 deletions(-)
--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -774,6 +774,11 @@ static int snd_pcm_oss_period_size(struc
if (oss_period_size < 16)
return -EINVAL;
+
+ /* don't allocate too large period; 1MB period must be enough */
+ if (oss_period_size > 1024 * 1024)
+ return -ENOMEM;
+
runtime->oss.period_bytes = oss_period_size;
runtime->oss.period_frames = 1;
runtime->oss.periods = oss_periods;
@@ -1042,10 +1047,9 @@ static int snd_pcm_oss_change_params_loc
goto failure;
}
#endif
- oss_period_size *= oss_frame_size;
-
- oss_buffer_size = oss_period_size * runtime->oss.periods;
- if (oss_buffer_size < 0) {
+ oss_period_size = array_size(oss_period_size, oss_frame_size);
+ oss_buffer_size = array_size(oss_period_size, runtime->oss.periods);
+ if (oss_buffer_size <= 0) {
err = -EINVAL;
goto failure;
}
--- a/sound/core/oss/pcm_plugin.c
+++ b/sound/core/oss/pcm_plugin.c
@@ -61,7 +61,10 @@ static int snd_pcm_plugin_alloc(struct s
}
if ((width = snd_pcm_format_physical_width(format->format)) < 0)
return width;
- size = frames * format->channels * width;
+ size = array3_size(frames, format->channels, width);
+ /* check for too large period size once again */
+ if (size > 1024 * 1024)
+ return -ENOMEM;
if (snd_BUG_ON(size % 8))
return -ENXIO;
size /= 8;
From: James Bottomley <[email protected]>
commit fb5abce6b2bb5cb3d628aaa63fa821da8c4600f9 upstream.
As part of the series conversion to remove nested TPM operations:
https://lore.kernel.org/all/[email protected]/
exposure of the chip->tpm_mutex was removed from much of the upper
level code. In this conversion, tpm2_del_space() was missed. This
didn't matter much because it's usually called closely after a
converted operation, so there's only a very tiny race window where the
chip can be removed before the space flushing is done which causes a
NULL deref on the mutex. However, there are reports of this window
being hit in practice, so fix this by converting tpm2_del_space() to
use tpm_try_get_ops(), which performs all the teardown checks before
acquring the mutex.
Cc: [email protected] # 5.4.x
Signed-off-by: James Bottomley <[email protected]>
Reviewed-by: Jarkko Sakkinen <[email protected]>
Signed-off-by: Jarkko Sakkinen <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/char/tpm/tpm2-space.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/char/tpm/tpm2-space.c
+++ b/drivers/char/tpm/tpm2-space.c
@@ -58,12 +58,12 @@ int tpm2_init_space(struct tpm_space *sp
void tpm2_del_space(struct tpm_chip *chip, struct tpm_space *space)
{
- mutex_lock(&chip->tpm_mutex);
- if (!tpm_chip_start(chip)) {
+
+ if (tpm_try_get_ops(chip) == 0) {
tpm2_flush_sessions(chip, space);
- tpm_chip_stop(chip);
+ tpm_put_ops(chip);
}
- mutex_unlock(&chip->tpm_mutex);
+
kfree(space->context_buf);
kfree(space->session_buf);
}
From: Reza Jahanbakhshi <[email protected]>
commit cd94df1795418056a19ff4cb44eadfc18ac99a57 upstream.
New device id for Corsair Virtuoso SE RGB Wireless that currently is not
in the mixer_map. This entry in the mixer_map is necessary in order to
label its mixer appropriately and allow userspace to pick the correct
volume controls. For instance, my own Corsair Virtuoso SE RGB Wireless
headset has this new ID and consequently, the sidetone and volume are not
working correctly without this change.
> sudo lsusb -v | grep -i corsair
Bus 007 Device 011: ID 1b1c:0a40 Corsair CORSAIR VIRTUOSO SE Wireless Gam
idVendor 0x1b1c Corsair
iManufacturer 1 Corsair
iProduct 2 CORSAIR VIRTUOSO SE Wireless Gaming Headset
Signed-off-by: Reza Jahanbakhshi <[email protected]>
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/usb/mixer_maps.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/sound/usb/mixer_maps.c
+++ b/sound/usb/mixer_maps.c
@@ -543,6 +543,16 @@ static const struct usbmix_ctl_map usbmi
.map = scms_usb3318_map,
},
{
+ /* Corsair Virtuoso SE Latest (wired mode) */
+ .id = USB_ID(0x1b1c, 0x0a3f),
+ .map = corsair_virtuoso_map,
+ },
+ {
+ /* Corsair Virtuoso SE Latest (wireless mode) */
+ .id = USB_ID(0x1b1c, 0x0a40),
+ .map = corsair_virtuoso_map,
+ },
+ {
.id = USB_ID(0x30be, 0x0101), /* Schiit Hel */
.ignore_ctl_error = 1,
},
From: Maximilian Luz <[email protected]>
commit 7dacee0b9efc8bd061f097b1a8d4daa6591af0c6 upstream.
For some reason, the Microsoft Surface Go 3 uses the standard ACPI
interface for battery information, but does not use the standard PNP0C0A
HID. Instead it uses MSHW0146 as identifier. Add that ID to the driver
as this seems to work well.
Additionally, the power state is not updated immediately after the AC
has been (un-)plugged, so add the respective quirk for that.
Signed-off-by: Maximilian Luz <[email protected]>
Cc: All applicable <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/acpi/battery.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/drivers/acpi/battery.c
+++ b/drivers/acpi/battery.c
@@ -66,6 +66,10 @@ MODULE_PARM_DESC(cache_time, "cache time
static const struct acpi_device_id battery_device_ids[] = {
{"PNP0C0A", 0},
+
+ /* Microsoft Surface Go 3 */
+ {"MSHW0146", 0},
+
{"", 0},
};
@@ -1171,6 +1175,14 @@ static const struct dmi_system_id bat_dm
DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad"),
},
},
+ {
+ /* Microsoft Surface Go 3 */
+ .callback = battery_notification_delay_quirk,
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Microsoft Corporation"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "Surface Go 3"),
+ },
+ },
{},
};
From: Eric Dumazet <[email protected]>
commit 764f4eb6846f5475f1244767d24d25dd86528a4a upstream.
Whenever llc_ui_bind() and/or llc_ui_autobind()
took a reference on a netdevice but subsequently fail,
they must properly release their reference
or risk the infamous message from unregister_netdevice()
at device dismantle.
unregister_netdevice: waiting for eth0 to become free. Usage count = 3
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <[email protected]>
Reported-by: 赵子轩 <[email protected]>
Reported-by: Stoyan Manolov <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/llc/af_llc.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -311,6 +311,10 @@ static int llc_ui_autobind(struct socket
sock_reset_flag(sk, SOCK_ZAPPED);
rc = 0;
out:
+ if (rc) {
+ dev_put(llc->dev);
+ llc->dev = NULL;
+ }
return rc;
}
@@ -409,6 +413,10 @@ static int llc_ui_bind(struct socket *so
out_put:
llc_sap_put(sap);
out:
+ if (rc) {
+ dev_put(llc->dev);
+ llc->dev = NULL;
+ }
release_sock(sk);
return rc;
}
On Fri 2022-03-25 16:04:44, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.109 release.
> There are 38 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
CIP testing did not find any problems here:
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-5.10.y
Tested-by: Pavel Machek (CIP) <[email protected]>
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
On Fri, 25 Mar 2022 16:04:44 +0100, Greg Kroah-Hartman <[email protected]> wrote:
> This is the start of the stable review cycle for the 5.10.109 release.
> There are 38 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 27 Mar 2022 15:04:08 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.109-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
5.10.109-rc1 Successfully Compiled and booted on my Raspberry PI 4b (8g) (bcm2711)
Tested-by: Fox Chen <[email protected]>
On 3/25/22 08:04, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.109 release.
> There are 38 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 27 Mar 2022 15:04:08 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.109-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
On ARCH_BRCMSTB, using 32-bit and 64-bit ARM kernels:
Tested-by: Florian Fainelli <[email protected]>
--
Florian
On 3/25/22 9:04 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.109 release.
> There are 38 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 27 Mar 2022 15:04:08 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.109-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <[email protected]>
thanks,
-- Shuah
On Fri, 25 Mar 2022 at 20:40, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 5.10.109 release.
> There are 38 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 27 Mar 2022 15:04:08 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.109-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <[email protected]>
## Build
* kernel: 5.10.109-rc1
* git: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
* git branch: linux-5.10.y
* git commit: c02fc5f9e70f4aed2693f783a09af12c2ef87802
* git describe: v5.10.108-39-gc02fc5f9e70f
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.10.y/build/v5.10.108-39-gc02fc5f9e70f
## Test Regressions (compared to v5.10.105)
No test regressions found.
## Metric Regressions (compared to v5.10.105)
No metric regressions found.
## Test Fixes (compared to v5.10.105)
No test fixes found.
## Metric Fixes (compared to v5.10.105)
No metric fixes found.
## Test result summary
total: 95863, pass: 81602, fail: 589, skip: 12715, xfail: 957
## Build Summary
* arc: 10 total, 10 passed, 0 failed
* arm: 291 total, 291 passed, 0 failed
* arm64: 41 total, 41 passed, 0 failed
* hi6220-hikey: 1 total, 1 passed, 0 failed
* i386: 39 total, 39 passed, 0 failed
* juno-r2: 1 total, 1 passed, 0 failed
* mips: 37 total, 37 passed, 0 failed
* parisc: 12 total, 12 passed, 0 failed
* powerpc: 60 total, 51 passed, 9 failed
* riscv: 27 total, 27 passed, 0 failed
* s390: 21 total, 21 passed, 0 failed
* sh: 24 total, 24 passed, 0 failed
* sparc: 12 total, 12 passed, 0 failed
* x86: 1 total, 1 passed, 0 failed
* x86_64: 41 total, 41 passed, 0 failed
## Test suites summary
* fwts
* igt-gpu-tools
* kselftest-android
* kselftest-arm64
* kselftest-bpf
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-drivers
* kselftest-efivarfs
* kselftest-filesystems
* kselftest-firmware
* kselftest-fpu
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-kvm
* kselftest-lib
* kselftest-livepatch
* kselftest-membarrier
* kselftest-memfd
* kselftest-memory-hotplug
* kselftest-mincore
* kselftest-mount
* kselftest-mqueue
* kselftest-net
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-timens
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-vm
* kselftest-x86
* kselftest-zram
* kunit
* kvm-unit-tests
* libgpiod
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-tracing-tests
* network-basic-tests
* packetdrill
* perf
* rcutorture
* ssuite
* v4l2-compliance
* vdso
--
Linaro LKFT
https://lkft.linaro.org
Hi Greg,
On Fri, Mar 25, 2022 at 04:04:44PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.109 release.
> There are 38 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 27 Mar 2022 15:04:08 +0000.
> Anything received after that time might be too late.
Build test:
mips (gcc version 11.2.1 20220314): 63 configs -> no new failure
arm (gcc version 11.2.1 20220314): 105 configs -> no new failure
arm64 (gcc version 11.2.1 20220314): 3 configs -> no failure
x86_64 (gcc version 11.2.1 20220314): 4 configs -> no failure
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
arm64: Booted on rpi4b (4GB model). No regression. [2]
[1]. https://openqa.qa.codethink.co.uk/tests/942
[2]. https://openqa.qa.codethink.co.uk/tests/944
Tested-by: Sudip Mukherjee <[email protected]>
--
Regards
Sudip
On 25/03/22 22.04, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.109 release.
> There are 38 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
Successfully cross-compiled for arm64 (bcm2711_defconfig, gcc 10.2.0) and
powerpc (ps3_defconfig, gcc 11.2.0).
Tested-by: Bagas Sanjaya <[email protected]>
--
An old man doll... just what I always wanted! - Clara
Hi!
> > Can someone check this? AFAICT this is buggy.
> >
> > static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
> > {
> > struct sock *sk = sock->sk;
> > struct llc_sock *llc = llc_sk(sk);
> > struct llc_sap *sap;
> > int rc = -EINVAL;
> >
> > if (!sock_flag(sk, SOCK_ZAPPED))
> > goto out;
> >
> > There are 'goto out's from both before dev_get() and after it,
> > dev_put() will be called with NULL pointer. dev_put() can't handle
> > NULL at least in the old kernels... this is simply confused.
> >
> > Mainline has dev_put_track() there, but I see same confusion.
> >
> > Best regards,
>
> commit 2d327a79ee17 ("llc: only change llc->dev when bind() succeeds"),
> https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=2d327a79ee176930dc72c131a970c891d367c1dc
>
> Should be in mainline on Thursday, LMK if we need to accelerate.
> IDK if anyone enables LLC2.
Thank you, yes, that looks good at the fast glance.
But this patch does more harm than good on its own, so I believe it
should be dropped for now, and only queued when the fixes are
available.
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Hi!
> From: Eric Dumazet <[email protected]>
>
> commit 764f4eb6846f5475f1244767d24d25dd86528a4a upstream.
>
> Whenever llc_ui_bind() and/or llc_ui_autobind()
> took a reference on a netdevice but subsequently fail,
> they must properly release their reference
> or risk the infamous message from unregister_netdevice()
> at device dismantle.
>
> unregister_netdevice: waiting for eth0 to become free. Usage count =
> 3
Can someone check this? AFAICT this is buggy.
static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
{
struct sock *sk = sock->sk;
struct llc_sock *llc = llc_sk(sk);
struct llc_sap *sap;
int rc = -EINVAL;
if (!sock_flag(sk, SOCK_ZAPPED))
goto out;
There are 'goto out's from both before dev_get() and after it,
dev_put() will be called with NULL pointer. dev_put() can't handle
NULL at least in the old kernels... this is simply confused.
Mainline has dev_put_track() there, but I see same confusion.
Best regards,
Pavel
> --- a/net/llc/af_llc.c
> +++ b/net/llc/af_llc.c
> @@ -311,6 +311,10 @@ static int llc_ui_autobind(struct socket
> sock_reset_flag(sk, SOCK_ZAPPED);
> rc = 0;
> out:
> + if (rc) {
> + dev_put(llc->dev);
> + llc->dev = NULL;
> + }
> return rc;
> }
>
> @@ -409,6 +413,10 @@ static int llc_ui_bind(struct socket *so
> out_put:
> llc_sap_put(sap);
> out:
> + if (rc) {
> + dev_put(llc->dev);
> + llc->dev = NULL;
> + }
> release_sock(sk);
> return rc;
> }
>
--
'DENX Software Engineering GmbH, Managing Director: Wolfgang Denk'
'HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany'
On Fri, Mar 25, 2022 at 04:04:44PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.109 release.
> There are 38 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 27 Mar 2022 15:04:08 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 161 pass: 161 fail: 0
Qemu test results:
total: 477 pass: 477 fail: 0
Tested-by: Guenter Roeck <[email protected]>
Guenter
On Sat, Mar 26, 2022 at 01:13:25PM -0700, Jakub Kicinski wrote:
> On Sat, 26 Mar 2022 21:09:22 +0100 Pavel Machek wrote:
> > Can someone check this? AFAICT this is buggy.
> >
> > static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
> > {
> > struct sock *sk = sock->sk;
> > struct llc_sock *llc = llc_sk(sk);
> > struct llc_sap *sap;
> > int rc = -EINVAL;
> >
> > if (!sock_flag(sk, SOCK_ZAPPED))
> > goto out;
> >
> > There are 'goto out's from both before dev_get() and after it,
> > dev_put() will be called with NULL pointer. dev_put() can't handle
> > NULL at least in the old kernels... this is simply confused.
> >
> > Mainline has dev_put_track() there, but I see same confusion.
> >
> > Best regards,
>
> commit 2d327a79ee17 ("llc: only change llc->dev when bind() succeeds"),
> https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=2d327a79ee176930dc72c131a970c891d367c1dc
>
> Should be in mainline on Thursday, LMK if we need to accelerate.
> IDK if anyone enables LLC2.
I'll queue this up now, thanks.
greg k-h
Hi!
> > > > Should be in mainline on Thursday, LMK if we need to accelerate.
> > > > IDK if anyone enables LLC2.
> > >
> > > I'll queue this up now, thanks.
> >
> > As the changelog says, this needs b37a46683739, otherwise there will
> > be oops-es in even more cases.
>
> If you look at the change, I think I already handled that issue. If
> not, please let me know.
I did not notice you making changes there, but no, it is not correct
AFAICT.
# commit 163960a7de1333514c9352deb7c80c6b9fd9abf2
# Author: Eric Dumazet <[email protected]>
# Date: Thu Mar 24 20:58:27 2022 -0700
# llc: only change llc->dev when bind() succeeds
...
# Make sure commit b37a46683739 ("netdevice: add the case if dev is NULL")
# is already present in your trees.
Before b37a46683739, dev_put can't handle NULL.
+++ b/net/llc/af_llc.c
@@ -287,14 +288,14 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
...
- llc->dev = dev_getfirstbyhwtype(&init_net, addr->sllc_arphrd);
- if (!llc->dev)
+ dev = dev_getfirstbyhwtype(&init_net, addr->sllc_arphrd);
+ if (!dev)
goto out;
rc = -EUSERS;
llc->laddr.lsap = llc_ui_autoport();
One of several paths where we goto out with dev==NULL.
@@ -311,10 +317,7 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
sock_reset_flag(sk, SOCK_ZAPPED);
rc = 0;
out:
- if (rc) {
- dev_put(llc->dev);
- llc->dev = NULL;
- }
+ dev_put(dev);
return rc;
}
But dev_put can't handle NULL.
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
On Mon, Mar 28, 2022 at 11:08:30AM +0200, Pavel Machek wrote:
> Hi!
>
> > > > Can someone check this? AFAICT this is buggy.
> > > >
> > > > static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
> > > > {
> > > > struct sock *sk = sock->sk;
> > > > struct llc_sock *llc = llc_sk(sk);
> > > > struct llc_sap *sap;
> > > > int rc = -EINVAL;
> > > >
> > > > if (!sock_flag(sk, SOCK_ZAPPED))
> > > > goto out;
> > > >
> > > > There are 'goto out's from both before dev_get() and after it,
> > > > dev_put() will be called with NULL pointer. dev_put() can't handle
> > > > NULL at least in the old kernels... this is simply confused.
> > > >
> > > > Mainline has dev_put_track() there, but I see same confusion.
> > > >
> > > > Best regards,
> > >
> > > commit 2d327a79ee17 ("llc: only change llc->dev when bind() succeeds"),
> > > https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=2d327a79ee176930dc72c131a970c891d367c1dc
> > >
> > > Should be in mainline on Thursday, LMK if we need to accelerate.
> > > IDK if anyone enables LLC2.
> >
> > I'll queue this up now, thanks.
>
> As the changelog says, this needs b37a46683739, otherwise there will
> be oops-es in even more cases.
If you look at the change, I think I already handled that issue. If
not, please let me know.
thanks,
greg k-h
Hi!
> > > > commit 2d327a79ee17 ("llc: only change llc->dev when bind() succeeds"),
> > > > https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=2d327a79ee176930dc72c131a970c891d367c1dc
> > > >
> > > > Should be in mainline on Thursday, LMK if we need to accelerate.
> > > > IDK if anyone enables LLC2.
> > >
> > > I'll queue this up now, thanks.
> >
> > As the changelog says, this needs b37a46683739, otherwise there will
> > be oops-es in even more cases.
>
> If you look at the change, I think I already handled that issue. If
> not, please let me know.
Actually, AFAICT it will now oops even in the common (non-error) path
in llc_ui_autobind().
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
On Mon, Mar 28, 2022 at 11:31:16AM +0200, Pavel Machek wrote:
> Hi!
>
> > > > > Should be in mainline on Thursday, LMK if we need to accelerate.
> > > > > IDK if anyone enables LLC2.
> > > >
> > > > I'll queue this up now, thanks.
> > >
> > > As the changelog says, this needs b37a46683739, otherwise there will
> > > be oops-es in even more cases.
> >
> > If you look at the change, I think I already handled that issue. If
> > not, please let me know.
>
> I did not notice you making changes there, but no, it is not correct
> AFAICT.
>
> # commit 163960a7de1333514c9352deb7c80c6b9fd9abf2
> # Author: Eric Dumazet <[email protected]>
> # Date: Thu Mar 24 20:58:27 2022 -0700
>
> # llc: only change llc->dev when bind() succeeds
> ...
> # Make sure commit b37a46683739 ("netdevice: add the case if dev is NULL")
> # is already present in your trees.
>
> Before b37a46683739, dev_put can't handle NULL.
>
> +++ b/net/llc/af_llc.c
> @@ -287,14 +288,14 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
> ...
>
> - llc->dev = dev_getfirstbyhwtype(&init_net, addr->sllc_arphrd);
> - if (!llc->dev)
> + dev = dev_getfirstbyhwtype(&init_net, addr->sllc_arphrd);
> + if (!dev)
> goto out;
> rc = -EUSERS;
> llc->laddr.lsap = llc_ui_autoport();
>
> One of several paths where we goto out with dev==NULL.
>
> @@ -311,10 +317,7 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
> sock_reset_flag(sk, SOCK_ZAPPED);
> rc = 0;
> out:
> - if (rc) {
> - dev_put(llc->dev);
> - llc->dev = NULL;
> - }
> + dev_put(dev);
> return rc;
> }
>
>
> But dev_put can't handle NULL.
Ah, missed that one. I'll go queue up b37a46683739 now.
thanks,
greg k-h
Hi!
> > > Can someone check this? AFAICT this is buggy.
> > >
> > > static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
> > > {
> > > struct sock *sk = sock->sk;
> > > struct llc_sock *llc = llc_sk(sk);
> > > struct llc_sap *sap;
> > > int rc = -EINVAL;
> > >
> > > if (!sock_flag(sk, SOCK_ZAPPED))
> > > goto out;
> > >
> > > There are 'goto out's from both before dev_get() and after it,
> > > dev_put() will be called with NULL pointer. dev_put() can't handle
> > > NULL at least in the old kernels... this is simply confused.
> > >
> > > Mainline has dev_put_track() there, but I see same confusion.
> > >
> > > Best regards,
> >
> > commit 2d327a79ee17 ("llc: only change llc->dev when bind() succeeds"),
> > https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=2d327a79ee176930dc72c131a970c891d367c1dc
> >
> > Should be in mainline on Thursday, LMK if we need to accelerate.
> > IDK if anyone enables LLC2.
>
> I'll queue this up now, thanks.
As the changelog says, this needs b37a46683739, otherwise there will
be oops-es in even more cases.
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
On Sat, 26 Mar 2022 21:09:22 +0100 Pavel Machek wrote:
> Can someone check this? AFAICT this is buggy.
>
> static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
> {
> struct sock *sk = sock->sk;
> struct llc_sock *llc = llc_sk(sk);
> struct llc_sap *sap;
> int rc = -EINVAL;
>
> if (!sock_flag(sk, SOCK_ZAPPED))
> goto out;
>
> There are 'goto out's from both before dev_get() and after it,
> dev_put() will be called with NULL pointer. dev_put() can't handle
> NULL at least in the old kernels... this is simply confused.
>
> Mainline has dev_put_track() there, but I see same confusion.
>
> Best regards,
commit 2d327a79ee17 ("llc: only change llc->dev when bind() succeeds"),
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=2d327a79ee176930dc72c131a970c891d367c1dc
Should be in mainline on Thursday, LMK if we need to accelerate.
IDK if anyone enables LLC2.