This is the start of the stable review cycle for the 4.9.237 release.
There are 70 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 23 Sep 2020 16:20:12 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.237-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 4.9.237-rc1
Adam Borowski <[email protected]>
x86/defconfig: Enable CONFIG_USB_XHCI_HCD=y
Alexey Kardashevskiy <[email protected]>
powerpc/dma: Fix dma_map_ops::get_required_mask
Quentin Perret <[email protected]>
ehci-hcd: Move include to keep CRC stable
Tobias Diedrich <[email protected]>
serial: 8250_pci: Add Realtek 816a and 816b
Hans de Goede <[email protected]>
Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
Oliver Neukum <[email protected]>
usblp: fix race between disconnect() and read()
Oliver Neukum <[email protected]>
USB: UAS: fix disconnect by unplugging a hub
Penghao <[email protected]>
USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook
Yu Kuai <[email protected]>
drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail
Thomas Bogendoerfer <[email protected]>
MIPS: SNI: Fix spurious interrupts
Tetsuo Handa <[email protected]>
fbcon: Fix user font detection test at fbcon_resize().
Namhyung Kim <[email protected]>
perf test: Free formats for perf pmu parse test
Thomas Bogendoerfer <[email protected]>
MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
Michael Kelley <[email protected]>
Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload
Nathan Chancellor <[email protected]>
clk: rockchip: Fix initialization of mux_pll_src_4plls_p
Evan Nimmo <[email protected]>
i2c: algo: pca: Reapply i2c bus settings after reset
Laurent Pinchart <[email protected]>
rapidio: Replace 'select' DMAENGINES 'with depends on'
J. Bruce Fields <[email protected]>
SUNRPC: stop printk reading past end of string
Vincent Whitchurch <[email protected]>
spi: spi-loopback-test: Fix out-of-bounds read
James Smart <[email protected]>
scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery
Dinghao Liu <[email protected]>
scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
Olga Kornievskaia <[email protected]>
NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall
Miaohe Lin <[email protected]>
net: handle the return value of pskb_carve_frag_list() correctly
Peter Oberparleiter <[email protected]>
gcov: add support for GCC 10.1
Yi Zhang <[email protected]>
RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars
Bart Van Assche <[email protected]>
IB/rxe: Remove a pointless indirection layer
Mathias Nyman <[email protected]>
usb: Fix out of sync data toggle if a configured device is reconfigured
Aleksander Morgado <[email protected]>
USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
Patrick Riphagen <[email protected]>
USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter
Zeng Tao <[email protected]>
usb: core: fix slab-out-of-bounds Read in read_descriptors
Vaibhav Agarwal <[email protected]>
staging: greybus: audio: fix uninitialized value issue
Tetsuo Handa <[email protected]>
video: fbdev: fix OOB read in vga_8planes_imageblit()
Wanpeng Li <[email protected]>
KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit
Linus Torvalds <[email protected]>
vgacon: remove software scrollback support
Linus Torvalds <[email protected]>
fbcon: remove now unusued 'softback_lines' cursor() argument
Linus Torvalds <[email protected]>
fbcon: remove soft scrollback code
Ilya Dryomov <[email protected]>
rbd: require global CAP_SYS_ADMIN for mapping and unmapping
Hou Pu <[email protected]>
scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem
Varun Prakash <[email protected]>
scsi: target: iscsi: Fix data digest calculation
Michał Mirosław <[email protected]>
regulator: push allocation in set_consumer_device_supply() out of lock
Filipe Manana <[email protected]>
btrfs: fix wrong address when faulting in pages in the search ioctl
Rustam Kovhaev <[email protected]>
staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
Johan Hovold <[email protected]>
USB: core: add helpers to retrieve endpoints
Jonathan Cameron <[email protected]>
iio:accel:mma8452: Fix timestamp alignment and prevent data leak.
Jonathan Cameron <[email protected]>
iio:accel:mma7455: Fix timestamp alignment and prevent data leak.
Jonathan Cameron <[email protected]>
iio: accel: kxsd9: Fix alignment of local buffer.
Jonathan Cameron <[email protected]>
iio:light:max44000 Fix timestamp alignment and prevent data leak.
Jonathan Cameron <[email protected]>
iio:magnetometer:ak8975 Fix alignment and data leak issues.
Sandhya Bankar <[email protected]>
drivers: iio: magnetometer: Fix sparse endianness warnings cast to restricted __be16
Jonathan Cameron <[email protected]>
iio:adc:ti-adc081c Fix alignment and data leak issues
Jonathan Cameron <[email protected]>
iio:adc:ina2xx Fix timestamp alignment issue.
Jonathan Cameron <[email protected]>
iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak.
Jonathan Cameron <[email protected]>
iio:light:ltr501 Fix timestamp alignment issue.
Maxim Kochetkov <[email protected]>
iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set
Angelo Compagnucci <[email protected]>
iio: adc: mcp3422: fix locking on error path
Angelo Compagnucci <[email protected]>
iio: adc: mcp3422: fix locking scope
Leon Romanovsky <[email protected]>
gcov: Disable gcov build with GCC 10
Rander Wang <[email protected]>
ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
Xie He <[email protected]>
drivers/net/wan/hdlc_cisco: Add hard_header_len
Vineet Gupta <[email protected]>
irqchip/eznps: Fix build error for !ARC700 builds
Darrick J. Wong <[email protected]>
xfs: initialize the shortform attr header padding entry
Xie He <[email protected]>
drivers/net/wan/lapbether: Set network_header before transmitting
Mohan Kumar <[email protected]>
ALSA: hda: Fix 2 channel swapping for Tegra
Dinghao Liu <[email protected]>
firestream: Fix memleak in fs_open
Dinghao Liu <[email protected]>
NFC: st95hf: Fix memleak in st95hf_in_send_cmd
Xie He <[email protected]>
drivers/net/wan/lapbether: Added needed_tailroom
Luo Jiaxing <[email protected]>
scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
Kamal Heib <[email protected]>
RDMA/rxe: Drop pointless checks in rxe_init_ports
Dinghao Liu <[email protected]>
RDMA/rxe: Fix memleak in rxe_mem_init_user
Dinh Nguyen <[email protected]>
ARM: dts: socfpga: fix register entry for timer3 on Arria10
-------------
Diffstat:
Makefile | 4 +-
arch/arc/plat-eznps/include/plat/ctop.h | 1 -
arch/arm/boot/dts/socfpga_arria10.dtsi | 2 +-
arch/mips/Kconfig | 1 +
arch/mips/sni/a20r.c | 9 +-
arch/powerpc/configs/pasemi_defconfig | 1 -
arch/powerpc/configs/ppc6xx_defconfig | 1 -
arch/powerpc/kernel/dma-iommu.c | 3 +-
arch/x86/configs/i386_defconfig | 2 +-
arch/x86/configs/x86_64_defconfig | 2 +-
arch/x86/kvm/vmx.c | 1 +
drivers/atm/firestream.c | 1 +
drivers/block/rbd.c | 12 ++
drivers/clk/rockchip/clk-rk3228.c | 2 +-
drivers/gpu/drm/mediatek/mtk_drm_drv.c | 7 +-
drivers/hv/channel_mgmt.c | 7 +-
drivers/i2c/algos/i2c-algo-pca.c | 35 ++--
drivers/iio/accel/bmc150-accel-core.c | 15 +-
drivers/iio/accel/kxsd9.c | 16 +-
drivers/iio/accel/mma7455_core.c | 16 +-
drivers/iio/accel/mma8452.c | 11 +-
drivers/iio/adc/ina2xx-adc.c | 11 +-
drivers/iio/adc/mcp3422.c | 16 +-
drivers/iio/adc/ti-adc081c.c | 11 +-
drivers/iio/adc/ti-ads1015.c | 10 +
drivers/iio/light/ltr501.c | 15 +-
drivers/iio/light/max44000.c | 12 +-
drivers/iio/magnetometer/ak8975.c | 26 ++-
drivers/infiniband/sw/rxe/rxe.c | 5 +-
drivers/infiniband/sw/rxe/rxe_loc.h | 20 +-
drivers/infiniband/sw/rxe/rxe_mcast.c | 4 +-
drivers/infiniband/sw/rxe/rxe_mr.c | 1 +
drivers/infiniband/sw/rxe/rxe_net.c | 43 ++--
drivers/infiniband/sw/rxe/rxe_req.c | 4 +-
drivers/infiniband/sw/rxe/rxe_resp.c | 4 +-
drivers/infiniband/sw/rxe/rxe_verbs.c | 10 +-
drivers/infiniband/sw/rxe/rxe_verbs.h | 22 --
drivers/input/serio/i8042-x86ia64io.h | 16 ++
drivers/net/wan/hdlc_cisco.c | 1 +
drivers/net/wan/lapbether.c | 3 +
drivers/nfc/st95hf/core.c | 2 +-
drivers/rapidio/Kconfig | 2 +-
drivers/regulator/core.c | 46 ++--
drivers/scsi/libsas/sas_ata.c | 5 +-
drivers/scsi/lpfc/lpfc_els.c | 4 +-
drivers/scsi/pm8001/pm8001_sas.c | 2 +-
drivers/spi/spi-loopback-test.c | 2 +-
drivers/staging/greybus/audio_topology.c | 29 +--
drivers/staging/wlan-ng/hfa384x_usb.c | 5 -
drivers/staging/wlan-ng/prism2usb.c | 19 +-
drivers/target/iscsi/iscsi_target.c | 17 +-
drivers/target/iscsi/iscsi_target_login.c | 6 +-
drivers/target/iscsi/iscsi_target_login.h | 3 +-
drivers/target/iscsi/iscsi_target_nego.c | 3 +-
drivers/tty/serial/8250/8250_pci.c | 11 +
drivers/usb/class/usblp.c | 5 +
drivers/usb/core/message.c | 91 ++++----
drivers/usb/core/quirks.c | 4 +
drivers/usb/core/sysfs.c | 5 +
drivers/usb/core/usb.c | 83 ++++++++
drivers/usb/host/ehci-hcd.c | 1 +
drivers/usb/host/ehci-hub.c | 1 -
drivers/usb/serial/ftdi_sio.c | 1 +
drivers/usb/serial/ftdi_sio_ids.h | 1 +
drivers/usb/serial/option.c | 2 +
drivers/usb/storage/uas.c | 14 +-
drivers/video/console/Kconfig | 25 ---
drivers/video/console/bitblit.c | 11 +-
drivers/video/console/fbcon.c | 336 +-----------------------------
drivers/video/console/fbcon.h | 2 +-
drivers/video/console/fbcon_ccw.c | 11 +-
drivers/video/console/fbcon_cw.c | 11 +-
drivers/video/console/fbcon_ud.c | 11 +-
drivers/video/console/tileblit.c | 2 +-
drivers/video/console/vgacon.c | 159 +-------------
drivers/video/fbdev/vga16fb.c | 2 +-
fs/btrfs/ioctl.c | 3 +-
fs/nfs/nfs4proc.c | 7 +-
fs/xfs/libxfs/xfs_attr_leaf.c | 4 +-
include/linux/i2c-algo-pca.h | 15 ++
include/linux/usb.h | 35 ++++
include/soc/nps/common.h | 6 +
kernel/gcov/gcc_4_7.c | 4 +-
net/core/skbuff.c | 10 +-
net/sunrpc/rpcb_clnt.c | 4 +-
sound/hda/hdac_device.c | 2 +
sound/pci/hda/patch_hdmi.c | 5 +
tools/perf/tests/pmu.c | 1 +
tools/perf/util/pmu.c | 11 +
tools/perf/util/pmu.h | 1 +
90 files changed, 595 insertions(+), 830 deletions(-)
From: Jonathan Cameron <[email protected]>
commit 2684d5003490df5398aeafe2592ba9d4a4653998 upstream.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver which uses an array of smaller elements on the stack.
Here we use a structure on the stack. The driver already did an
explicit memset so no data leak was possible.
Forced alignment of ts is not strictly necessary but probably makes
the code slightly less fragile.
Note there has been some rework in this driver of the years, so no
way this will apply cleanly all the way back.
Fixes: 2690be905123 ("iio: Add Lite-On ltr501 ambient light / proximity sensor driver")
Reported-by: Lars-Peter Clausen <[email protected]>
Signed-off-by: Jonathan Cameron <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Cc: <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/iio/light/ltr501.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/drivers/iio/light/ltr501.c
+++ b/drivers/iio/light/ltr501.c
@@ -1218,13 +1218,16 @@ static irqreturn_t ltr501_trigger_handle
struct iio_poll_func *pf = p;
struct iio_dev *indio_dev = pf->indio_dev;
struct ltr501_data *data = iio_priv(indio_dev);
- u16 buf[8];
+ struct {
+ u16 channels[3];
+ s64 ts __aligned(8);
+ } scan;
__le16 als_buf[2];
u8 mask = 0;
int j = 0;
int ret, psdata;
- memset(buf, 0, sizeof(buf));
+ memset(&scan, 0, sizeof(scan));
/* figure out which data needs to be ready */
if (test_bit(0, indio_dev->active_scan_mask) ||
@@ -1243,9 +1246,9 @@ static irqreturn_t ltr501_trigger_handle
if (ret < 0)
return ret;
if (test_bit(0, indio_dev->active_scan_mask))
- buf[j++] = le16_to_cpu(als_buf[1]);
+ scan.channels[j++] = le16_to_cpu(als_buf[1]);
if (test_bit(1, indio_dev->active_scan_mask))
- buf[j++] = le16_to_cpu(als_buf[0]);
+ scan.channels[j++] = le16_to_cpu(als_buf[0]);
}
if (mask & LTR501_STATUS_PS_RDY) {
@@ -1253,10 +1256,10 @@ static irqreturn_t ltr501_trigger_handle
&psdata, 2);
if (ret < 0)
goto done;
- buf[j++] = psdata & LTR501_PS_DATA_MASK;
+ scan.channels[j++] = psdata & LTR501_PS_DATA_MASK;
}
- iio_push_to_buffers_with_timestamp(indio_dev, buf,
+ iio_push_to_buffers_with_timestamp(indio_dev, &scan,
iio_get_time_ns(indio_dev));
done:
From: Jonathan Cameron <[email protected]>
commit a6f86f724394de3629da63fe5e1b7a4ab3396efe upstream.
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver which uses a 16 byte array of smaller elements on the stack.
As Lars also noted this anti pattern can involve a leak of data to
userspace and that indeed can happen here. We close both issues by moving
to a suitable structure in the iio_priv() data with alignment
ensured by use of an explicit c structure. This data is allocated
with kzalloc so no data can leak appart from previous readings.
Fixes tag is beyond some major refactoring so likely manual backporting
would be needed to get that far back.
Whilst the force alignment of the ts is not strictly necessary, it
does make the code less fragile.
Fixes: 3bbec9773389 ("iio: bmc150_accel: add support for hardware fifo")
Reported-by: Lars-Peter Clausen <[email protected]>
Signed-off-by: Jonathan Cameron <[email protected]>
Acked-by: Srinivas Pandruvada <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Cc: <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/iio/accel/bmc150-accel-core.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
--- a/drivers/iio/accel/bmc150-accel-core.c
+++ b/drivers/iio/accel/bmc150-accel-core.c
@@ -197,6 +197,14 @@ struct bmc150_accel_data {
struct mutex mutex;
u8 fifo_mode, watermark;
s16 buffer[8];
+ /*
+ * Ensure there is sufficient space and correct alignment for
+ * the timestamp if enabled
+ */
+ struct {
+ __le16 channels[3];
+ s64 ts __aligned(8);
+ } scan;
u8 bw_bits;
u32 slope_dur;
u32 slope_thres;
@@ -933,15 +941,16 @@ static int __bmc150_accel_fifo_flush(str
* now.
*/
for (i = 0; i < count; i++) {
- u16 sample[8];
int j, bit;
j = 0;
for_each_set_bit(bit, indio_dev->active_scan_mask,
indio_dev->masklength)
- memcpy(&sample[j++], &buffer[i * 3 + bit], 2);
+ memcpy(&data->scan.channels[j++], &buffer[i * 3 + bit],
+ sizeof(data->scan.channels[0]));
- iio_push_to_buffers_with_timestamp(indio_dev, sample, tstamp);
+ iio_push_to_buffers_with_timestamp(indio_dev, &data->scan,
+ tstamp);
tstamp += sample_period;
}
From: Dinghao Liu <[email protected]>
[ Upstream commit e3ddd6067ee62f6e76ebcf61ff08b2c729ae412b ]
When page_address() fails, umem should be freed just like when
rxe_mem_alloc() fails.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Dinghao Liu <[email protected]>
Signed-off-by: Jason Gunthorpe <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/infiniband/sw/rxe/rxe_mr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/infiniband/sw/rxe/rxe_mr.c b/drivers/infiniband/sw/rxe/rxe_mr.c
index 9b732c5f89e16..6d1ba75398a1a 100644
--- a/drivers/infiniband/sw/rxe/rxe_mr.c
+++ b/drivers/infiniband/sw/rxe/rxe_mr.c
@@ -205,6 +205,7 @@ int rxe_mem_init_user(struct rxe_dev *rxe, struct rxe_pd *pd, u64 start,
vaddr = page_address(sg_page(sg));
if (!vaddr) {
pr_warn("null vaddr\n");
+ ib_umem_release(umem);
err = -ENOMEM;
goto err1;
}
--
2.25.1
On Mon, 21 Sep 2020 at 22:05, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 4.9.237 release.
> There are 70 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 23 Sep 2020 16:20:12 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.237-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <[email protected]>
Summary
------------------------------------------------------------------------
kernel: 4.9.237-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.9.y
git commit: b7aa672795fd423afa4bd326c3abd59c991263ea
git describe: v4.9.236-71-gb7aa672795fd
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-4.9.y/build/v4.9.236-71-gb7aa672795fd
No regressions (compared to build v4.9.236-47-g9769e65dc140)
No Fixes (compared to build v4.9.236-47-g9769e65dc140)
Ran 14478 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c - arm64
- hi6220-hikey - arm64
- i386
- juno-r2 - arm64
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15 - arm
- x86_64
Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* kselftest/drivers
* kselftest/filesystems
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fs-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-tracing-tests
* perf
* v4l2-compliance
* network-basic-tests
* ltp-open-posix-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-syscalls-tests
* kselftest/net
--
Linaro LKFT
https://lkft.linaro.org
On Mon, Sep 21, 2020 at 06:27:00PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.9.237 release.
> There are 70 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 23 Sep 2020 16:20:12 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 171 pass: 171 fail: 0
Qemu test results:
total: 386 pass: 386 fail: 0
Tested-by: Guenter Roeck <[email protected]>
Guenter