1. 10 2月, 2021 2 次提交
    • P
      squashfs: add more sanity checks in id lookup · f37aa4c7
      Phillip Lougher 提交于
      Sysbot has reported a number of "slab-out-of-bounds reads" and
      "use-after-free read" errors which has been identified as being caused
      by a corrupted index value read from the inode.  This could be because
      the metadata block is uncompressed, or because the "compression" bit has
      been corrupted (turning a compressed block into an uncompressed block).
      
      This patch adds additional sanity checks to detect this, and the
      following corruption.
      
      1. It checks against corruption of the ids count.  This can either
         lead to a larger table to be read, or a smaller than expected
         table to be read.
      
         In the case of a too large ids count, this would often have been
         trapped by the existing sanity checks, but this patch introduces
         a more exact check, which can identify too small values.
      
      2. It checks the contents of the index table for corruption.
      
      Link: https://lkml.kernel.org/r/20210204130249.4495-3-phillip@squashfs.org.ukSigned-off-by: NPhillip Lougher <phillip@squashfs.org.uk>
      Reported-by: syzbot+b06d57ba83f604522af2@syzkaller.appspotmail.com
      Reported-by: syzbot+c021ba012da41ee9807c@syzkaller.appspotmail.com
      Reported-by: syzbot+5024636e8b5fd19f0f19@syzkaller.appspotmail.com
      Reported-by: syzbot+bcbc661df46657d0fa4f@syzkaller.appspotmail.com
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f37aa4c7
    • P
      squashfs: avoid out of bounds writes in decompressors · e812cbbb
      Phillip Lougher 提交于
      Patch series "Squashfs: fix BIO migration regression and add sanity checks".
      
      Patch [1/4] fixes a regression introduced by the "migrate from
      ll_rw_block usage to BIO" patch, which has produced a number of
      Sysbot/Syzkaller reports.
      
      Patches [2/4], [3/4], and [4/4] fix a number of filesystem corruption
      issues which have produced Sysbot reports in the id, inode and xattr
      lookup code.
      
      Each patch has been tested against the Sysbot reproducers using the
      given kernel configuration.  They have the appropriate "Reported-by:"
      lines added.
      
      Additionally, all of the reproducer filesystems are indirectly fixed by
      patch [4/4] due to the fact they all have xattr corruption which is now
      detected there.
      
      Additional testing with other configurations and architectures (32bit,
      big endian), and normal filesystems has also been done to trap any
      inadvertent regressions caused by the additional sanity checks.
      
      This patch (of 4):
      
      This is a regression introduced by the patch "migrate from ll_rw_block
      usage to BIO".
      
      Sysbot/Syskaller has reported a number of "out of bounds writes" and
      "unable to handle kernel paging request in squashfs_decompress" errors
      which have been identified as a regression introduced by the above
      patch.
      
      Specifically, the patch removed the following sanity check
      
              if (length < 0 || length > output->length ||
      		(index + length) > msblk->bytes_used)
      
      This check did two things:
      
      1. It ensured any reads were not beyond the end of the filesystem
      
      2. It ensured that the "length" field read from the filesystem
         was within the expected maximum length.  Without this any
         corrupted values can over-run allocated buffers.
      
      Link: https://lkml.kernel.org/r/20210204130249.4495-1-phillip@squashfs.org.uk
      Link: https://lkml.kernel.org/r/20210204130249.4495-2-phillip@squashfs.org.uk
      Fixes: 93e72b3c ("squashfs: migrate from ll_rw_block usage to BIO")
      Reported-by: syzbot+6fba78f99b9afd4b5634@syzkaller.appspotmail.com
      Signed-off-by: NPhillip Lougher <phillip@squashfs.org.uk>
      Cc: Philippe Liard <pliard@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      e812cbbb
  2. 09 2月, 2021 1 次提交
  3. 08 2月, 2021 9 次提交
    • L
      Linux 5.11-rc7 · 92bf2261
      Linus Torvalds 提交于
      92bf2261
    • L
      Merge tag 'libnvdimm-fixes-5.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · b75dba7f
      Linus Torvalds 提交于
      Pull libnvdimm fixes from Dan Williams:
       "A fix for a crash scenario that has been present since the initial
        merge, a minor regression in sysfs attribute visibility, and a fix for
        some flexible array warnings.
      
        The bulk of this pull is an update to the libnvdimm unit test
        infrastructure to test non-ACPI platforms. Given there is zero
        regression risk for test updates, and the tests enable validation of
        bits headed towards the next merge window, I saw no reason to hold the
        new tests back. Santosh originally submitted this before the v5.11
        window opened.
      
        Summary:
      
         - Fix a crash when sysfs accesses race 'dimm' driver probe/remove.
      
         - Fix a regression in 'resource' attribute visibility necessary for
           mapping badblocks and other physical address interrogations.
      
         - Fix some flexible array warnings
      
         - Expand the unit test infrastructure for non-ACPI platforms"
      
      * tag 'libnvdimm-fixes-5.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        libnvdimm/dimm: Avoid race between probe and available_slots_show()
        ndtest: Add papr health related flags
        ndtest: Add nvdimm control functions
        ndtest: Add regions and mappings to the test buses
        ndtest: Add dimm attributes
        ndtest: Add dimms to the two buses
        ndtest: Add compatability string to treat it as PAPR family
        testing/nvdimm: Add test module for non-nfit platforms
        libnvdimm/namespace: Fix visibility of namespace resource attribute
        libnvdimm/pmem: Remove unused header
        ACPI: NFIT: Fix flexible_array.cocci warnings
      b75dba7f
    • L
      Merge tag 'dma-mapping-5.11-2' of git://git.infradead.org/users/hch/dma-mapping · ff92acb2
      Linus Torvalds 提交于
      Pull dma-mapping fix from Christoph Hellwig:
       "Fix a 32 vs 64-bit padding issue in the new benchmark code (Barry
        Song)"
      
      * tag 'dma-mapping-5.11-2' of git://git.infradead.org/users/hch/dma-mapping:
        dma-mapping: benchmark: use u8 for reserved field in uAPI structure
      ff92acb2
    • L
      Merge tag 'irq_urgent_for_v5.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · fc6c0ae5
      Linus Torvalds 提交于
      Pull irq fixes from Borislav Petkov:
      
       - Prevent device managed IRQ allocation helpers from returning IRQ 0
      
       - A fix for MSI activation of PCI endpoints with multiple MSIs
      
      * tag 'irq_urgent_for_v5.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq: Prevent [devm_]irq_alloc_desc from returning irq 0
        genirq/msi: Activate Multi-MSI early when MSI_FLAG_ACTIVATE_EARLY is set
      fc6c0ae5
    • L
      Merge tag 'core_urgent_for_v5.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · c6792d44
      Linus Torvalds 提交于
      Pull syscall entry fixes from Borislav Petkov:
      
       - For syscall user dispatch, separate prctl operation from syscall
         redirection range specification before the API has been made official
         in 5.11.
      
       - Ensure tasks using the generic syscall code do trap after returning
         from a syscall when single-stepping is requested.
      
      * tag 'core_urgent_for_v5.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        entry: Use different define for selector variable in SUD
        entry: Ensure trap after single-step on system call return
      c6792d44
    • L
      Merge tag 'sched_urgent_for_v5.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 6fed85df
      Linus Torvalds 提交于
      Pull scheduler fix from Borislav Petkov:
       "Revert an attempt to not spread IRQ threads on isolated CPUs which has
        a bunch of problems"
      
      * tag 'sched_urgent_for_v5.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        Revert "lib: Restrict cpumask_local_spread to houskeeping CPUs"
      6fed85df
    • L
      Merge tag 'timers_urgent_for_v5.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 814daadb
      Linus Torvalds 提交于
      Pull timer fixes from Borislav Petkov:
       "Two more timers-related fixes for v5.11:
      
         - Use a freezable workqueue for RTC sync because the sync can happen
           at any time and trigger suspend assertion checks in the i2c
           subsystem.
      
         - Correct a previous RTC validation change to check only bit 6 in
           register D because some Intel machines use bits 0-5"
      
      * tag 'timers_urgent_for_v5.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        ntp: Use freezable workqueue for RTC synchronization
        rtc: mc146818: Dont test for bit 0-5 in Register D
      814daadb
    • L
      Merge tag 'x86_urgent_for_v5.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e24f9c5f
      Linus Torvalds 提交于
      Pull x86 fixes from Borislav Petkov:
       "I hope this is the last batch of x86/urgent updates for this round:
      
         - Remove superfluous EFI PGD range checks which lead to those
           assertions failing with certain kernel configs and LLVM.
      
         - Disable setting breakpoints on facilities involved in #DB exception
           handling to avoid infinite loops.
      
         - Add extra serialization to non-serializing MSRs (IA32_TSC_DEADLINE
           and x2 APIC MSRs) to adhere to SDM's recommendation and avoid any
           theoretical issues.
      
         - Re-add the EPB MSR reading on turbostat so that it works on older
           kernels which don't have the corresponding EPB sysfs file.
      
         - Add Alder Lake to the list of CPUs which support split lock.
      
         - Fix %dr6 register handling in order to be able to set watchpoints
           with gdb again.
      
         - Disable CET instrumentation in the kernel so that gcc doesn't add
           ENDBR64 to kernel code and thus confuse tracing"
      
      * tag 'x86_urgent_for_v5.11_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/efi: Remove EFI PGD build time checks
        x86/debug: Prevent data breakpoints on cpu_dr7
        x86/debug: Prevent data breakpoints on __per_cpu_offset
        x86/apic: Add extra serialization for non-serializing MSRs
        tools/power/turbostat: Fallback to an MSR read for EPB
        x86/split_lock: Enable the split lock feature on another Alder Lake CPU
        x86/debug: Fix DR6 handling
        x86/build: Disable CET instrumentation in the kernel
      e24f9c5f
    • L
      Merge tag 'kbuild-fixes-v5.11-2' of... · 2db138bb
      Linus Torvalds 提交于
      Merge tag 'kbuild-fixes-v5.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - Use the 'python3' command to invoke python scripts because some
         distributions do not provide the 'python' command any more.
      
       - Clean-up and update documents
      
       - Use pkg-config to search libcrypto
      
       - Fix duplicated debug flags
      
       - Ignore some more stubs in scripts/kallsyms.c
      
      * tag 'kbuild-fixes-v5.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kallsyms: fix nonconverging kallsyms table with lld
        kbuild: fix duplicated flags in DEBUG_CFLAGS
        scripts/clang-tools: switch explicitly to Python 3
        kbuild: remove PYTHON variable
        Documentation/llvm: Add a section about supported architectures
        Revert "checkpatch: add check for keyword 'boolean' in Kconfig definitions"
        scripts: use pkg-config to locate libcrypto
        kconfig: mconf: fix HOSTCC call
        doc: gcc-plugins: update gcc-plugins.rst
        kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc
        Documentation/Kbuild: Remove references to gcc-plugin.sh
        scripts: switch explicitly to Python 3
      2db138bb
  4. 07 2月, 2021 9 次提交
    • L
      Merge tag '5.11-rc6-smb3' of git://git.samba.org/sfrench/cifs-2.6 · 825b5991
      Linus Torvalds 提交于
      Pull cifs fixes from Steve French:
       "Three small smb3 fixes for stable"
      
      * tag '5.11-rc6-smb3' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: report error instead of invalid when revalidating a dentry fails
        smb3: fix crediting for compounding when only one request in flight
        smb3: Fix out-of-bounds bug in SMB2_negotiate()
      825b5991
    • L
      Merge tag 'riscv-for-linus-5.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · f7455e5d
      Linus Torvalds 提交于
      Pull RISC-V fixes from Palmer Dabbelt:
       "A handful of fixes for this week:
      
         - A fix to avoid evalating the VA twice in virt_addr_valid, which
           fixes some WARNs under DEBUG_VIRTUAL.
      
         - Two fixes related to STRICT_KERNEL_RWX: one that fixes some
           permissions when strict is disabled, and one to fix some alignment
           issues when strict is enabled.
      
         - A fix to disallow the selection of MAXPHYSMEM_2GB on RV32, which
           isn't valid any more but may still show up in some oldconfigs.
      
        We still have the HiFive Unleashed ethernet phy reset regression, so
        there will likely be something coming next week"
      
      * tag 'riscv-for-linus-5.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        RISC-V: Define MAXPHYSMEM_1GB only for RV32
        riscv: Align on L1_CACHE_BYTES when STRICT_KERNEL_RWX
        RISC-V: Fix .init section permission update
        riscv: virt_addr_valid must check the address belongs to linear mapping
      f7455e5d
    • L
      Merge tag 'powerpc-5.11-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · f06279ea
      Linus Torvalds 提交于
      Pull powerpc fixes from Michael Ellerman:
      
       - A fix for a change we made to __kernel_sigtramp_rt64() which confused
         glibc's backtrace logic, and also changed the semantics of that
         symbol, which was arguably an ABI break.
      
       - A fix for a stack overwrite in our VSX instruction emulation.
      
       - A couple of fixes for the Makefile logic in the new C VDSO.
      
      Thanks to Masahiro Yamada, Naveen N.  Rao, Raoni Fassina Firmino, and
      Ravi Bangoria.
      
      * tag 'powerpc-5.11-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/64/signal: Fix regression in __kernel_sigtramp_rt64() semantics
        powerpc/vdso64: remove meaningless vgettimeofday.o build rule
        powerpc/vdso: fix unnecessary rebuilds of vgettimeofday.o
        powerpc/sstep: Fix array out of bound warning
      f06279ea
    • L
      Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm · 4a7859ea
      Linus Torvalds 提交于
      Pull ARM fixes from Russell King:
      
       - Fix latent bug with DC21285 (Footbridge PCI bridge) configuration
         accessors that affects GCC >= 4.9.2
      
       - Fix misplaced tegra_uart_config in decompressor
      
       - Ensure signal page contents are initialised
      
       - Fix kexec oops
      
      * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: kexec: fix oops after TLB are invalidated
        ARM: ensure the signal page contains defined contents
        ARM: 9043/1: tegra: Fix misplaced tegra_uart_config in decompressor
        ARM: footbridge: fix dc21285 PCI configuration accessors
      4a7859ea
    • L
      Merge tag 'usb-5.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 368afecb
      Linus Torvalds 提交于
      Pull USB fixes from Greg KH:
       "Here are some small, last-minute, USB driver fixes for 5.11-rc7
      
        They all resolve issues reported, or are a few new device ids for some
        drivers. They include:
      
         - new device ids for some usb-serial drivers
      
         - xhci fixes for a variety of reported problems
      
         - dwc3 driver bugfixes
      
         - dwc2 driver bugfixes
      
         - usblp driver bugfix
      
         - thunderbolt bugfix
      
         - few other tiny fixes
      
        All have been in linux-next with no reported issues"
      
      * tag 'usb-5.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: dwc2: Fix endpoint direction check in ep_from_windex
        usb: dwc3: fix clock issue during resume in OTG mode
        xhci: fix bounce buffer usage for non-sg list case
        usb: host: xhci: mvebu: make USB 3.0 PHY optional for Armada 3720
        usb: xhci-mtk: break loop when find the endpoint to drop
        usb: xhci-mtk: skip dropping bandwidth of unchecked endpoints
        usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
        USB: gadget: legacy: fix an error code in eth_bind()
        thunderbolt: Fix possible NULL pointer dereference in tb_acpi_add_link()
        USB: serial: option: Adding support for Cinterion MV31
        usb: xhci-mtk: fix unreleased bandwidth data
        usb: gadget: aspeed: add missing of_node_put
        USB: usblp: don't call usb_set_interface if there's a single alt
        USB: serial: cp210x: add pid/vid for WSDA-200-USB
        USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000
      368afecb
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 7c2d1835
      Linus Torvalds 提交于
      Pull input fixes from Dmitry Torokhov:
       "Nothing terribly interesting, just a few fixups"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: xpad - sync supported devices with fork on GitHub
        Input: ariel-pwrbutton - remove unused variable ariel_pwrbutton_id_table
        Input: goodix - add support for Goodix GT9286 chip
        dt-bindings: input: touchscreen: goodix: Add binding for GT9286 IC
        dt-bindings: input: adc-keys: clarify description
        Input: ili210x - implement pressure reporting for ILI251x
        Input: i8042 - unbreak Pegatron C15B
        Input: st1232 - wait until device is ready before reading resolution
        Input: st1232 - do not read more bytes than needed
        Input: st1232 - fix off-by-one error in resolution handling
      7c2d1835
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 964d069f
      Linus Torvalds 提交于
      Pull SCSI fix from James Bottomley:
       "One fix in drivers (lpfc) that stops an oops on resource exhaustion"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: lpfc: Fix EEH encountering oops with NVMe traffic
      964d069f
    • L
      Merge tag 'block-5.11-2021-02-05' of git://git.kernel.dk/linux-block · eec79181
      Linus Torvalds 提交于
      Pull block fixes from Jens Axboe:
       "A few small regression fixes:
      
         - NVMe pull request from Christoph:
             - more quirks for buggy devices (Thorsten Leemhuis, Claus Stovgaard)
             - update the email address for Keith (Keith Busch)
             - fix an out of bounds access in nvmet-tcp (Sagi Grimberg)
      
         - Regression fix for BFQ shallow depth calculations introduced in
           this merge window (Lin)"
      
      * tag 'block-5.11-2021-02-05' of git://git.kernel.dk/linux-block:
        nvmet-tcp: fix out-of-bounds access when receiving multiple h2cdata PDUs
        bfq-iosched: Revert "bfq: Fix computation of shallow depth"
        update the email address for Keith Bush
        nvme-pci: ignore the subsysem NQN on Phison E16
        nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs
      eec79181
    • L
      Merge tag 'io_uring-5.11-2021-02-05' of git://git.kernel.dk/linux-block · 860b45da
      Linus Torvalds 提交于
      Pull io_uring fixes from Jens Axboe:
       "Two small fixes that should go into 5.11:
      
         - task_work resource drop fix (Pavel)
      
         - identity COW fix (Xiaoguang)"
      
      * tag 'io_uring-5.11-2021-02-05' of git://git.kernel.dk/linux-block:
        io_uring: drop mm/files between task_work_submit
        io_uring: don't modify identity's files uncess identity is cowed
      860b45da
  5. 06 2月, 2021 19 次提交