1. 01 May, 2020 1 commit
    • KP Singh's avatar
      security: Fix the default value of fs_context_parse_param hook · 54261af4
      KP Singh authored
      security_fs_context_parse_param is called by vfs_parse_fs_param and
      a succussful return value (i.e 0) implies that a parameter will be
      consumed by the LSM framework. This stops all further parsing of the
      parmeter by VFS. Furthermore, if an LSM hook returns a success, the
      remaining LSM hooks are not invoked for the parameter.
      
      The current default behavior of returning success means that all the
      parameters are expected to be parsed by the LSM hook and none of them
      end up being populated by vfs in fs_context
      
      This was noticed when lsm=bpf is supplied on the command line before any
      other LSM. As the bpf lsm uses this default value to implement a default
      hook, this resulted in a failure to parse any fs_context parameters and
      a failure to mount the root filesystem.
      
      Fixes: 98e828a0 ("security: Refactor declaration of LSM hooks")
      Reported-by: default avatarMikko Ylinen <mikko.ylinen@linux.intel.com>
      Signed-off-by: default avatarKP Singh <kpsingh@google.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      54261af4
  2. 30 Apr, 2020 6 commits
  3. 29 Apr, 2020 2 commits
  4. 28 Apr, 2020 5 commits
    • Gabriel Krisman Bertazi's avatar
      dm multipath: use updated MPATHF_QUEUE_IO on mapping for bio-based mpath · 5686dee3
      Gabriel Krisman Bertazi authored
      When adding devices that don't have a scsi_dh on a BIO based multipath,
      I was able to consistently hit the warning below and lock-up the system.
      
      The problem is that __map_bio reads the flag before it potentially being
      modified by choose_pgpath, and ends up using the older value.
      
      The WARN_ON below is not trivially linked to the issue. It goes like
      this: The activate_path delayed_work is not initialized for non-scsi_dh
      devices, but we always set MPATHF_QUEUE_IO, asking for initialization.
      That is fine, since MPATHF_QUEUE_IO would be cleared in choose_pgpath.
      Nevertheless, only for BIO-based mpath, we cache the flag before calling
      choose_pgpath, and use the older version when deciding if we should
      initialize the path.  Therefore, we end up trying to initialize the
      paths, and calling the non-initialized activate_path work.
      
      [   82.437100] ------------[ cut here ]------------
      [   82.437659] WARNING: CPU: 3 PID: 602 at kernel/workqueue.c:1624
        __queue_delayed_work+0x71/0x90
      [   82.438436] Modules linked in:
      [   82.438911] CPU: 3 PID: 602 Comm: systemd-udevd Not tainted 5.6.0-rc6+ #339
      [   82.439680] RIP: 0010:__queue_delayed_work+0x71/0x90
      [   82.440287] Code: c1 48 89 4a 50 81 ff 00 02 00 00 75 2a 4c 89 cf e9
      94 d6 07 00 e9 7f e9 ff ff 0f 0b eb c7 0f 0b 48 81 7a 58 40 74 a8 94 74
      a7 <0f> 0b 48 83 7a 48 00 74 a5 0f 0b eb a1 89 fe 4c 89 cf e9 c8 c4 07
      [   82.441719] RSP: 0018:ffffb738803977c0 EFLAGS: 00010007
      [   82.442121] RAX: ffffa086389f9740 RBX: 0000000000000002 RCX: 0000000000000000
      [   82.442718] RDX: ffffa086350dd930 RSI: ffffa0863d76f600 RDI: 0000000000000200
      [   82.443484] RBP: 0000000000000200 R08: 0000000000000000 R09: ffffa086350dd970
      [   82.444128] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa086350dd930
      [   82.444773] R13: ffffa0863d76f600 R14: 0000000000000000 R15: ffffa08636738008
      [   82.445427] FS:  00007f6abfe9dd40(0000) GS:ffffa0863dd80000(0000) knlGS:00000
      [   82.446040] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   82.446478] CR2: 0000557d288db4e8 CR3: 0000000078b36000 CR4: 00000000000006e0
      [   82.447104] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [   82.447561] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [   82.448012] Call Trace:
      [   82.448164]  queue_delayed_work_on+0x6d/0x80
      [   82.448472]  __pg_init_all_paths+0x7b/0xf0
      [   82.448714]  pg_init_all_paths+0x26/0x40
      [   82.448980]  __multipath_map_bio.isra.0+0x84/0x210
      [   82.449267]  __map_bio+0x3c/0x1f0
      [   82.449468]  __split_and_process_non_flush+0x14a/0x1b0
      [   82.449775]  __split_and_process_bio+0xde/0x340
      [   82.450045]  ? dm_get_live_table+0x5/0xb0
      [   82.450278]  dm_process_bio+0x98/0x290
      [   82.450518]  dm_make_request+0x54/0x120
      [   82.450778]  generic_make_request+0xd2/0x3e0
      [   82.451038]  ? submit_bio+0x3c/0x150
      [   82.451278]  submit_bio+0x3c/0x150
      [   82.451492]  mpage_readpages+0x129/0x160
      [   82.451756]  ? bdev_evict_inode+0x1d0/0x1d0
      [   82.452033]  read_pages+0x72/0x170
      [   82.452260]  __do_page_cache_readahead+0x1ba/0x1d0
      [   82.452624]  force_page_cache_readahead+0x96/0x110
      [   82.452903]  generic_file_read_iter+0x84f/0xae0
      [   82.453192]  ? __seccomp_filter+0x7c/0x670
      [   82.453547]  new_sync_read+0x10e/0x190
      [   82.453883]  vfs_read+0x9d/0x150
      [   82.454172]  ksys_read+0x65/0xe0
      [   82.454466]  do_syscall_64+0x4e/0x210
      [   82.454828]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
      [...]
      [   82.462501] ---[ end trace bb39975e9cf45daa ]---
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarGabriel Krisman Bertazi <krisman@collabora.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      5686dee3
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 96c9a780
      Linus Torvalds authored
      Pull vfs fixes from Al Viro:
       "Two old bugs..."
      
      * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        propagate_one(): mnt_set_mountpoint() needs mount_lock
        dlmfs_file_write(): fix the bogosity in handling non-zero *ppos
      96c9a780
    • David Howells's avatar
      Fix use after free in get_tree_bdev() · dd7bc815
      David Howells authored
      Commit 6fcf0c72, a fix to get_tree_bdev() put a missing blkdev_put() in
      the wrong place, before a warnf() that displays the bdev under
      consideration rather after it.
      
      This results in a silent lockup in printk("%pg") called via warnf() from
      get_tree_bdev() under some circumstances when there's a race with the
      blockdev being frozen.  This can be caused by xfstests/tests/generic/085 in
      combination with Lukas Czerner's ext4 mount API conversion patchset.  It
      looks like it ought to occur with other users of get_tree_bdev() such as
      XFS, but apparently doesn't.
      
      Fix this by switching the order of the lines.
      
      Fixes: 6fcf0c72 ("vfs: add missing blkdev_put() in get_tree_bdev()")
      Reported-by: default avatarLukas Czerner <lczerner@redhat.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Ian Kent <raven@themaw.net>
      cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      dd7bc815
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · edb98d16
      Linus Torvalds authored
      Pull rdma fixes from Jason Gunthorpe:
       "A couple of regressions were found in rc1, as well as another set of
        races and bugs:
      
         - A regression where RDMA_CM_EVENT_REJECTED was lost in some cases
      
         - Bad error handling in the CM, uverbs, rvt, siw and i40iw
      
         - Kernel stack memory leak to user space in mlx4
      
         - Missing data in a uapi query for mlx5
      
         - Three races found by syzkaller in the ib core code"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        RDMA/core: Fix race between destroy and release FD object
        IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info()
        RDMA/core: Fix overwriting of uobj in case of error
        RDMA/core: Prevent mixed use of FDs between shared ufiles
        RDMA/uverbs: Fix a race with disassociate and exit_mmap()
        RDMA/mlx5: Set GRH fields in query QP on RoCE
        RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr()
        RDMA/mlx4: Initialize ib_spec on the stack
        RDMA/cm: Fix an error check in cm_alloc_id_priv()
        RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message
        i40iw: fix null pointer dereference on a null wqe pointer
      edb98d16
    • Linus Torvalds's avatar
      Merge tag 'cve-2020-11884' from emailed bundle · 3f777e19
      Linus Torvalds authored
      Pull s390 fix from Christian Borntraeger:
       "Fix a race between page table upgrade and uaccess on s390.
      
        This fixes CVE-2020-11884 which allows for a local kernel crash or
        code execution"
      
      * tag 'cve-2020-11884' from emailed bundle:
        s390/mm: fix page table upgrade vs 2ndary address mode accesses
      3f777e19
  5. 27 Apr, 2020 4 commits
  6. 26 Apr, 2020 11 commits
    • Linus Torvalds's avatar
      Linux 5.7-rc3 · 6a8b55ed
      Linus Torvalds authored
      6a8b55ed
    • Linus Torvalds's avatar
      Merge tag '5.7-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · d4fb4bfb
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Five cifs/smb3 fixes:two for DFS reconnect failover, one lease fix for
        stable and the others to fix a missing spinlock during reconnect"
      
      * tag '5.7-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: fix uninitialised lease_key in open_shroot()
        cifs: ensure correct super block for DFS reconnect
        cifs: do not share tcons with DFS
        cifs: minor update to comments around the cifs_tcp_ses_lock mutex
        cifs: protect updating server->dstaddr with a spinlock
      d4fb4bfb
    • Linus Torvalds's avatar
      Merge tag 'usb-5.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · e9a61afb
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a number of USB driver fixes for 5.7-rc3.
      
        Nothing huge, just the usual collection of:
      
         - xhci fixes
      
         - gadget driver fixes
      
         - syzkaller fuzzing fixes
      
         - new device ids and DT bindings
      
         - new quirks added for broken devices
      
        A few of the gadget driver fixes show up twice here as they were
        applied to my branch, and also by Felipe to his branch which I then
        pulled in as we got out of sync a bit.
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-5.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (33 commits)
        USB: sisusbvga: Change port variable from signed to unsigned
        usb-storage: Add unusual_devs entry for JMicron JMS566
        USB: hub: Revert commit bd0e6c96 ("usb: hub: try old enumeration scheme first for high speed devices")
        USB: hub: Fix handling of connect changes during sleep
        usb: typec: altmode: Fix typec_altmode_get_partner sometimes returning an invalid pointer
        xhci: Don't clear hub TT buffer on ep0 protocol stall
        xhci: prevent bus suspend if a roothub port detected a over-current condition
        xhci: Fix handling halted endpoint even if endpoint ring appears empty
        usb: raw-gadget: Fix copy_to/from_user() checks
        usb: raw-gadget: fix raw_event_queue_fetch locking
        usb: gadget: udc: atmel: Fix vbus disconnect handling
        usb: dwc3: gadget: Fix request completion check
        USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE
        phy: tegra: Select USB_COMMON for usb_get_maximum_speed()
        usb: typec: tcpm: Ignore CC and vbus changes in PORT_RESET change
        usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
        cdc-acm: introduce a cool down
        cdc-acm: close race betrween suspend() and acm_softint
        UAS: fix deadlock in error handling and PM flushing work
        UAS: no use logging any details in case of ENODEV
        ...
      e9a61afb
    • Linus Torvalds's avatar
      Merge tag 'tty-5.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · c5f33785
      Linus Torvalds authored
      Pull tty/serial fixes from Greg KH:
       "Here are some tty and serial driver fixes for 5.7-rc3.
      
        The "largest" in here are a number of reverts for previous changes to
        the uartps serial driver that turned out to not be a good idea at all.
      
        The others are just small fixes found by people and tools. Included in
        here is a much-reported symbol export needed by previous changes that
        happened in 5.7-rc1. All of these have been in linux-next for a while
        with no reported issues"
      
      * tag 'tty-5.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        tty: hvc: fix buffer overflow during hvc_alloc().
        tty: rocket, avoid OOB access
        tty: serial: bcm63xx: fix missing clk_put() in bcm63xx_uart
        vt: don't hardcode the mem allocation upper bound
        tty: serial: owl: add "much needed" clk_prepare_enable()
        vt: don't use kmalloc() for the unicode screen buffer
        tty/sysrq: Export sysrq_mask(), sysrq_toggle_support()
        serial: sh-sci: Make sure status register SCxSR is read in correct sequence
        serial: sunhv: Initialize lock for non-registered console
        Revert "serial: uartps: Register own uart console and driver structures"
        Revert "serial: uartps: Move Port ID to device data structure"
        Revert "serial: uartps: Change uart ID port allocation"
        Revert "serial: uartps: Do not allow use aliases >= MAX_UART_INSTANCES"
        Revert "serial: uartps: Fix error path when alloc failed"
        Revert "serial: uartps: Use the same dynamic major number for all ports"
        Revert "serial: uartps: Fix uartps_major handling"
      c5f33785
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · f6da8bd1
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are 4 small misc driver fixes for 5.7-rc3:
      
         - mei driver fix
      
         - interconnect driver fix
      
         - two fpga driver fixes
      
        All have been in linux-next with no reported issues"
      
      * tag 'char-misc-5.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        interconnect: qcom: Fix uninitialized tcs_cmd::wait
        mei: me: fix irq number stored in hw struct
        fpga: dfl: pci: fix return value of cci_pci_sriov_configure
        fpga: zynq: Remove clk_get error message for probe defer
      f6da8bd1
    • Linus Torvalds's avatar
      Merge tag 'staging-5.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · edf17b28
      Linus Torvalds authored
      Pull staging/IIO driver fixes from Greg KH:
       "Here are some small staging and IIO driver fixes for 5.7-rc3
      
        Lots of tiny things for reported issues in staging and IIO drivers,
        including a counter driver fix as well (the iio drivers seem to be
        tied to those). Full details of the fixes are in the shortlog.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'staging-5.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (27 commits)
        staging: vt6656: Fix calling conditions of vnt_set_bss_mode
        staging: comedi: Fix comedi_device refcnt leak in comedi_open
        staging: vt6656: Fix pairwise key entry save.
        staging: vt6656: Fix drivers TBTT timing counter.
        staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default.
        MAINTAINERS: remove Stefan Popa's email
        iio: adc: ad7192: fix null pointer de-reference crash during probe
        iio: core: remove extra semi-colon from devm_iio_device_register() macro
        iio: adc: ti-ads8344: properly byte swap value
        iio: imu: inv_mpu6050: fix suspend/resume with runtime power
        iio: st_sensors: rely on odr mask to know if odr can be set
        iio: xilinx-xadc: Make sure not exceed maximum samplerate
        iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode
        iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
        iio: xilinx-xadc: Fix ADC-B powerdown
        iio: dac: ad5770r: fix off-by-one check on maximum number of channels
        iio: imu: st_lsm6dsx: flush hw FIFO before resetting the device
        iio: core: Fix handling of 'dB'
        dt-bindings: iio: adc: stm32-adc: fix id relative path
        counter: 104-quad-8: Add lock guards - generic interface
        ...
      edf17b28
    • Linus Torvalds's avatar
      Merge tag 'driver-core-5.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core · a8a0e2a9
      Linus Torvalds authored
      Pull driver core fixes from Greg KH:
       "Here are some small firmware/driver core/debugfs fixes for 5.7-rc3.
      
        The debugfs change is now possible as now the last users of
        debugfs_create_u32() have been fixed up in the different trees that
        got merged into 5.7-rc1, and I don't want it creeping back in.
      
        The firmware changes did cause a regression in linux-next, so the
        final patch here reverts part of that, re-exporting the symbol to
        resolve that issue. All of these patches, with the exception of the
        final one, have been in linux-next with only that one reported issue"
      
      * tag 'driver-core-5.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        firmware_loader: revert removal of the fw_fallback_config export
        debugfs: remove return value of debugfs_create_u32()
        firmware_loader: remove unused exports
        firmware: imx: fix compile-testing
      a8a0e2a9
    • Linus Torvalds's avatar
      Merge tag 's390-5.7-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 749f0461
      Linus Torvalds authored
      Pull s390 fixes from Vasily Gorbik:
      
       - Add a few notrace annotations to avoid potential crashes when
         switching ftrace tracers.
      
       - Avoid setting affinity for floating irqs in pci code.
      
       - Fix build issue found by kbuild test robot.
      
      * tag 's390-5.7-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/protvirt: fix compilation issue
        s390/pci: do not set affinity for floating irqs
        s390/ftrace: fix potential crashes when switching tracers
      749f0461
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.7-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 670bcd79
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - One important fix for a bug in the way we find the cache-line size
         from the device tree, which was leading to the wrong size being
         reported to userspace on some platforms.
      
       - A fix for 8xx STRICT_KERNEL_RWX which was leaving TLB entries around
         leading to a window at boot when the strict mapping wasn't enforced.
      
       - A fix to enable our KUAP (kernel user access prevention) debugging on
         PPC32.
      
       - A build fix for clang in lib/mpi.
      
      Thanks to: Chris Packham, Christophe Leroy, Nathan Chancellor, Qian Cai.
      
      * tag 'powerpc-5.7-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        lib/mpi: Fix building for powerpc with clang
        powerpc/mm: Fix CONFIG_PPC_KUAP_DEBUG on PPC32
        powerpc/8xx: Fix STRICT_KERNEL_RWX startup test failure
        powerpc/setup_64: Set cache-line-size based on cache-block-size
      670bcd79
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-5.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · 58792882
      Linus Torvalds authored
      Pull more Devicetree fixes from Rob Herring:
       "A couple of schema and kbuild fixes"
      
      * tag 'devicetree-fixes-for-5.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        dt-bindings: phy: qcom-qusb2: Fix defaults
        dt-bindings: Fix erroneous 'additionalProperties'
        dt-bindings: Fix command line length limit calling dt-mk-schema
        dt-bindings: Re-enable core schemas for dtbs_check
      58792882
    • Luis Chamberlain's avatar
      firmware_loader: revert removal of the fw_fallback_config export · 5a357703
      Luis Chamberlain authored
      Christoph's patch removed two unsused exported symbols, however, one
      symbol is used by the firmware_loader itself.  If CONFIG_FW_LOADER=m so
      the firmware_loader is modular but CONFIG_FW_LOADER_USER_HELPER=y we fail
      the build at mostpost.
      
      ERROR: modpost: "fw_fallback_config" [drivers/base/firmware_loader/firmware_class.ko] undefined!
      
      This happens because the variable fw_fallback_config is built into the
      kernel if CONFIG_FW_LOADER_USER_HELPER=y always, so we need to grant
      access to the firmware loader module by exporting it.
      
      Revert only one hunk from his patch.
      
      Fixes: 73960473 ("firmware_loader: remove unused exports")
      Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: default avatarLuis Chamberlain <mcgrof@kernel.org>
      Link: https://lore.kernel.org/r/20200424184916.22843-1-mcgrof@kernel.orgSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5a357703
  7. 25 Apr, 2020 11 commits