This is the start of the stable review cycle for the 4.19.224 release.
There are 27 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 05 Jan 2022 14:20:40 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.224-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 4.19.224-rc1
Muchun Song <[email protected]>
net: fix use-after-free in tw_timer_handler
Leo L. Schwab <[email protected]>
Input: spaceball - fix parsing of movement data packets
Pavel Skripkin <[email protected]>
Input: appletouch - initialize work before device registration
Alexey Makhalov <[email protected]>
scsi: vmw_pvscsi: Set residual data length conditionally
Todd Kjos <[email protected]>
binder: fix async_free_space accounting for empty parcels
Chunfeng Yun <[email protected]>
usb: mtu3: set interval of FS intr and isoc endpoint
Vincent Pelletier <[email protected]>
usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
Mathias Nyman <[email protected]>
xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
Dmitry V. Levin <[email protected]>
uapi: fix linux/nfc.h userspace compilation errors
Krzysztof Kozlowski <[email protected]>
nfc: uapi: use kernel size_t to fix user-space builds
Pavel Skripkin <[email protected]>
i2c: validate user data in compat ioctl
Miaoqian Lin <[email protected]>
fsl/fman: Fix missing put_device() call in fman_port_probe
wujianguo <[email protected]>
selftests/net: udpgso_bench_tx: fix dst ip argument
Gal Pressman <[email protected]>
net/mlx5e: Fix wrong features assignment in case of error
Wei Yongjun <[email protected]>
NFC: st21nfca: Fix memory leak in device probe and remove
Matthias-Christian Ott <[email protected]>
net: usb: pegasus: Do not drop long Ethernet frames
Xin Long <[email protected]>
sctp: use call_rcu to free endpoint
Coco Li <[email protected]>
selftests: Calculate udpgso segment count without header adjustment
Coco Li <[email protected]>
udp: using datalen to cap ipv6 udp max gso segments
Dan Carpenter <[email protected]>
scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
Tom Rix <[email protected]>
selinux: initialize proto variable in selinux_ip_postroute_compat()
Heiko Carstens <[email protected]>
recordmcount.pl: fix typo in s390 mcount regex
Wang Qing <[email protected]>
platform/x86: apple-gmux: use resource_size() with res
Samuel Čavoj <[email protected]>
Input: i8042 - enable deferred probe quirk for ASUS UM325UA
Takashi Iwai <[email protected]>
Input: i8042 - add deferred probe support
Jens Wiklander <[email protected]>
tee: handle lookup of shm with reference count 0
Hans de Goede <[email protected]>
HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
-------------
Diffstat:
Documentation/admin-guide/kernel-parameters.txt | 2 +
Makefile | 4 +-
drivers/android/binder_alloc.c | 2 +-
drivers/hid/Kconfig | 1 +
drivers/i2c/i2c-dev.c | 3 +
drivers/input/joystick/spaceball.c | 11 +-
drivers/input/mouse/appletouch.c | 4 +-
drivers/input/serio/i8042-x86ia64io.h | 21 +++
drivers/input/serio/i8042.c | 54 ++++---
drivers/net/ethernet/freescale/fman/fman_port.c | 12 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 11 +-
drivers/net/usb/pegasus.c | 4 +-
drivers/nfc/st21nfca/i2c.c | 29 ++--
drivers/platform/x86/apple-gmux.c | 2 +-
drivers/scsi/lpfc/lpfc_debugfs.c | 4 +-
drivers/scsi/vmw_pvscsi.c | 7 +-
drivers/tee/tee_shm.c | 177 ++++++++--------------
drivers/usb/gadget/function/f_fs.c | 9 +-
drivers/usb/host/xhci-pci.c | 5 +-
drivers/usb/mtu3/mtu3_gadget.c | 7 +
include/linux/tee_drv.h | 4 +-
include/net/sctp/sctp.h | 6 +-
include/net/sctp/structs.h | 3 +-
include/uapi/linux/nfc.h | 6 +-
net/ipv4/af_inet.c | 10 +-
net/ipv6/udp.c | 2 +-
net/sctp/diag.c | 12 +-
net/sctp/endpointola.c | 23 ++-
net/sctp/socket.c | 23 ++-
scripts/recordmcount.pl | 2 +-
security/selinux/hooks.c | 2 +-
tools/testing/selftests/net/udpgso.c | 12 +-
tools/testing/selftests/net/udpgso_bench_tx.c | 8 +-
33 files changed, 268 insertions(+), 214 deletions(-)
From: Coco Li <[email protected]>
[ Upstream commit 736ef37fd9a44f5966e25319d08ff7ea99ac79e8 ]
The max number of UDP gso segments is intended to cap to
UDP_MAX_SEGMENTS, this is checked in udp_send_skb().
skb->len contains network and transport header len here, we should use
only data len instead.
This is the ipv6 counterpart to the below referenced commit,
which missed the ipv6 change
Fixes: 158390e45612 ("udp: using datalen to cap max gso segments")
Signed-off-by: Coco Li <[email protected]>
Reviewed-by: Willem de Bruijn <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
net/ipv6/udp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 0198910c2bf27..7d3caafdf2059 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1069,7 +1069,7 @@ static int udp_v6_send_skb(struct sk_buff *skb, struct flowi6 *fl6,
kfree_skb(skb);
return -EINVAL;
}
- if (skb->len > cork->gso_size * UDP_MAX_SEGMENTS) {
+ if (datalen > cork->gso_size * UDP_MAX_SEGMENTS) {
kfree_skb(skb);
return -EINVAL;
}
--
2.34.1
From: Muchun Song <[email protected]>
commit e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0 upstream.
A real world panic issue was found as follow in Linux 5.4.
BUG: unable to handle page fault for address: ffffde49a863de28
PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0
RIP: 0010:tw_timer_handler+0x20/0x40
Call Trace:
<IRQ>
call_timer_fn+0x2b/0x120
run_timer_softirq+0x1ef/0x450
__do_softirq+0x10d/0x2b8
irq_exit+0xc7/0xd0
smp_apic_timer_interrupt+0x68/0x120
apic_timer_interrupt+0xf/0x20
This issue was also reported since 2017 in the thread [1],
unfortunately, the issue was still can be reproduced after fixing
DCCP.
The ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net
namespace is destroyed since tcp_sk_ops is registered befrore
ipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops
in the list of pernet_list. There will be a use-after-free on
net->mib.net_statistics in tw_timer_handler after ipv4_mib_exit_net
if there are some inflight time-wait timers.
This bug is not introduced by commit f2bf415cfed7 ("mib: add net to
NET_ADD_STATS_BH") since the net_statistics is a global variable
instead of dynamic allocation and freeing. Actually, commit
61a7e26028b9 ("mib: put net statistics on struct net") introduces
the bug since it put net statistics on struct net and free it when
net namespace is destroyed.
Moving init_ipv4_mibs() to the front of tcp_init() to fix this bug
and replace pr_crit() with panic() since continuing is meaningless
when init_ipv4_mibs() fails.
[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1
Fixes: 61a7e26028b9 ("mib: put net statistics on struct net")
Signed-off-by: Muchun Song <[email protected]>
Cc: Cong Wang <[email protected]>
Cc: Fam Zheng <[email protected]>
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/ipv4/af_inet.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1955,6 +1955,10 @@ static int __init inet_init(void)
ip_init();
+ /* Initialise per-cpu ipv4 mibs */
+ if (init_ipv4_mibs())
+ panic("%s: Cannot init ipv4 mibs\n", __func__);
+
/* Setup TCP slab cache for open requests. */
tcp_init();
@@ -1983,12 +1987,6 @@ static int __init inet_init(void)
if (init_inet_pernet_ops())
pr_crit("%s: Cannot init ipv4 inet pernet ops\n", __func__);
- /*
- * Initialise per-cpu ipv4 mibs
- */
-
- if (init_ipv4_mibs())
- pr_crit("%s: Cannot init ipv4 mibs\n", __func__);
ipv4_proc_init();
Hi!
> This is the start of the stable review cycle for the 4.19.224 release.
> There are 27 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
CIP testing did not find any problems here:
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-4.19.y
Tested-by: Pavel Machek (CIP) <[email protected]>
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
On Mon, Jan 03, 2022 at 03:23:40PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.224 release.
> There are 27 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 05 Jan 2022 14:20:40 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 155 pass: 155 fail: 0
Qemu test results:
total: 422 pass: 422 fail: 0
Tested-by: Guenter Roeck <[email protected]>
Guenter
On Mon, 3 Jan 2022 at 19:56, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 4.19.224 release.
> There are 27 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 05 Jan 2022 14:20:40 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.224-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <[email protected]>
## Build
* kernel: 4.19.224-rc1
* git: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
* git branch: linux-4.19.y
* git commit: 3285af6cecfcf350536b55f95214b08192ff25f2
* git describe: v4.19.223-28-g3285af6cecfc
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-4.19.y/build/v4.19.223-28-g3285af6cecfc
## No Test Regressions (compared to v4.19.223)
No test regressions found.
## Metric Regressions (compared to v4.19.223)
No metric regressions found.
## No Test Fixes (compared to v4.19.223)
## Metric Fixes (compared to v4.19.223)
No metric fixes found.
## Test result summary
total: 73951, pass: 59880, fail: 643, skip: 11816, xfail: 1612
## Build Summary
* arm: 130 total, 130 passed, 0 failed
* arm64: 35 total, 35 passed, 0 failed
* dragonboard-410c: 1 total, 1 passed, 0 failed
* hi6220-hikey: 1 total, 1 passed, 0 failed
* i386: 19 total, 19 passed, 0 failed
* juno-r2: 1 total, 1 passed, 0 failed
* mips: 26 total, 26 passed, 0 failed
* powerpc: 52 total, 48 passed, 4 failed
* s390: 12 total, 12 passed, 0 failed
* sparc: 12 total, 12 passed, 0 failed
* x15: 1 total, 1 passed, 0 failed
* x86: 1 total, 1 passed, 0 failed
* x86_64: 34 total, 34 passed, 0 failed
## Test suites summary
* fwts
* kselftest-android
* kselftest-arm64
* kselftest-arm64/arm64.btitest.bti_c_func
* kselftest-arm64/arm64.btitest.bti_j_func
* kselftest-arm64/arm64.btitest.bti_jc_func
* kselftest-arm64/arm64.btitest.bti_none_func
* kselftest-arm64/arm64.btitest.nohint_func
* kselftest-arm64/arm64.btitest.paciasp_func
* kselftest-arm64/arm64.nobtitest.bti_c_func
* kselftest-arm64/arm64.nobtitest.bti_j_func
* kselftest-arm64/arm64.nobtitest.bti_jc_func
* kselftest-arm64/arm64.nobtitest.bti_none_func
* kselftest-arm64/arm64.nobtitest.nohint_func
* kselftest-arm64/arm64.nobtitest.paciasp_func
* kselftest-bpf
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-drivers
* kselftest-efivarfs
* kselftest-filesystems
* kselftest-firmware
* kselftest-fpu
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-kvm
* kselftest-lib
* kselftest-livepatch
* kselftest-membarrier
* kselftest-memfd
* kselftest-memory-hotplug
* kselftest-mincore
* kselftest-mount
* kselftest-mqueue
* kselftest-net
* kselftest-netfilter
* kselftest-nsfs
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-seccomp
* kselftest-sigaltstack
* kselftest-size
* kselftest-splice
* kselftest-static_keys
* kselftest-sync
* kselftest-sysctl
* kselftest-tc-testing
* kselftest-timens
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-vm
* kselftest-x86
* kselftest-zram
* kvm-unit-tests
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-tracing-tests
* network-basic-tests
* packetdrill
* perf
* rcutorture
* ssuite
* v4l2-compliance
--
Linaro LKFT
https://lkft.linaro.org
Hi Greg,
On Mon, Jan 03, 2022 at 03:23:40PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.224 release.
> There are 27 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 05 Jan 2022 14:20:40 +0000.
> Anything received after that time might be too late.
Build test:
mips (gcc version 11.2.1 20211214): 63 configs -> no failure
arm (gcc version 11.2.1 20211214): 116 configs -> no new failure
arm64 (gcc version 11.2.1 20211214): 2 configs -> no failure
x86_64 (gcc version 11.2.1 20211214): 4 configs -> no failure
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
[1]. https://openqa.qa.codethink.co.uk/tests/581
Tested-by: Sudip Mukherjee <[email protected]>
--
Regards
Sudip