This is the start of the stable review cycle for the 5.4.41 release.
There are 90 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 15 May 2020 09:41:20 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.41-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 5.4.41-rc1
Amir Goldstein <[email protected]>
fanotify: merge duplicate events on parent and child
Amir Goldstein <[email protected]>
fsnotify: replace inode pointer with an object id
Christoph Hellwig <[email protected]>
bdi: add a ->dev_name field to struct backing_dev_info
Christoph Hellwig <[email protected]>
bdi: move bdi_dev_name out of line
Yafang Shao <[email protected]>
mm, memcg: fix error return value of mem_cgroup_css_alloc()
Ivan Delalande <[email protected]>
scripts/decodecode: fix trapping instruction formatting
Julia Lawall <[email protected]>
iommu/virtio: Reverse arguments to list_add
Josh Poimboeuf <[email protected]>
objtool: Fix stack offset tracking for indirect CFAs
Arnd Bergmann <[email protected]>
netfilter: nf_osf: avoid passing pointer to local var
Guillaume Nault <[email protected]>
netfilter: nat: never update the UDP checksum when it's 0
Janakarajan Natarajan <[email protected]>
arch/x86/kvm/svm/sev.c: change flag passed to GUP fast in sev_pin_memory()
Suravee Suthikulpanit <[email protected]>
KVM: x86: Fixes posted interrupt check for IRQs delivery modes
Josh Poimboeuf <[email protected]>
x86/unwind/orc: Fix premature unwind stoppage due to IRET frames
Josh Poimboeuf <[email protected]>
x86/unwind/orc: Fix error path for bad ORC entry type
Josh Poimboeuf <[email protected]>
x86/unwind/orc: Prevent unwinding before ORC initialization
Miroslav Benes <[email protected]>
x86/unwind/orc: Don't skip the first frame for inactive tasks
Jann Horn <[email protected]>
x86/entry/64: Fix unwind hints in rewind_stack_do_exit()
Josh Poimboeuf <[email protected]>
x86/entry/64: Fix unwind hints in kernel exit path
Josh Poimboeuf <[email protected]>
x86/entry/64: Fix unwind hints in register clearing code
Xiyu Yang <[email protected]>
batman-adv: Fix refcnt leak in batadv_v_ogm_process
Xiyu Yang <[email protected]>
batman-adv: Fix refcnt leak in batadv_store_throughput_override
Xiyu Yang <[email protected]>
batman-adv: Fix refcnt leak in batadv_show_throughput_override
George Spelvin <[email protected]>
batman-adv: fix batadv_nc_random_weight_tq
Tejun Heo <[email protected]>
iocost: protect iocg->abs_vdebt with iocg->waitq.lock
Vincent Chen <[email protected]>
riscv: set max_pfn to the PFN of the last page
Luis Chamberlain <[email protected]>
coredump: fix crash when umh is disabled
Oscar Carter <[email protected]>
staging: gasket: Check the return value of gasket_get_bar_index()
Luis Henriques <[email protected]>
ceph: demote quotarealm lookup warning to a debug message
Jeff Layton <[email protected]>
ceph: fix endianness bug when handling MDS session feature bits
Henry Willard <[email protected]>
mm: limit boost_watermark on small zones
David Hildenbrand <[email protected]>
mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
Khazhismel Kumykov <[email protected]>
eventpoll: fix missing wakeup for ovflist in ep_poll_callback
Roman Penyaev <[email protected]>
epoll: atomically remove wait entry on wake up
Oleg Nesterov <[email protected]>
ipc/mqueue.c: change __do_notify() to bypass check_kill_permission()
H. Nikolaus Schaller <[email protected]>
drm: ingenic-drm: add MODULE_DEVICE_TABLE
Mark Rutland <[email protected]>
arm64: hugetlb: avoid potential NULL dereference
Marc Zyngier <[email protected]>
KVM: arm64: Fix 32bit PC wrap-around
Marc Zyngier <[email protected]>
KVM: arm: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER
Sean Christopherson <[email protected]>
KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path
Christian Borntraeger <[email protected]>
KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction
Jason A. Donenfeld <[email protected]>
crypto: arch/nhpoly1305 - process in explicit 4k chunks
Steven Rostedt (VMware) <[email protected]>
tracing: Add a vmalloc_sync_mappings() for safe measure
Oliver Neukum <[email protected]>
USB: serial: garmin_gps: add sanity checking for data length
Bryan O'Donoghue <[email protected]>
usb: chipidea: msm: Ensure proper controller reset using role switch API
Oliver Neukum <[email protected]>
USB: uas: add quirk for LaCie 2Big Quadra
Jason Gerecke <[email protected]>
HID: wacom: Report 2nd-gen Intuos Pro S center button status over BT
Alan Stern <[email protected]>
HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
Jason Gerecke <[email protected]>
Revert "HID: wacom: generic: read the number of expected touches on a per collection basis"
Jere Leppänen <[email protected]>
sctp: Fix bundling of SHUTDOWN with COOKIE-ACK
Jason Gerecke <[email protected]>
HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices
Dan Carpenter <[email protected]>
net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del()
Dan Carpenter <[email protected]>
net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx()
Moshe Shemesh <[email protected]>
net/mlx5: Fix command entry leak in Internal Error State
Moshe Shemesh <[email protected]>
net/mlx5: Fix forced completion access non initialized command entry
Erez Shitrit <[email protected]>
net/mlx5: DR, On creation set CQ's arm_db member to right value
Michael Chan <[email protected]>
bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
Michael Chan <[email protected]>
bnxt_en: Return error when allocating zero size context memory.
Michael Chan <[email protected]>
bnxt_en: Improve AER slot reset.
Vasundhara Volam <[email protected]>
bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF.
Michael Chan <[email protected]>
bnxt_en: Fix VF anti-spoof filter setup.
Toke Høiland-Jørgensen <[email protected]>
tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040
Tuong Lien <[email protected]>
tipc: fix partial topology connection closure
Eric Dumazet <[email protected]>
sch_sfq: validate silly quantum values
Eric Dumazet <[email protected]>
sch_choke: avoid potential panic in choke_reset()
Qiushi Wu <[email protected]>
nfp: abm: fix a memory leak bug
Matt Jolly <[email protected]>
net: usb: qmi_wwan: add support for DW5816e
Xiyu Yang <[email protected]>
net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
Xiyu Yang <[email protected]>
net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict()
Anthony Felice <[email protected]>
net: tc35815: Fix phydev supported/advertising mask
Willem de Bruijn <[email protected]>
net: stricter validation of untrusted gso packets
Eric Dumazet <[email protected]>
net_sched: sch_skbprio: add message validation to skbprio_change()
Tariq Toukan <[email protected]>
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
Scott Dial <[email protected]>
net: macsec: preserve ingress frame ordering
Dejin Zheng <[email protected]>
net: macb: fix an issue about leak related system resources
Florian Fainelli <[email protected]>
net: dsa: Do not leave DSA master with NULL netdev_ops
Roman Mashak <[email protected]>
neigh: send protocol value in neighbor create notification
Jiri Pirko <[email protected]>
mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly
David Ahern <[email protected]>
ipv6: Use global sernum for dst validation with nexthop objects
Eric Dumazet <[email protected]>
fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
Julia Lawall <[email protected]>
dp83640: reverse arguments to list_add_tail
Jakub Kicinski <[email protected]>
devlink: fix return value after hitting end in region read
Shubhrajyoti Datta <[email protected]>
tty: xilinx_uartps: Fix missing id assignment to the console
Nicolas Pitre <[email protected]>
vt: fix unicode console freeing with a common interface
Evan Quan <[email protected]>
drm/amdgpu: drop redundant cg/pg ungate on runpm enter
Evan Quan <[email protected]>
drm/amdgpu: move kfd suspend after ip_suspend_phase1
Andy Shevchenko <[email protected]>
net: macb: Fix runtime PM refcounting
Masami Hiramatsu <[email protected]>
tracing/kprobes: Fix a double initialization typo
Sagi Grimberg <[email protected]>
nvme: fix possible hang when ns scanning fails during error recovery
Christoph Hellwig <[email protected]>
nvme: refactor nvme_identify_ns_descs error handling
Matt Jolly <[email protected]>
USB: serial: qcserial: Add DW5816e support
-------------
Diffstat:
Makefile | 4 +-
arch/arm/crypto/nhpoly1305-neon-glue.c | 2 +-
arch/arm64/crypto/nhpoly1305-neon-glue.c | 2 +-
arch/arm64/kvm/guest.c | 7 ++
arch/arm64/mm/hugetlbpage.c | 2 +
arch/riscv/mm/init.c | 3 +-
arch/s390/kvm/priv.c | 4 +-
arch/x86/crypto/nhpoly1305-avx2-glue.c | 2 +-
arch/x86/crypto/nhpoly1305-sse2-glue.c | 2 +-
arch/x86/entry/calling.h | 40 +++----
arch/x86/entry/entry_64.S | 9 +-
arch/x86/include/asm/kvm_host.h | 4 +-
arch/x86/include/asm/unwind.h | 2 +-
arch/x86/kernel/unwind_orc.c | 61 ++++++++---
arch/x86/kvm/svm.c | 2 +-
arch/x86/kvm/vmx/vmenter.S | 3 +
block/blk-iocost.c | 117 +++++++++++++--------
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 +-
drivers/gpu/drm/ingenic/ingenic-drm.c | 1 +
drivers/hid/usbhid/hid-core.c | 37 +++++--
drivers/hid/usbhid/usbhid.h | 1 +
drivers/hid/wacom_sys.c | 4 +-
drivers/hid/wacom_wac.c | 88 ++++------------
drivers/iommu/virtio-iommu.c | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 20 ++--
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 -
drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.h | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 10 +-
drivers/net/ethernet/cadence/macb_main.c | 24 ++---
drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 3 +
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 2 +
drivers/net/ethernet/mellanox/mlx4/main.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 +-
.../ethernet/mellanox/mlx5/core/steering/dr_send.c | 14 ++-
.../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 12 ++-
drivers/net/ethernet/netronome/nfp/abm/main.c | 1 +
drivers/net/ethernet/toshiba/tc35815.c | 2 +-
drivers/net/macsec.c | 3 +-
drivers/net/phy/dp83640.c | 2 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/nvme/host/core.c | 28 +++--
drivers/staging/gasket/gasket_core.c | 4 +
drivers/tty/serial/xilinx_uartps.c | 1 +
drivers/tty/vt/vt.c | 9 +-
drivers/usb/chipidea/ci_hdrc_msm.c | 2 +-
drivers/usb/serial/garmin_gps.c | 4 +-
drivers/usb/serial/qcserial.c | 1 +
drivers/usb/storage/unusual_uas.h | 7 ++
fs/ceph/mds_client.c | 8 +-
fs/ceph/quota.c | 4 +-
fs/coredump.c | 8 ++
fs/eventpoll.c | 61 ++++++-----
fs/notify/fanotify/fanotify.c | 9 +-
fs/notify/inotify/inotify_fsnotify.c | 4 +-
fs/notify/inotify/inotify_user.c | 2 +-
include/linux/backing-dev-defs.h | 1 +
include/linux/backing-dev.h | 9 +-
include/linux/fsnotify_backend.h | 7 +-
include/linux/virtio_net.h | 26 ++++-
include/net/inet_ecn.h | 57 +++++++++-
include/net/ip6_fib.h | 4 +
include/net/net_namespace.h | 7 ++
ipc/mqueue.c | 34 ++++--
kernel/trace/trace.c | 13 +++
kernel/trace/trace_kprobe.c | 2 +-
kernel/umh.c | 5 +
mm/backing-dev.c | 13 ++-
mm/memcontrol.c | 15 +--
mm/page_alloc.c | 9 ++
net/batman-adv/bat_v_ogm.c | 2 +-
net/batman-adv/network-coding.c | 9 +-
net/batman-adv/sysfs.c | 3 +-
net/core/devlink.c | 5 +
net/core/neighbour.c | 6 +-
net/dsa/master.c | 3 +-
net/ipv6/route.c | 25 +++++
net/netfilter/nf_nat_proto.c | 4 +-
net/netfilter/nfnetlink_osf.c | 12 ++-
net/sched/sch_choke.c | 3 +-
net/sched/sch_fq_codel.c | 2 +-
net/sched/sch_sfq.c | 9 ++
net/sched/sch_skbprio.c | 3 +
net/sctp/sm_statefuns.c | 6 +-
net/tipc/topsrv.c | 5 +-
net/tls/tls_sw.c | 7 +-
scripts/decodecode | 2 +-
tools/cgroup/iocost_monitor.py | 7 +-
tools/objtool/check.c | 2 +-
virt/kvm/arm/hyp/aarch32.c | 8 +-
virt/kvm/arm/vgic/vgic-mmio.c | 4 +-
90 files changed, 648 insertions(+), 346 deletions(-)
From: Jason A. Donenfeld <[email protected]>
commit a9a8ba90fa5857c2c8a0e32eef2159cec717da11 upstream.
Rather than chunking via PAGE_SIZE, this commit changes the arch
implementations to chunk in explicit 4k parts, so that calculations on
maximum acceptable latency don't suddenly become invalid on platforms
where PAGE_SIZE isn't 4k, such as arm64.
Fixes: 0f961f9f670e ("crypto: x86/nhpoly1305 - add AVX2 accelerated NHPoly1305")
Fixes: 012c82388c03 ("crypto: x86/nhpoly1305 - add SSE2 accelerated NHPoly1305")
Fixes: a00fa0c88774 ("crypto: arm64/nhpoly1305 - add NEON-accelerated NHPoly1305")
Fixes: 16aae3595a9d ("crypto: arm/nhpoly1305 - add NEON-accelerated NHPoly1305")
Cc: [email protected]
Signed-off-by: Jason A. Donenfeld <[email protected]>
Reviewed-by: Eric Biggers <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/arm/crypto/nhpoly1305-neon-glue.c | 2 +-
arch/arm64/crypto/nhpoly1305-neon-glue.c | 2 +-
arch/x86/crypto/nhpoly1305-avx2-glue.c | 2 +-
arch/x86/crypto/nhpoly1305-sse2-glue.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
--- a/arch/arm/crypto/nhpoly1305-neon-glue.c
+++ b/arch/arm/crypto/nhpoly1305-neon-glue.c
@@ -30,7 +30,7 @@ static int nhpoly1305_neon_update(struct
return crypto_nhpoly1305_update(desc, src, srclen);
do {
- unsigned int n = min_t(unsigned int, srclen, PAGE_SIZE);
+ unsigned int n = min_t(unsigned int, srclen, SZ_4K);
kernel_neon_begin();
crypto_nhpoly1305_update_helper(desc, src, n, _nh_neon);
--- a/arch/arm64/crypto/nhpoly1305-neon-glue.c
+++ b/arch/arm64/crypto/nhpoly1305-neon-glue.c
@@ -30,7 +30,7 @@ static int nhpoly1305_neon_update(struct
return crypto_nhpoly1305_update(desc, src, srclen);
do {
- unsigned int n = min_t(unsigned int, srclen, PAGE_SIZE);
+ unsigned int n = min_t(unsigned int, srclen, SZ_4K);
kernel_neon_begin();
crypto_nhpoly1305_update_helper(desc, src, n, _nh_neon);
--- a/arch/x86/crypto/nhpoly1305-avx2-glue.c
+++ b/arch/x86/crypto/nhpoly1305-avx2-glue.c
@@ -29,7 +29,7 @@ static int nhpoly1305_avx2_update(struct
return crypto_nhpoly1305_update(desc, src, srclen);
do {
- unsigned int n = min_t(unsigned int, srclen, PAGE_SIZE);
+ unsigned int n = min_t(unsigned int, srclen, SZ_4K);
kernel_fpu_begin();
crypto_nhpoly1305_update_helper(desc, src, n, _nh_avx2);
--- a/arch/x86/crypto/nhpoly1305-sse2-glue.c
+++ b/arch/x86/crypto/nhpoly1305-sse2-glue.c
@@ -29,7 +29,7 @@ static int nhpoly1305_sse2_update(struct
return crypto_nhpoly1305_update(desc, src, srclen);
do {
- unsigned int n = min_t(unsigned int, srclen, PAGE_SIZE);
+ unsigned int n = min_t(unsigned int, srclen, SZ_4K);
kernel_fpu_begin();
crypto_nhpoly1305_update_helper(desc, src, n, _nh_sse2);
From: Marc Zyngier <[email protected]>
commit 1c32ca5dc6d00012f0c964e5fdd7042fcc71efb1 upstream.
When deciding whether a guest has to be stopped we check whether this
is a private interrupt or not. Unfortunately, there's an off-by-one bug
here, and we fail to recognize a whole range of interrupts as being
global (GICv2 SPIs 32-63).
Fix the condition from > to be >=.
Cc: [email protected]
Fixes: abd7229626b93 ("KVM: arm/arm64: Simplify active_change_prepare and plug race")
Reported-by: André Przywara <[email protected]>
Signed-off-by: Marc Zyngier <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
virt/kvm/arm/vgic/vgic-mmio.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/virt/kvm/arm/vgic/vgic-mmio.c
+++ b/virt/kvm/arm/vgic/vgic-mmio.c
@@ -389,7 +389,7 @@ static void vgic_mmio_change_active(stru
static void vgic_change_active_prepare(struct kvm_vcpu *vcpu, u32 intid)
{
if (vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3 ||
- intid > VGIC_NR_PRIVATE_IRQS)
+ intid >= VGIC_NR_PRIVATE_IRQS)
kvm_arm_halt_guest(vcpu->kvm);
}
@@ -397,7 +397,7 @@ static void vgic_change_active_prepare(s
static void vgic_change_active_finish(struct kvm_vcpu *vcpu, u32 intid)
{
if (vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3 ||
- intid > VGIC_NR_PRIVATE_IRQS)
+ intid >= VGIC_NR_PRIVATE_IRQS)
kvm_arm_resume_guest(vcpu->kvm);
}
From: Khazhismel Kumykov <[email protected]>
commit 0c54a6a44bf3d41e76ce3f583a6ece267618df2e upstream.
In the event that we add to ovflist, before commit 339ddb53d373
("fs/epoll: remove unnecessary wakeups of nested epoll") we would be
woken up by ep_scan_ready_list, and did no wakeup in ep_poll_callback.
With that wakeup removed, if we add to ovflist here, we may never wake
up. Rather than adding back the ep_scan_ready_list wakeup - which was
resulting in unnecessary wakeups, trigger a wake-up in ep_poll_callback.
We noticed that one of our workloads was missing wakeups starting with
339ddb53d373 and upon manual inspection, this wakeup seemed missing to me.
With this patch added, we no longer see missing wakeups. I haven't yet
tried to make a small reproducer, but the existing kselftests in
filesystem/epoll passed for me with this patch.
[[email protected]: use if/elif instead of goto + cleanup suggested by Roman]
Link: http://lkml.kernel.org/r/[email protected]
Fixes: 339ddb53d373 ("fs/epoll: remove unnecessary wakeups of nested epoll")
Signed-off-by: Khazhismel Kumykov <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Reviewed-by: Roman Penyaev <[email protected]>
Cc: Alexander Viro <[email protected]>
Cc: Roman Penyaev <[email protected]>
Cc: Heiher <[email protected]>
Cc: Jason Baron <[email protected]>
Cc: <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/eventpoll.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -1176,6 +1176,10 @@ static inline bool chain_epi_lockless(st
{
struct eventpoll *ep = epi->ep;
+ /* Fast preliminary check */
+ if (epi->next != EP_UNACTIVE_PTR)
+ return false;
+
/* Check that the same epi has not been just chained from another CPU */
if (cmpxchg(&epi->next, EP_UNACTIVE_PTR, NULL) != EP_UNACTIVE_PTR)
return false;
@@ -1242,16 +1246,12 @@ static int ep_poll_callback(wait_queue_e
* chained in ep->ovflist and requeued later on.
*/
if (READ_ONCE(ep->ovflist) != EP_UNACTIVE_PTR) {
- if (epi->next == EP_UNACTIVE_PTR &&
- chain_epi_lockless(epi))
+ if (chain_epi_lockless(epi))
+ ep_pm_stay_awake_rcu(epi);
+ } else if (!ep_is_linked(epi)) {
+ /* In the usual case, add event to ready list. */
+ if (list_add_tail_lockless(&epi->rdllink, &ep->rdllist))
ep_pm_stay_awake_rcu(epi);
- goto out_unlock;
- }
-
- /* If this file is already in the ready list we exit soon */
- if (!ep_is_linked(epi) &&
- list_add_tail_lockless(&epi->rdllink, &ep->rdllist)) {
- ep_pm_stay_awake_rcu(epi);
}
/*
From: Jann Horn <[email protected]>
commit f977df7b7ca45a4ac4b66d30a8931d0434c394b1 upstream.
The LEAQ instruction in rewind_stack_do_exit() moves the stack pointer
directly below the pt_regs at the top of the task stack before calling
do_exit(). Tell the unwinder to expect pt_regs.
Fixes: 8c1f75587a18 ("x86/entry/64: Add unwind hint annotations")
Reviewed-by: Miroslav Benes <[email protected]>
Signed-off-by: Jann Horn <[email protected]>
Signed-off-by: Josh Poimboeuf <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Dave Jones <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Vince Weaver <[email protected]>
Link: https://lore.kernel.org/r/68c33e17ae5963854916a46f522624f8e1d264f2.1587808742.git.jpoimboe@redhat.com
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/x86/entry/entry_64.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -1740,7 +1740,7 @@ ENTRY(rewind_stack_do_exit)
movq PER_CPU_VAR(cpu_current_top_of_stack), %rax
leaq -PTREGS_SIZE(%rax), %rsp
- UNWIND_HINT_FUNC sp_offset=PTREGS_SIZE
+ UNWIND_HINT_REGS
call do_exit
END(rewind_stack_do_exit)
From: Eric Dumazet <[email protected]>
[ Upstream commit 8738c85c72b3108c9b9a369a39868ba5f8e10ae0 ]
If choke_init() could not allocate q->tab, we would crash later
in choke_reset().
BUG: KASAN: null-ptr-deref in memset include/linux/string.h:366 [inline]
BUG: KASAN: null-ptr-deref in choke_reset+0x208/0x340 net/sched/sch_choke.c:326
Write of size 8 at addr 0000000000000000 by task syz-executor822/7022
CPU: 1 PID: 7022 Comm: syz-executor822 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
__kasan_report.cold+0x5/0x4d mm/kasan/report.c:515
kasan_report+0x33/0x50 mm/kasan/common.c:625
check_memory_region_inline mm/kasan/generic.c:187 [inline]
check_memory_region+0x141/0x190 mm/kasan/generic.c:193
memset+0x20/0x40 mm/kasan/common.c:85
memset include/linux/string.h:366 [inline]
choke_reset+0x208/0x340 net/sched/sch_choke.c:326
qdisc_reset+0x6b/0x520 net/sched/sch_generic.c:910
dev_deactivate_queue.constprop.0+0x13c/0x240 net/sched/sch_generic.c:1138
netdev_for_each_tx_queue include/linux/netdevice.h:2197 [inline]
dev_deactivate_many+0xe2/0xba0 net/sched/sch_generic.c:1195
dev_deactivate+0xf8/0x1c0 net/sched/sch_generic.c:1233
qdisc_graft+0xd25/0x1120 net/sched/sch_api.c:1051
tc_modify_qdisc+0xbab/0x1a00 net/sched/sch_api.c:1670
rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5454
netlink_rcv_skb+0x15a/0x410 net/netlink/af_netlink.c:2469
netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329
netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:672
____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362
___sys_sendmsg+0x100/0x170 net/socket.c:2416
__sys_sendmsg+0xec/0x1b0 net/socket.c:2449
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
Fixes: 77e62da6e60c ("sch_choke: drop all packets in queue during reset")
Signed-off-by: Eric Dumazet <[email protected]>
Reported-by: syzbot <[email protected]>
Cc: Cong Wang <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/sched/sch_choke.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/sched/sch_choke.c
+++ b/net/sched/sch_choke.c
@@ -323,7 +323,8 @@ static void choke_reset(struct Qdisc *sc
sch->q.qlen = 0;
sch->qstats.backlog = 0;
- memset(q->tab, 0, (q->tab_mask + 1) * sizeof(struct sk_buff *));
+ if (q->tab)
+ memset(q->tab, 0, (q->tab_mask + 1) * sizeof(struct sk_buff *));
q->head = q->tail = 0;
red_restart(&q->vars);
}
From: Oliver Neukum <[email protected]>
commit e9b3c610a05c1cdf8e959a6d89c38807ff758ee6 upstream.
We must not process packets shorter than a packet ID
Signed-off-by: Oliver Neukum <[email protected]>
Reported-and-tested-by: [email protected]
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable <[email protected]>
Signed-off-by: Johan Hovold <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/serial/garmin_gps.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/usb/serial/garmin_gps.c
+++ b/drivers/usb/serial/garmin_gps.c
@@ -1138,8 +1138,8 @@ static void garmin_read_process(struct g
send it directly to the tty port */
if (garmin_data_p->flags & FLAGS_QUEUING) {
pkt_add(garmin_data_p, data, data_length);
- } else if (bulk_data ||
- getLayerId(data) == GARMIN_LAYERID_APPL) {
+ } else if (bulk_data || (data_length >= sizeof(u32) &&
+ getLayerId(data) == GARMIN_LAYERID_APPL)) {
spin_lock_irqsave(&garmin_data_p->lock, flags);
garmin_data_p->flags |= APP_RESP_SEEN;
From: Amir Goldstein <[email protected]>
[ Upstream commit f367a62a7cad2447d835a9f14fc63997a9137246 ]
With inotify, when a watch is set on a directory and on its child, an
event on the child is reported twice, once with wd of the parent watch
and once with wd of the child watch without the filename.
With fanotify, when a watch is set on a directory and on its child, an
event on the child is reported twice, but it has the exact same
information - either an open file descriptor of the child or an encoded
fid of the child.
The reason that the two identical events are not merged is because the
object id used for merging events in the queue is the child inode in one
event and parent inode in the other.
For events with path or dentry data, use the victim inode instead of the
watched inode as the object id for event merging, so that the event
reported on parent will be merged with the event reported on the child.
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Amir Goldstein <[email protected]>
Signed-off-by: Jan Kara <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
fs/notify/fanotify/fanotify.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
index 14d0ac4664595..f5d30573f4a99 100644
--- a/fs/notify/fanotify/fanotify.c
+++ b/fs/notify/fanotify/fanotify.c
@@ -314,7 +314,12 @@ struct fanotify_event *fanotify_alloc_event(struct fsnotify_group *group,
if (!event)
goto out;
init: __maybe_unused
- fsnotify_init_event(&event->fse, (unsigned long)inode);
+ /*
+ * Use the victim inode instead of the watching inode as the id for
+ * event queue, so event reported on parent is merged with event
+ * reported on child when both directory and child watches exist.
+ */
+ fsnotify_init_event(&event->fse, (unsigned long)id);
event->mask = mask;
if (FAN_GROUP_FLAG(group, FAN_REPORT_TID))
event->pid = get_pid(task_pid(current));
--
2.20.1
From: Matt Jolly <[email protected]>
[ Upstream commit 57c7f2bd758eed867295c81d3527fff4fab1ed74 ]
Add support for Dell Wireless 5816e to drivers/net/usb/qmi_wwan.c
Signed-off-by: Matt Jolly <[email protected]>
Acked-by: Bjørn Mork <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/usb/qmi_wwan.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -1359,6 +1359,7 @@ static const struct usb_device_id produc
{QMI_FIXED_INTF(0x413c, 0x81b3, 8)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobile Broadband Card (rev3) */
{QMI_FIXED_INTF(0x413c, 0x81b6, 8)}, /* Dell Wireless 5811e */
{QMI_FIXED_INTF(0x413c, 0x81b6, 10)}, /* Dell Wireless 5811e */
+ {QMI_FIXED_INTF(0x413c, 0x81cc, 8)}, /* Dell Wireless 5816e */
{QMI_FIXED_INTF(0x413c, 0x81d7, 0)}, /* Dell Wireless 5821e */
{QMI_FIXED_INTF(0x413c, 0x81d7, 1)}, /* Dell Wireless 5821e preproduction config */
{QMI_FIXED_INTF(0x413c, 0x81e0, 0)}, /* Dell Wireless 5821e with eSIM support*/
On 5/13/20 3:43 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.41 release.
> There are 90 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 15 May 2020 09:41:20 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.41-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
thanks,
-- Shuah