From patchwork Mon Jun 1 17:53:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224849 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8401FC433DF for ; Mon, 1 Jun 2020 19:01:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 60149206E2 for ; Mon, 1 Jun 2020 19:01:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038087; bh=pXx2nQRRYIisgFvTzM9Z2xuVQCuuWS9hRnBOw/IVgOU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=icAymcoL1dDdDSdRZAwjRrKLWPUiDu0jNq37X9ka4/MT+vlm7ghJhJbpaZPe7bNE0 +CbLBzfZSP1Ny0RdoJc5FRaOhExMj1WL/v0PDGx4VHwFTDNUOON8q+ABkC1iKuS8bE GOAxm6ep7dy48h9DbAKe+ka/K+OkovTrw7fW7lkQ= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729101AbgFATBW (ORCPT ); Mon, 1 Jun 2020 15:01:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:36146 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728449AbgFAR4D (ORCPT ); Mon, 1 Jun 2020 13:56:03 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DF26E206E2; Mon, 1 Jun 2020 17:56:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034162; bh=pXx2nQRRYIisgFvTzM9Z2xuVQCuuWS9hRnBOw/IVgOU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gj3f1QQti3ANhIDZn3JMA/0j/D3gOCW6kKWKxJO/Su6bTa7/ZDBUyTSV+Y9cJgzit dsMM5dmqwzi7MUS68JQSZHR2dwusz0gkVbguh2Uj0c2wxOGqAnZ0g3phw8SHdBcMlk lkRPSuPeVp/FlnPpkrMbV9gxmS43ijQUVGvWMtFg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Peter Zijlstra , Eric Dumazet , "David S. Miller" , Alexey Kuznetsov , Hideaki YOSHIFUJI , Jakub Kicinski , Jiri Pirko , Arvind Sankar , Jiong Wang , Yuqi Jin , Shaokun Zhang Subject: [PATCH 4.4 02/48] net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" Date: Mon, 1 Jun 2020 19:53:12 +0200 Message-Id: <20200601173952.792601887@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Yuqi Jin [ Upstream commit a6211caa634da39d861a47437ffcda8b38ef421b ] Commit adb03115f459 ("net: get rid of an signed integer overflow in ip_idents_reserve()") used atomic_cmpxchg to replace "atomic_add_return" inside the function "ip_idents_reserve". The reason was to avoid UBSAN warning. However, this change has caused performance degrade and in GCC-8, fno-strict-overflow is now mapped to -fwrapv -fwrapv-pointer and signed integer overflow is now undefined by default at all optimization levels[1]. Moreover, it was a bug in UBSAN vs -fwrapv /-fno-strict-overflow, so Let's revert it safely. [1] https://gcc.gnu.org/gcc-8/changes.html Suggested-by: Peter Zijlstra Suggested-by: Eric Dumazet Cc: "David S. Miller" Cc: Alexey Kuznetsov Cc: Hideaki YOSHIFUJI Cc: Jakub Kicinski Cc: Jiri Pirko Cc: Arvind Sankar Cc: Peter Zijlstra Cc: Eric Dumazet Cc: Jiong Wang Signed-off-by: Yuqi Jin Signed-off-by: Shaokun Zhang Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/route.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -477,18 +477,16 @@ u32 ip_idents_reserve(u32 hash, int segs atomic_t *p_id = ip_idents + hash % IP_IDENTS_SZ; u32 old = ACCESS_ONCE(*p_tstamp); u32 now = (u32)jiffies; - u32 new, delta = 0; + u32 delta = 0; if (old != now && cmpxchg(p_tstamp, old, now) == old) delta = prandom_u32_max(now - old); - /* Do not use atomic_add_return() as it makes UBSAN unhappy */ - do { - old = (u32)atomic_read(p_id); - new = old + delta + segs; - } while (atomic_cmpxchg(p_id, old, new) != old); - - return new - segs; + /* If UBSAN reports an error there, please make sure your compiler + * supports -fno-strict-overflow before reporting it that was a bug + * in UBSAN, and it has been fixed in GCC-8. + */ + return atomic_add_return(segs + delta, p_id) - segs; } EXPORT_SYMBOL(ip_idents_reserve); From patchwork Mon Jun 1 17:53:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224855 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89E8DC433DF for ; Mon, 1 Jun 2020 19:00:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5541C206E2 for ; Mon, 1 Jun 2020 19:00:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038031; bh=acaU8/9TOoEnS9sV75MGOhjEpryxaPnGd/izJ/7EF3o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=0jtNSgi0E5i99rcPsndzgnSMwyn+rAbtJo9Ftimtf1Mw/nvBYgfQ/p/pGg+pbdPJT EqlA/dLgqggxAD9woqvaPT3WYXUDD0J1GE1q4gmcmylb7lyeHWogZW8Wpx+ONW5iJl 6vLn7V+wZ7RSvHpK0fXQr/xHpL7khnWEQp5CTakI= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728627AbgFAR4a (ORCPT ); Mon, 1 Jun 2020 13:56:30 -0400 Received: from mail.kernel.org ([198.145.29.99]:36948 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728619AbgFAR4a (ORCPT ); Mon, 1 Jun 2020 13:56:30 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D26C02073B; Mon, 1 Jun 2020 17:56:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034189; bh=acaU8/9TOoEnS9sV75MGOhjEpryxaPnGd/izJ/7EF3o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WL7KZfHnPHUlUUXqeRYBRY1I4+bhhQxrdVpMA8tWOKTW5gEz2Uuxoqi6+DKEuj+/1 998zWraf9e3OOEJRb8gLkX/xBfExMJSXTXJWGqaXn0giLE16HfS1UDFSaBm5JwXs73 k6W9a94X85XrHTzs/04BVlPow28cvPxRgQ0AX6UQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Moshe Shemesh , Eran Ben Elisha , Saeed Mahameed Subject: [PATCH 4.4 04/48] net/mlx5: Add command entry handling completion Date: Mon, 1 Jun 2020 19:53:14 +0200 Message-Id: <20200601173953.233215090@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Moshe Shemesh [ Upstream commit 17d00e839d3b592da9659c1977d45f85b77f986a ] When FW response to commands is very slow and all command entries in use are waiting for completion we can have a race where commands can get timeout before they get out of the queue and handled. Timeout completion on uninitialized command will cause releasing command's buffers before accessing it for initialization and then we will get NULL pointer exception while trying access it. It may also cause releasing buffers of another command since we may have timeout completion before even allocating entry index for this command. Add entry handling completion to avoid this race. Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters") Signed-off-by: Moshe Shemesh Signed-off-by: Eran Ben Elisha Signed-off-by: Saeed Mahameed Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 15 +++++++++++++++ include/linux/mlx5/driver.h | 1 + 2 files changed, 16 insertions(+) --- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c @@ -670,6 +670,7 @@ static void cmd_work_handler(struct work int alloc_ret; int cmd_mode; + complete(&ent->handling); sem = ent->page_queue ? &cmd->pages_sem : &cmd->sem; down(sem); if (!ent->page_queue) { @@ -769,6 +770,12 @@ static int wait_func(struct mlx5_core_de struct mlx5_cmd *cmd = &dev->cmd; int err; + if (!wait_for_completion_timeout(&ent->handling, timeout) && + cancel_work_sync(&ent->work)) { + ent->ret = -ECANCELED; + goto out_err; + } + if (cmd->mode == CMD_MODE_POLLING) { wait_for_completion(&ent->done); } else if (!wait_for_completion_timeout(&ent->done, timeout)) { @@ -776,12 +783,17 @@ static int wait_func(struct mlx5_core_de mlx5_cmd_comp_handler(dev, 1UL << ent->idx); } +out_err: err = ent->ret; if (err == -ETIMEDOUT) { mlx5_core_warn(dev, "%s(0x%x) timeout. Will cause a leak of a command resource\n", mlx5_command_str(msg_to_opcode(ent->in)), msg_to_opcode(ent->in)); + } else if (err == -ECANCELED) { + mlx5_core_warn(dev, "%s(0x%x) canceled on out of queue timeout.\n", + mlx5_command_str(msg_to_opcode(ent->in)), + msg_to_opcode(ent->in)); } mlx5_core_dbg(dev, "err %d, delivery status %s(%d)\n", err, deliv_status_to_str(ent->status), ent->status); @@ -826,6 +838,7 @@ static int mlx5_cmd_invoke(struct mlx5_c ent->token = token; + init_completion(&ent->handling); if (!callback) init_completion(&ent->done); @@ -841,6 +854,8 @@ static int mlx5_cmd_invoke(struct mlx5_c if (callback) goto out; + if (err == -ECANCELED) + goto out_free; err = wait_func(dev, ent); if (err == -ETIMEDOUT) --- a/include/linux/mlx5/driver.h +++ b/include/linux/mlx5/driver.h @@ -569,6 +569,7 @@ struct mlx5_cmd_work_ent { struct delayed_work cb_timeout_work; void *context; int idx; + struct completion handling; struct completion done; struct mlx5_cmd *cmd; struct work_struct work; From patchwork Mon Jun 1 17:53:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 225140 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58526C433E0 for ; Mon, 1 Jun 2020 17:56:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3BE70206E2 for ; Mon, 1 Jun 2020 17:56:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034195; bh=8X9HU6b1c4jo32TsWzW6l8edB1iW46dxxPn50t0tRjE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=V2dx/f8exO86eog3/s6NFPRj98kr/GGzqMt5I3YWdYxjvMnPjG0aDftqnSN2SbOCq OswutL9dlHZ9tAZdQGim8NFgJ5ZcUuTNA3BplCeI5978522/Ien/g/7wWa1wjXj/Sc Iyt4BXicRCya8YUn8YKpSF8pO1dx1eb3W4Q203lQ= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728205AbgFAR4e (ORCPT ); Mon, 1 Jun 2020 13:56:34 -0400 Received: from mail.kernel.org ([198.145.29.99]:37088 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728639AbgFAR4e (ORCPT ); Mon, 1 Jun 2020 13:56:34 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5E99B2074B; Mon, 1 Jun 2020 17:56:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034193; bh=8X9HU6b1c4jo32TsWzW6l8edB1iW46dxxPn50t0tRjE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZHJ8N6CMpjHgRfiVG4avVeClI4OUSg0HZlpBjfaLDdROp1tt57Bo1fa3L17KVzvtJ 7lbTmlXCga6TeTbMB8psO8vQ+YFw/6foScOVvZs1Xnl7REsUTLAliTxmxg9ATBTyiv /m0h/DtqNFndJyUiNjQkW4WiIoLJL3dZLVxNgk7M= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Qiushi Wu , "David S. Miller" Subject: [PATCH 4.4 06/48] net/mlx4_core: fix a memory leak bug. Date: Mon, 1 Jun 2020 19:53:16 +0200 Message-Id: <20200601173953.870589538@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Qiushi Wu commit febfd9d3c7f74063e8e630b15413ca91b567f963 upstream. In function mlx4_opreq_action(), pointer "mailbox" is not released, when mlx4_cmd_box() return and error, causing a memory leak bug. Fix this issue by going to "out" label, mlx4_free_cmd_mailbox() can free this pointer. Fixes: fe6f700d6cbb ("net/mlx4_core: Respond to operation request by firmware") Signed-off-by: Qiushi Wu Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/mellanox/mlx4/fw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/mellanox/mlx4/fw.c +++ b/drivers/net/ethernet/mellanox/mlx4/fw.c @@ -2522,7 +2522,7 @@ void mlx4_opreq_action(struct work_struc if (err) { mlx4_err(dev, "Failed to retrieve required operation: %d\n", err); - return; + goto out; } MLX4_GET(modifier, outbox, GET_OP_REQ_MODIFIER_OFFSET); MLX4_GET(token, outbox, GET_OP_REQ_TOKEN_OFFSET); From patchwork Mon Jun 1 17:53:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224856 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B2B4C433E1 for ; Mon, 1 Jun 2020 19:00:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4D432206E2 for ; Mon, 1 Jun 2020 19:00:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038023; bh=1Pm6gaFiAxl5+Jo1O7iSY7cXigm9jLrMs2GVPLwkq48=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=wLMq1f7KxnCAczldcBWEwtXtZbpC0IHMMbA/Gmeu6TKk/7dK9hMyCq26W+rzYILM1 maAdvLHVGogARRS2OTG3TP0IGIQqrxwFrmM5YqNdQKD8G2OlErDeWJOMrma8W2xXTr qCiaWTUqi0YAt72XKUMmeZvpPMCVUbLwDCBHAzik= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728547AbgFATAQ (ORCPT ); Mon, 1 Jun 2020 15:00:16 -0400 Received: from mail.kernel.org ([198.145.29.99]:37148 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728619AbgFAR4g (ORCPT ); Mon, 1 Jun 2020 13:56:36 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9D3E0206E2; Mon, 1 Jun 2020 17:56:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034196; bh=1Pm6gaFiAxl5+Jo1O7iSY7cXigm9jLrMs2GVPLwkq48=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pgILq50OjFhayT3FL+AEO7MBBrAMncYTcSVj0zMvUekO/gkiYOihYqo90Iov5FPox sg1G3jcxQgLkhKHZpiKQtg+oypvGvRdH22TBduTc54Hjnel3aCEw5SrOf0Em43lPDm Z93T05ioI0vCn8PZnJtqDolLcmMV2kmGVoPaNLmo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Dmitry V. Levin" , "David S. Miller" , Asbjoern Sloth Toennesen Subject: [PATCH 4.4 07/48] uapi: fix linux/if_pppol2tp.h userspace compilation errors Date: Mon, 1 Jun 2020 19:53:17 +0200 Message-Id: <20200601173954.188258319@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Dmitry V. Levin commit a725eb15db80643a160310ed6bcfd6c5a6c907f2 upstream. Because of interface limitations, provided by libc cannot be included after , therefore any header that includes cannot be included after . Change uapi/linux/l2tp.h, the last uapi header that includes , to include and instead of and use __SOCK_SIZE__ instead of sizeof(struct sockaddr) the same way as uapi/linux/in.h does, to fix linux/if_pppol2tp.h userspace compilation errors like this: In file included from /usr/include/linux/l2tp.h:12:0, from /usr/include/linux/if_pppol2tp.h:21, /usr/include/netinet/in.h:31:8: error: redefinition of 'struct in_addr' Fixes: 47c3e7783be4 ("net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_*") Signed-off-by: Dmitry V. Levin Signed-off-by: David S. Miller Signed-off-by: Asbjoern Sloth Toennesen Signed-off-by: Greg Kroah-Hartman --- include/uapi/linux/l2tp.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/include/uapi/linux/l2tp.h +++ b/include/uapi/linux/l2tp.h @@ -9,9 +9,8 @@ #include #include -#ifndef __KERNEL__ -#include -#endif +#include +#include #define IPPROTO_L2TP 115 @@ -31,7 +30,7 @@ struct sockaddr_l2tpip { __u32 l2tp_conn_id; /* Connection ID of tunnel */ /* Pad to size of `struct sockaddr'. */ - unsigned char __pad[sizeof(struct sockaddr) - + unsigned char __pad[__SOCK_SIZE__ - sizeof(__kernel_sa_family_t) - sizeof(__be16) - sizeof(struct in_addr) - sizeof(__u32)]; From patchwork Mon Jun 1 17:53:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224845 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E82F9C433E3 for ; Mon, 1 Jun 2020 19:01:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BBF712074B for ; Mon, 1 Jun 2020 19:01:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038111; bh=GXXj6hQz+sGwSms1JwSKF7z36WZ+ep/aZfuObAE5nbM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=ZhoIPyjaHqB+rMmAdsmF/8dyretixhkkVcXSE+f129EILjlwVhhSxuoHBGronVrPH A/eO5rhMsmJ8If55yYrNT0C9gfCkMn58JJbGxoiik0d3eyQ90QXK83Z1h7z4FfLoPm P8h4huwMKzmDW0uoASJgD40mQWrJh2RqMrEd1bzo= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728309AbgFATBv (ORCPT ); Mon, 1 Jun 2020 15:01:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:35740 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728219AbgFARzp (ORCPT ); Mon, 1 Jun 2020 13:55:45 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 31C662073B; Mon, 1 Jun 2020 17:55:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034144; bh=GXXj6hQz+sGwSms1JwSKF7z36WZ+ep/aZfuObAE5nbM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=edbsCx5slbT73ZOxYmrMCtu9+JLNUUW4Yr6N4bGxFf2lK6aks5MJEm3l5JNS3cA8K 0zEBxOztlR5FcgBBPccWHkE36iPYs8R2riIvLuI70prM0aLwCmtb0nO5RMXOiTN0c6 IzPTMZITeWfVLVe3jqvd3dianrpte7VyxJSZ/eSI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Coverity , Steve French , Shyam Prasad N , Sasha Levin Subject: [PATCH 4.4 12/48] cifs: Fix null pointer check in cifs_read Date: Mon, 1 Jun 2020 19:53:22 +0200 Message-Id: <20200601173955.878992498@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Steve French [ Upstream commit 9bd21d4b1a767c3abebec203342f3820dcb84662 ] Coverity scan noted a redundant null check Coverity-id: 728517 Reported-by: Coverity Signed-off-by: Steve French Reviewed-by: Shyam Prasad N Signed-off-by: Sasha Levin --- fs/cifs/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 2ffdaedca7e9..b5a05092f862 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -3230,7 +3230,7 @@ cifs_read(struct file *file, char *read_data, size_t read_size, loff_t *offset) * than it negotiated since it will refuse the read * then. */ - if ((tcon->ses) && !(tcon->ses->capabilities & + if (!(tcon->ses->capabilities & tcon->ses->server->vals->cap_large_files)) { current_read_size = min_t(uint, current_read_size, CIFSMaxBufSize); From patchwork Mon Jun 1 17:53:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224846 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF5F2C433E2 for ; Mon, 1 Jun 2020 19:01:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B2CCB206E2 for ; Mon, 1 Jun 2020 19:01:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038110; bh=wdV/IuvII1riB0RS77i6n9DRIo5lDhGG/ZJgulUt8/w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=B2TfLQt/8ULcz5OnOfAYqQqvH7Hws3xROfRQQAv0aZUUCVSOq5nCDdiivf3E5ANOD YeojPxKy38TMXBDGQYDjE6sYnrTkFH1Ku1M/jHEdml3VHUJkS0+IuM/l+c87GYJdE0 WS+366qJ62ix3TXGdy279doMBGehlfnPh7xjRyic= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728194AbgFARzv (ORCPT ); Mon, 1 Jun 2020 13:55:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:35832 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728314AbgFARzt (ORCPT ); Mon, 1 Jun 2020 13:55:49 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A8909206E2; Mon, 1 Jun 2020 17:55:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034149; bh=wdV/IuvII1riB0RS77i6n9DRIo5lDhGG/ZJgulUt8/w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cLnvDv/UpSwH+9kcHAUEuISkAbqDXicgDbgfMGPpqu5brzwll75Zx2zXvx6gLnM4H d9ogKzswb+FuJ6upTF8x/mrcC1Rb1s8b+X6CVeFrCKwjK+aY4T4TXWLxLFh7E/Hedh zCeQWwvCYWSzEeK6FFONIGHT1m+TiUGqUvFZaexM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kevin Locke , Dmitry Torokhov , Sasha Levin Subject: [PATCH 4.4 14/48] Input: i8042 - add ThinkPad S230u to i8042 nomux list Date: Mon, 1 Jun 2020 19:53:24 +0200 Message-Id: <20200601173956.488658003@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Kevin Locke [ Upstream commit 18931506465a762ffd3f4803d36a18d336a67da9 ] On the Lenovo ThinkPad Twist S230u (3347-4HU) with BIOS version "GDETC1WW (1.81 ) 06/27/2019", whether booted in UEFI or Legacy/CSM mode the keyboard, Synaptics TouchPad, and TrackPoint either do not function or stop functioning a few minutes after boot. This problem has been noted before, perhaps only occurring on BIOS 1.57 and later.[1][2][3][4][5] This model does not have an external PS/2 port, so mux does not appear to be useful. Odds of a BIOS fix appear to be low: 1.57 was released over 6 years ago and although the [BIOS changelog] notes "Fixed an issue of UEFI touchpad/trackpoint/keyboard/touchscreen" in 1.58, it appears to be insufficient. Adding 33474HU to the nomux list avoids the issue on my system. [1]: https://bugs.launchpad.net/bugs/1210748 [2]: https://bbs.archlinux.org/viewtopic.php?pid=1360425 [3]: https://forums.linuxmint.com/viewtopic.php?f=46&t=41200 [4]: https://forums.linuxmint.com/viewtopic.php?f=49&t=157115 [5]: https://forums.lenovo.com/topic/findpost/27/1337119 [BIOS changelog]: https://download.lenovo.com/pccbbs/mobiles/gduj33uc.txt Signed-off-by: Kevin Locke Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/feb8a8339a67025dab3850e6377eb6f3a0e782ba.1587400635.git.kevin@kevinlocke.name Signed-off-by: Dmitry Torokhov Signed-off-by: Sasha Levin --- drivers/input/serio/i8042-x86ia64io.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h index a4e76084a2af..42330024da2f 100644 --- a/drivers/input/serio/i8042-x86ia64io.h +++ b/drivers/input/serio/i8042-x86ia64io.h @@ -545,6 +545,13 @@ static const struct dmi_system_id __initconst i8042_dmi_nomux_table[] = { DMI_MATCH(DMI_PRODUCT_NAME, "Aspire 5738"), }, }, + { + /* Lenovo ThinkPad Twist S230u */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "33474HU"), + }, + }, { } }; From patchwork Mon Jun 1 17:53:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224847 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC749C433E0 for ; Mon, 1 Jun 2020 19:01:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 87982206E2 for ; Mon, 1 Jun 2020 19:01:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038109; bh=ExMKuf+azTmVVi/YGd55XhCM+QRC8qCRQFM9lqh3wtc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=g9R3t9rg9EAXDf0zxwdVaF17sORZKzW2fR5wgCvOjL9jkk25bUeVbf2eRFh/4nEIE 57AgU6P/yQVGMwzyMiOkm7z5SDh+06Ojt17MftpCRnD9SBvzBwrxBqns3k5yGTAOFN zUVcbJsJxg389/k+UxNcuDEAKhZu2rGv6K60IZNI= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728373AbgFARzy (ORCPT ); Mon, 1 Jun 2020 13:55:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:35882 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728351AbgFARzw (ORCPT ); Mon, 1 Jun 2020 13:55:52 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E65242073B; Mon, 1 Jun 2020 17:55:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034151; bh=ExMKuf+azTmVVi/YGd55XhCM+QRC8qCRQFM9lqh3wtc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SZ0UxQ98rrHOFa4s16pkXOlZ4X5L1NeIU01YdFjiufDcCWDU8hr7D5IirPMp39WJT 4NagLxkHG5dIOHp9lLkHvL5IOxJ2J3faHh71FZLGW9h0B2ngV84BJrLpuj0f9rJh49 Mthq5KMrvMWe1CB4530d5TNjDB82t6uwkIZSdO4U= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mathieu Maret , Brendan Shanks , Dmitry Torokhov , Sasha Levin Subject: [PATCH 4.4 15/48] Input: evdev - call input_flush_device() on release(), not flush() Date: Mon, 1 Jun 2020 19:53:25 +0200 Message-Id: <20200601173956.976457109@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Brendan Shanks [ Upstream commit 09264098ff153f60866039d60b31d39b66f55a31 ] input_flush_device() should only be called once the struct file is being released and no open descriptors remain, but evdev_flush() was calling it whenever a file descriptor was closed. This caused uploaded force-feedback effects to be erased when a process did a dup()/close() on the event FD, called system(), etc. Call input_flush_device() from evdev_release() instead. Reported-by: Mathieu Maret Signed-off-by: Brendan Shanks Link: https://lore.kernel.org/r/20200421231003.7935-1-bshanks@codeweavers.com Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov Signed-off-by: Sasha Levin --- drivers/input/evdev.c | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c index e9ae3d500a55..700f018df668 100644 --- a/drivers/input/evdev.c +++ b/drivers/input/evdev.c @@ -342,20 +342,6 @@ static int evdev_fasync(int fd, struct file *file, int on) return fasync_helper(fd, file, on, &client->fasync); } -static int evdev_flush(struct file *file, fl_owner_t id) -{ - struct evdev_client *client = file->private_data; - struct evdev *evdev = client->evdev; - - mutex_lock(&evdev->mutex); - - if (evdev->exist && !client->revoked) - input_flush_device(&evdev->handle, file); - - mutex_unlock(&evdev->mutex); - return 0; -} - static void evdev_free(struct device *dev) { struct evdev *evdev = container_of(dev, struct evdev, dev); @@ -469,6 +455,10 @@ static int evdev_release(struct inode *inode, struct file *file) unsigned int i; mutex_lock(&evdev->mutex); + + if (evdev->exist && !client->revoked) + input_flush_device(&evdev->handle, file); + evdev_ungrab(evdev, client); mutex_unlock(&evdev->mutex); @@ -1331,7 +1321,6 @@ static const struct file_operations evdev_fops = { .compat_ioctl = evdev_ioctl_compat, #endif .fasync = evdev_fasync, - .flush = evdev_flush, .llseek = no_llseek, }; From patchwork Mon Jun 1 17:53:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224848 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 15C1FC433E0 for ; Mon, 1 Jun 2020 19:01:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E981C206E2 for ; Mon, 1 Jun 2020 19:01:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038102; bh=1EqDWBCublThGphdinrbRT6uFLBsfp4qR1XYa7yaIfc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=a/cXf1a70io242rBAM/NBriiq7c0M5qJ0L1p1t3An+pbn1+3oOVH1Rdv4CvgL+1Zi Mr5dhSfhQOitVDaH3Z53GDexbGfeE/jJYgiAunMtSz/mR39q7AlWEbcjuQ4uKH945O uKtBXP7+l//WxdF3lA7Xwc2CzxaTlK3f+Syq4iuU= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728434AbgFATBm (ORCPT ); Mon, 1 Jun 2020 15:01:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:36036 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728407AbgFARz6 (ORCPT ); Mon, 1 Jun 2020 13:55:58 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 894942073B; Mon, 1 Jun 2020 17:55:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034158; bh=1EqDWBCublThGphdinrbRT6uFLBsfp4qR1XYa7yaIfc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BkgbTt1LH6lFiUgpjxWVhglazwlIs7e84iMLbq5kExsF/dV3lIrHv1jeIegU2UyPx bcF99Vkxoj+ZodlEMkZnJpwybXP34P/USKVMl9wcvHgED01m4+27g58hX/vFmOyA1P LBP+vaK382jNtkENfhWmLgnR+rV48Todxb4uHuU0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lin Yi , Mike Marciniszyn , Kaike Wan , Dennis Dalessandro , Leon Romanovsky , Jason Gunthorpe , Sasha Levin Subject: [PATCH 4.4 18/48] IB/qib: Call kobject_put() when kobject_init_and_add() fails Date: Mon, 1 Jun 2020 19:53:28 +0200 Message-Id: <20200601173957.705875521@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Kaike Wan [ Upstream commit a35cd6447effd5c239b564c80fa109d05ff3d114 ] When kobject_init_and_add() returns an error in the function qib_create_port_files(), the function kobject_put() is not called for the corresponding kobject, which potentially leads to memory leak. This patch fixes the issue by calling kobject_put() even if kobject_init_and_add() fails. In addition, the ppd->diagc_kobj is released along with other kobjects when the sysfs is unregistered. Fixes: f931551bafe1 ("IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters") Link: https://lore.kernel.org/r/20200512031328.189865.48627.stgit@awfm-01.aw.intel.com Cc: Suggested-by: Lin Yi Reviewed-by: Mike Marciniszyn Signed-off-by: Kaike Wan Signed-off-by: Dennis Dalessandro Reviewed-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe Signed-off-by: Sasha Levin --- drivers/infiniband/hw/qib/qib_sysfs.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/infiniband/hw/qib/qib_sysfs.c b/drivers/infiniband/hw/qib/qib_sysfs.c index 3ae82202cdb5..b33565f4409f 100644 --- a/drivers/infiniband/hw/qib/qib_sysfs.c +++ b/drivers/infiniband/hw/qib/qib_sysfs.c @@ -703,7 +703,7 @@ int qib_create_port_files(struct ib_device *ibdev, u8 port_num, qib_dev_err(dd, "Skipping linkcontrol sysfs info, (err %d) port %u\n", ret, port_num); - goto bail; + goto bail_link; } kobject_uevent(&ppd->pport_kobj, KOBJ_ADD); @@ -713,7 +713,7 @@ int qib_create_port_files(struct ib_device *ibdev, u8 port_num, qib_dev_err(dd, "Skipping sl2vl sysfs info, (err %d) port %u\n", ret, port_num); - goto bail_link; + goto bail_sl; } kobject_uevent(&ppd->sl2vl_kobj, KOBJ_ADD); @@ -723,7 +723,7 @@ int qib_create_port_files(struct ib_device *ibdev, u8 port_num, qib_dev_err(dd, "Skipping diag_counters sysfs info, (err %d) port %u\n", ret, port_num); - goto bail_sl; + goto bail_diagc; } kobject_uevent(&ppd->diagc_kobj, KOBJ_ADD); @@ -736,7 +736,7 @@ int qib_create_port_files(struct ib_device *ibdev, u8 port_num, qib_dev_err(dd, "Skipping Congestion Control sysfs info, (err %d) port %u\n", ret, port_num); - goto bail_diagc; + goto bail_cc; } kobject_uevent(&ppd->pport_cc_kobj, KOBJ_ADD); @@ -818,6 +818,7 @@ void qib_verbs_unregister_sysfs(struct qib_devdata *dd) &cc_table_bin_attr); kobject_put(&ppd->pport_cc_kobj); } + kobject_put(&ppd->diagc_kobj); kobject_put(&ppd->sl2vl_kobj); kobject_put(&ppd->pport_kobj); } From patchwork Mon Jun 1 17:53:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224850 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9EF3C433E1 for ; Mon, 1 Jun 2020 19:01:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 80D1A206E2 for ; Mon, 1 Jun 2020 19:01:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038063; bh=v5U3mBbn3YdGBHEeSmql6qdA7BvIvIIiq7B/D57Y0Qk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=0+jTo0DpMAis3PPAcaG02D+R1I6clSs3Y5XhOBLW4M14tUV3y8kN0Y/43Ig5HKtl4 v+86eqxiCt2v42oJnJ3AIcNCFR8mj6P5KA8RB8rdS/1pnZxnawMIX9AOniGgoAsdQO mXfXZrnWLjEGTlHipaF1tGSJyf/KjBILVefDS8mU= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728495AbgFAR4I (ORCPT ); Mon, 1 Jun 2020 13:56:08 -0400 Received: from mail.kernel.org ([198.145.29.99]:36292 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728480AbgFAR4H (ORCPT ); Mon, 1 Jun 2020 13:56:07 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 65AAC2073B; Mon, 1 Jun 2020 17:56:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034166; bh=v5U3mBbn3YdGBHEeSmql6qdA7BvIvIIiq7B/D57Y0Qk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0ve9FbZnY8lJhPm+KuyCmj9rQzfJjVVAmLvkscZX1SuIJnX4miQiaT0BvxIacO53H vDxAy01NFgKhLRxFGAbKS6wLdwznePsw6z7Lu0ddgQ7lDdkuDBojCDo8iPiNUa9Dia mUtmJJscbIB+J+uLXUo05U3W29tFIt3E4AMtfkJc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andy Lutomirski , "Eric W. Biederman" , Sasha Levin Subject: [PATCH 4.4 21/48] exec: Always set cap_ambient in cap_bprm_set_creds Date: Mon, 1 Jun 2020 19:53:31 +0200 Message-Id: <20200601173958.705938704@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Eric W. Biederman [ Upstream commit a4ae32c71fe90794127b32d26d7ad795813b502e ] An invariant of cap_bprm_set_creds is that every field in the new cred structure that cap_bprm_set_creds might set, needs to be set every time to ensure the fields does not get a stale value. The field cap_ambient is not set every time cap_bprm_set_creds is called, which means that if there is a suid or sgid script with an interpreter that has neither the suid nor the sgid bits set the interpreter should be able to accept ambient credentials. Unfortuantely because cap_ambient is not reset to it's original value the interpreter can not accept ambient credentials. Given that the ambient capability set is expected to be controlled by the caller, I don't think this is particularly serious. But it is definitely worth fixing so the code works correctly. I have tested to verify my reading of the code is correct and the interpreter of a sgid can receive ambient capabilities with this change and cannot receive ambient capabilities without this change. Cc: stable@vger.kernel.org Cc: Andy Lutomirski Fixes: 58319057b784 ("capabilities: ambient capabilities") Signed-off-by: "Eric W. Biederman" Signed-off-by: Sasha Levin --- security/commoncap.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/commoncap.c b/security/commoncap.c index 48071ed7c445..b62f97d83fd8 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -494,6 +494,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) int ret; kuid_t root_uid; + new->cap_ambient = old->cap_ambient; if (WARN_ON(!cap_ambient_invariant_ok(old))) return -EPERM; From patchwork Mon Jun 1 17:53:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224851 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,TVD_SPACE_RATIO,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 256E0C433DF for ; Mon, 1 Jun 2020 19:00:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ECBBD2074B for ; Mon, 1 Jun 2020 19:00:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038057; bh=HFNk47jELaw7uwMh7fkT5nlGQFTfz2GICQHMXpjGHI4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=yMrEQVx+ZdkmtOE/nX5RaP1FzWFhRSS5TxR/zYRa/OR8d5ILu6HzKAErLxq6uA9Dt JKEhBtbb41GPvfttyS9oZCD63Nd/t5mJpsQNYh0dwre3ho0MIdsws38hIhOU8Rm7gD IHw6/IIU4fhgZvOCfatgxjfjDdIVNPWRyKxYqohM= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728541AbgFATA4 (ORCPT ); Mon, 1 Jun 2020 15:00:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:36444 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728522AbgFAR4M (ORCPT ); Mon, 1 Jun 2020 13:56:12 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E5AD2207BB; Mon, 1 Jun 2020 17:56:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034171; bh=HFNk47jELaw7uwMh7fkT5nlGQFTfz2GICQHMXpjGHI4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TyH1yFl/X3Rd0lw+uOJl0m6UqBUP2kTzqpt8iPOn+D+FcRV4b4Eh/f10v+WtPDESr iyURWIUbRZ944MzzhiEY86CKKLNxRW7iqN3cxuPXh+hWLbfD4mszmyGuKEU9mifaYP 1OtMJHH0EXqZZYtU5cEOou/ezUIQk4UDA8f5eyVs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Arnd Bergmann , Andrew Morton , Guenter Roeck , Linus Torvalds , Sasha Levin Subject: [PATCH 4.4 23/48] include/asm-generic/topology.h: guard cpumask_of_node() macro argument Date: Mon, 1 Jun 2020 19:53:33 +0200 Message-Id: <20200601173959.220441677@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Arnd Bergmann [ Upstream commit 4377748c7b5187c3342a60fa2ceb60c8a57a8488 ] drivers/hwmon/amd_energy.c:195:15: error: invalid operands to binary expression ('void' and 'int') (channel - data->nr_cpus)); ~~~~~~~~~^~~~~~~~~~~~~~~~~ include/asm-generic/topology.h:51:42: note: expanded from macro 'cpumask_of_node' #define cpumask_of_node(node) ((void)node, cpu_online_mask) ^~~~ include/linux/cpumask.h:618:72: note: expanded from macro 'cpumask_first_and' #define cpumask_first_and(src1p, src2p) cpumask_next_and(-1, (src1p), (src2p)) ^~~~~ Fixes: f0b848ce6fe9 ("cpumask: Introduce cpumask_of_{node,pcibus} to replace {node,pcibus}_to_cpumask") Fixes: 8abee9566b7e ("hwmon: Add amd_energy driver to report energy counters") Signed-off-by: Arnd Bergmann Signed-off-by: Andrew Morton Acked-by: Guenter Roeck Link: http://lkml.kernel.org/r/20200527134623.930247-1-arnd@arndb.de Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin --- include/asm-generic/topology.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/asm-generic/topology.h b/include/asm-generic/topology.h index 5d2add1a6c96..864fcfa1df41 100644 --- a/include/asm-generic/topology.h +++ b/include/asm-generic/topology.h @@ -51,7 +51,7 @@ #ifdef CONFIG_NEED_MULTIPLE_NODES #define cpumask_of_node(node) ((node) == 0 ? cpu_online_mask : cpu_none_mask) #else - #define cpumask_of_node(node) ((void)node, cpu_online_mask) + #define cpumask_of_node(node) ((void)(node), cpu_online_mask) #endif #endif #ifndef pcibus_to_node From patchwork Mon Jun 1 17:53:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224852 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E3B4C433DF for ; Mon, 1 Jun 2020 19:00:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5B2C72074B for ; Mon, 1 Jun 2020 19:00:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038050; bh=SGiAv6shdVOKpwPOvW00N1lm9ZHiO/y4bOuCN+rRr/A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=O/JZ3mkFO8Tb0SwXl54hbEHXVgAa9hyCbjp/F4uIdaXoMbN23XekB/Ikd5htfkAFe 3UcDBAsGoKBEdVoc6A8/LZQyu+SK1824zKjdHsOiEaXL4VnGK+4b9HvlqC2iCA66SA VU7JALVQ2mhmzb/li1eP0+rAEQDIBrwZVamQvzkM= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728604AbgFATAr (ORCPT ); Mon, 1 Jun 2020 15:00:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:36626 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728452AbgFAR4Q (ORCPT ); Mon, 1 Jun 2020 13:56:16 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 648B0207D0; Mon, 1 Jun 2020 17:56:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034175; bh=SGiAv6shdVOKpwPOvW00N1lm9ZHiO/y4bOuCN+rRr/A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=t1fQVDb5fRKf7vcDXnWfFnsbApM74xzoCwlLUoNZ0M/JAzZre8YYotR2IFKkFAC2v IAa1+thHy2YsNY4gyYxp4ioQo7NA0fZzNBuo5OuMRkvJNFNXVQZMgRI6KFmG4gfvKY rjyTIguBDH90Wej8bHQGWAADrVzLSv9Xi0piQ4Ro= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Helge Deller Subject: [PATCH 4.4 25/48] parisc: Fix kernel panic in mem_init() Date: Mon, 1 Jun 2020 19:53:35 +0200 Message-Id: <20200601173959.647106448@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Helge Deller commit bf71bc16e02162388808949b179d59d0b571b965 upstream. The Debian kernel v5.6 triggers this kernel panic: Kernel panic - not syncing: Bad Address (null pointer deref?) Bad Address (null pointer deref?): Code=26 (Data memory access rights trap) at addr 0000000000000000 CPU: 0 PID: 0 Comm: swapper Not tainted 5.6.0-2-parisc64 #1 Debian 5.6.14-1 IAOQ[0]: mem_init+0xb0/0x150 IAOQ[1]: mem_init+0xb4/0x150 RP(r2): start_kernel+0x6c8/0x1190 Backtrace: [<0000000040101ab4>] start_kernel+0x6c8/0x1190 [<0000000040108574>] start_parisc+0x158/0x1b8 on a HP-PARISC rp3440 machine with this memory layout: Memory Ranges: 0) Start 0x0000000000000000 End 0x000000003fffffff Size 1024 MB 1) Start 0x0000004040000000 End 0x00000040ffdfffff Size 3070 MB Fix the crash by avoiding virt_to_page() and similar functions in mem_init() until the memory zones have been fully set up. Signed-off-by: Helge Deller Cc: stable@vger.kernel.org # v5.0+ Signed-off-by: Greg Kroah-Hartman --- arch/parisc/mm/init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/parisc/mm/init.c +++ b/arch/parisc/mm/init.c @@ -604,7 +604,7 @@ void __init mem_init(void) > BITS_PER_LONG); high_memory = __va((max_pfn << PAGE_SHIFT)); - set_max_mapnr(page_to_pfn(virt_to_page(high_memory - 1)) + 1); + set_max_mapnr(max_low_pfn); free_all_bootmem(); #ifdef CONFIG_PA11 From patchwork Mon Jun 1 17:53:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224853 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 09AEEC433DF for ; Mon, 1 Jun 2020 19:00:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D10AB2074B for ; Mon, 1 Jun 2020 19:00:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038045; bh=zJ0jXzsufwpVdl/701EtTcgJlQ+FB3kNEcZGbeLScFU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=mF1gkNoOlm19x7J7KIEOSZ5v+m7zvHKC+UbwBIzn5inVm/QjeKi1oqo2TT/SDEOfq 3Hd0gkoOQ1HF/9jyKvuCyRtDWa+vrHKV+a8Q3BfM6yeOTrSgb+qXRDDG8exyRXk2MJ NMJjZnn745iTw+1sFjJ0aXY7ZgeMCoEHLlPZQdq8= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728582AbgFAR4V (ORCPT ); Mon, 1 Jun 2020 13:56:21 -0400 Received: from mail.kernel.org ([198.145.29.99]:36746 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728576AbgFAR4U (ORCPT ); Mon, 1 Jun 2020 13:56:20 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D70F92076B; Mon, 1 Jun 2020 17:56:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034180; bh=zJ0jXzsufwpVdl/701EtTcgJlQ+FB3kNEcZGbeLScFU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TweNmDEQCtr4IdyXOyBmUyTJumjekaOblAFj4cld/2AHP2tfDpZy5ZnLtqGF/Mnqt km0wADqxtWQ9CkUW6walZFmaYNVDuYpy1hAYRCg5bs4xfFsclyEa59rO6T0//jeSm4 gHnzOV5E7abovPbHLalVAOUkYQ5CHt+S/Ezp1d2k= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xin Long , Steffen Klassert Subject: [PATCH 4.4 27/48] xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input Date: Mon, 1 Jun 2020 19:53:37 +0200 Message-Id: <20200601174000.072801043@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Xin Long commit afcaf61be9d1dbdee5ec186d1dcc67b6b692180f upstream. For beet mode, when it's ipv6 inner address with nexthdrs set, the packet format might be: ---------------------------------------------------- | outer | | dest | | | ESP | ESP | | IP hdr | ESP | opts.| TCP | Data | Trailer | ICV | ---------------------------------------------------- The nexthdr from ESP could be NEXTHDR_HOP(0), so it should continue processing the packet when nexthdr returns 0 in xfrm_input(). Otherwise, when ipv6 nexthdr is set, the packet will be dropped. I don't see any error cases that nexthdr may return 0. So fix it by removing the check for nexthdr == 0. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Xin Long Signed-off-by: Steffen Klassert Signed-off-by: Greg Kroah-Hartman --- net/xfrm/xfrm_input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -302,7 +302,7 @@ resume: dev_put(skb->dev); spin_lock(&x->lock); - if (nexthdr <= 0) { + if (nexthdr < 0) { if (nexthdr == -EBADMSG) { xfrm_audit_state_icvfail(x, skb, x->type->proto); From patchwork Mon Jun 1 17:53:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224854 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7BA27C433E1 for ; Mon, 1 Jun 2020 19:00:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5C500206E2 for ; Mon, 1 Jun 2020 19:00:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038041; bh=G4vunYqrKK7lfoC64pimrWpN6qp8VXiDtAvvurEGmQ4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=c2D8BA/9ijiVUDXNR0lDfV0iIrEqp6jw297+PFFb6o9ecg+2CgOmIr+LXgt7sQ+mG W+vtiweAh5g4wttnHzmWwSe1y+ZW4EX6RONGQKWtoTnn/xlrBgdAmIENCTqAtZYl7E Xi3X0IS5HZnPIxwo41nYwC3MEyIPvS0T++tOfXw8= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729930AbgFATAh (ORCPT ); Mon, 1 Jun 2020 15:00:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:36824 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728604AbgFAR4Z (ORCPT ); Mon, 1 Jun 2020 13:56:25 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5482D2073B; Mon, 1 Jun 2020 17:56:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034184; bh=G4vunYqrKK7lfoC64pimrWpN6qp8VXiDtAvvurEGmQ4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Nhd3/EEl1FowvlUBskJujk8V6yFn2JXwgZq6274wXA0wT9VhfRJ44dNNJmifXFlEC u+z8qklorYRuMSKZhxFpqBmwJYe20HQHofWVs26uuGwUS+4QcgGFqZ1AwZNJIngcUB grJEiYG6TnW/nKZSxzr7OCYQRJVATbkJa39LdU0Q= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xiumei Mu , Xin Long , Steffen Klassert Subject: [PATCH 4.4 29/48] xfrm: fix a NULL-ptr deref in xfrm_local_error Date: Mon, 1 Jun 2020 19:53:39 +0200 Message-Id: <20200601174000.973079180@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Xin Long commit f6a23d85d078c2ffde79c66ca81d0a1dde451649 upstream. This patch is to fix a crash: [ ] kasan: GPF could be caused by NULL-ptr deref or user memory access [ ] general protection fault: 0000 [#1] SMP KASAN PTI [ ] RIP: 0010:ipv6_local_error+0xac/0x7a0 [ ] Call Trace: [ ] xfrm6_local_error+0x1eb/0x300 [ ] xfrm_local_error+0x95/0x130 [ ] __xfrm6_output+0x65f/0xb50 [ ] xfrm6_output+0x106/0x46f [ ] udp_tunnel6_xmit_skb+0x618/0xbf0 [ip6_udp_tunnel] [ ] vxlan_xmit_one+0xbc6/0x2c60 [vxlan] [ ] vxlan_xmit+0x6a0/0x4276 [vxlan] [ ] dev_hard_start_xmit+0x165/0x820 [ ] __dev_queue_xmit+0x1ff0/0x2b90 [ ] ip_finish_output2+0xd3e/0x1480 [ ] ip_do_fragment+0x182d/0x2210 [ ] ip_output+0x1d0/0x510 [ ] ip_send_skb+0x37/0xa0 [ ] raw_sendmsg+0x1b4c/0x2b80 [ ] sock_sendmsg+0xc0/0x110 This occurred when sending a v4 skb over vxlan6 over ipsec, in which case skb->protocol == htons(ETH_P_IPV6) while skb->sk->sk_family == AF_INET in xfrm_local_error(). Then it will go to xfrm6_local_error() where it tries to get ipv6 info from a ipv4 sk. This issue was actually fixed by Commit 628e341f319f ("xfrm: make local error reporting more robust"), but brought back by Commit 844d48746e4b ("xfrm: choose protocol family by skb protocol"). So to fix it, we should call xfrm6_local_error() only when skb->protocol is htons(ETH_P_IPV6) and skb->sk->sk_family is AF_INET6. Fixes: 844d48746e4b ("xfrm: choose protocol family by skb protocol") Reported-by: Xiumei Mu Signed-off-by: Xin Long Signed-off-by: Steffen Klassert Signed-off-by: Greg Kroah-Hartman --- net/xfrm/xfrm_output.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c @@ -237,7 +237,8 @@ void xfrm_local_error(struct sk_buff *sk if (skb->protocol == htons(ETH_P_IP)) proto = AF_INET; - else if (skb->protocol == htons(ETH_P_IPV6)) + else if (skb->protocol == htons(ETH_P_IPV6) && + skb->sk->sk_family == AF_INET6) proto = AF_INET6; else return; From patchwork Mon Jun 1 17:53:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224863 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85FFAC433E1 for ; Mon, 1 Jun 2020 18:59:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 64CBA20679 for ; Mon, 1 Jun 2020 18:59:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591037969; bh=phD9nR7Z3XgGAWj/NsEdRQXSY43SKrYgTBx9FL2Qpcw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=okDwacE3nlAuYyO2FuVP4myYtWAGn6isexhF3FITAXBsxWu1Kq85myYVfi54kWk5x r+VR1+qpVqY9V1/9CAgIxkQyTLY91ic6uoT1DmGBTxb20dGG/TRO9FhZdBkHkFZR6J XAVx1PrDJ6lr/5/bPrAXCpN4DWnl/9yTA6f+6edk= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728922AbgFAR52 (ORCPT ); Mon, 1 Jun 2020 13:57:28 -0400 Received: from mail.kernel.org ([198.145.29.99]:38628 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728917AbgFAR50 (ORCPT ); Mon, 1 Jun 2020 13:57:26 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2BB2C206E2; Mon, 1 Jun 2020 17:57:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034245; bh=phD9nR7Z3XgGAWj/NsEdRQXSY43SKrYgTBx9FL2Qpcw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PdmjLKy3ifmMfAxpUdKNBbcF5Lf6E/6NIS5dZhPRwB0hh0dMB1C7EjWW4llIwo5oi 5yaijOijU0CAgQjCy/wmdd6VuRcAl+/8v+2IdmyeQXYM7LkVUPPfVzfG8NWrdiJ5YU zbCrfsjfs5AHLnAWtiNFQuzoA7uoCSPul1FmoQ0Y= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jeremy Sowden , Steffen Klassert Subject: [PATCH 4.4 30/48] vti4: eliminated some duplicate code. Date: Mon, 1 Jun 2020 19:53:40 +0200 Message-Id: <20200601174001.619310966@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jeremy Sowden commit f981c57ffd2d7cf2dd4b6d6f8fcb3965df42f54c upstream. The ipip tunnel introduced in commit dd9ee3444014 ("vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel") largely duplicated the existing vti_input and vti_recv functions. Refactored to deduplicate the common code. Signed-off-by: Jeremy Sowden Signed-off-by: Steffen Klassert Signed-off-by: Greg Kroah-Hartman --- net/ipv4/ip_vti.c | 60 +++++++++++++++++++----------------------------------- 1 file changed, 22 insertions(+), 38 deletions(-) --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c @@ -51,7 +51,7 @@ static int vti_net_id __read_mostly; static int vti_tunnel_init(struct net_device *dev); static int vti_input(struct sk_buff *skb, int nexthdr, __be32 spi, - int encap_type) + int encap_type, bool update_skb_dev) { struct ip_tunnel *tunnel; const struct iphdr *iph = ip_hdr(skb); @@ -66,6 +66,9 @@ static int vti_input(struct sk_buff *skb XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = tunnel; + if (update_skb_dev) + skb->dev = tunnel->dev; + return xfrm_input(skb, nexthdr, spi, encap_type); } @@ -75,47 +78,28 @@ drop: return 0; } -static int vti_input_ipip(struct sk_buff *skb, int nexthdr, __be32 spi, - int encap_type) +static int vti_input_proto(struct sk_buff *skb, int nexthdr, __be32 spi, + int encap_type) { - struct ip_tunnel *tunnel; - const struct iphdr *iph = ip_hdr(skb); - struct net *net = dev_net(skb->dev); - struct ip_tunnel_net *itn = net_generic(net, vti_net_id); - - tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY, - iph->saddr, iph->daddr, 0); - if (tunnel) { - if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) - goto drop; - - XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = tunnel; - - skb->dev = tunnel->dev; - - return xfrm_input(skb, nexthdr, spi, encap_type); - } - - return -EINVAL; -drop: - kfree_skb(skb); - return 0; + return vti_input(skb, nexthdr, spi, encap_type, false); } -static int vti_rcv(struct sk_buff *skb) +static int vti_rcv(struct sk_buff *skb, __be32 spi, bool update_skb_dev) { XFRM_SPI_SKB_CB(skb)->family = AF_INET; XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); - return vti_input(skb, ip_hdr(skb)->protocol, 0, 0); + return vti_input(skb, ip_hdr(skb)->protocol, spi, 0, update_skb_dev); } -static int vti_rcv_ipip(struct sk_buff *skb) +static int vti_rcv_proto(struct sk_buff *skb) { - XFRM_SPI_SKB_CB(skb)->family = AF_INET; - XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); + return vti_rcv(skb, 0, false); +} - return vti_input_ipip(skb, ip_hdr(skb)->protocol, ip_hdr(skb)->saddr, 0); +static int vti_rcv_tunnel(struct sk_buff *skb) +{ + return vti_rcv(skb, ip_hdr(skb)->saddr, true); } static int vti_rcv_cb(struct sk_buff *skb, int err) @@ -452,31 +436,31 @@ static void __net_init vti_fb_tunnel_ini } static struct xfrm4_protocol vti_esp4_protocol __read_mostly = { - .handler = vti_rcv, - .input_handler = vti_input, + .handler = vti_rcv_proto, + .input_handler = vti_input_proto, .cb_handler = vti_rcv_cb, .err_handler = vti4_err, .priority = 100, }; static struct xfrm4_protocol vti_ah4_protocol __read_mostly = { - .handler = vti_rcv, - .input_handler = vti_input, + .handler = vti_rcv_proto, + .input_handler = vti_input_proto, .cb_handler = vti_rcv_cb, .err_handler = vti4_err, .priority = 100, }; static struct xfrm4_protocol vti_ipcomp4_protocol __read_mostly = { - .handler = vti_rcv, - .input_handler = vti_input, + .handler = vti_rcv_proto, + .input_handler = vti_input_proto, .cb_handler = vti_rcv_cb, .err_handler = vti4_err, .priority = 100, }; static struct xfrm_tunnel ipip_handler __read_mostly = { - .handler = vti_rcv_ipip, + .handler = vti_rcv_tunnel, .err_handler = vti4_err, .priority = 0, }; From patchwork Mon Jun 1 17:53:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224857 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F174C433E0 for ; Mon, 1 Jun 2020 19:00:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4C63F206C3 for ; Mon, 1 Jun 2020 19:00:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591038005; bh=TN8/J+KS8OaAxt0HQk59vONqZA/Y2/WNw/CL3FuuG00=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=sIbQwJ+56vXKnuFE1pNkXoUvlhtPJ1GO29qEI8xka018+S7XUN2x0EkyDU1JK+dWJ 7Nr3j+UYju0IK9ywYN2jdjBSq07S0IfasisQcUk7g6pr4QWYrrPf40O1oC7uk2GD6Y dILgnvZqqf3huyUIBa+h8OR7r9wwMZG/4h6Nr2Qo= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726555AbgFAR4q (ORCPT ); Mon, 1 Jun 2020 13:56:46 -0400 Received: from mail.kernel.org ([198.145.29.99]:37422 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728710AbgFAR4p (ORCPT ); Mon, 1 Jun 2020 13:56:45 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AD523206E2; Mon, 1 Jun 2020 17:56:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034205; bh=TN8/J+KS8OaAxt0HQk59vONqZA/Y2/WNw/CL3FuuG00=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Qx0ZRXsOIFNHXYqsLOsUeoTiScMWhHBlXHtgJREcFiTcR/OEgPw0rsTtQh3dMYx0H CbHwh4uDPoSxtxtbrVIaeHbSUMlXexQFMZi6qwyfwAJrKjD+1nBnHmw8w8rPvU2nMn EuN3mDpIjXTZN6/kSYaILRyUCXf4ucRDLX4lkdLw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xiumei Mu , Xin Long , Steffen Klassert Subject: [PATCH 4.4 31/48] ip_vti: receive ipip packet by calling ip_tunnel_rcv Date: Mon, 1 Jun 2020 19:53:41 +0200 Message-Id: <20200601174001.696274292@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Xin Long commit 976eba8ab596bab94b9714cd46d38d5c6a2c660d upstream. In Commit dd9ee3444014 ("vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel"), it tries to receive IPIP packets in vti by calling xfrm_input(). This case happens when a small packet or frag sent by peer is too small to get compressed. However, xfrm_input() will still get to the IPCOMP path where skb sec_path is set, but never dropped while it should have been done in vti_ipcomp4_protocol.cb_handler(vti_rcv_cb), as it's not an ipcomp4 packet. This will cause that the packet can never pass xfrm4_policy_check() in the upper protocol rcv functions. So this patch is to call ip_tunnel_rcv() to process IPIP packets instead. Fixes: dd9ee3444014 ("vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel") Reported-by: Xiumei Mu Signed-off-by: Xin Long Signed-off-by: Steffen Klassert Signed-off-by: Greg Kroah-Hartman --- net/ipv4/ip_vti.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c @@ -99,7 +99,28 @@ static int vti_rcv_proto(struct sk_buff static int vti_rcv_tunnel(struct sk_buff *skb) { - return vti_rcv(skb, ip_hdr(skb)->saddr, true); + struct ip_tunnel_net *itn = net_generic(dev_net(skb->dev), vti_net_id); + const struct iphdr *iph = ip_hdr(skb); + struct ip_tunnel *tunnel; + + tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY, + iph->saddr, iph->daddr, 0); + if (tunnel) { + struct tnl_ptk_info tpi = { + .proto = htons(ETH_P_IP), + }; + + if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) + goto drop; + if (iptunnel_pull_header(skb, 0, tpi.proto)) + goto drop; + return ip_tunnel_rcv(tunnel, skb, &tpi, NULL, false); + } + + return -EINVAL; +drop: + kfree_skb(skb); + return 0; } static int vti_rcv_cb(struct sk_buff *skb, int err) From patchwork Mon Jun 1 17:53:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 225138 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83C31C433E0 for ; Mon, 1 Jun 2020 17:57:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5BBB4206E2 for ; Mon, 1 Jun 2020 17:57:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034231; bh=ehOoFKpAgqAUWFOKBYLRoV4KD26jKHw9qA5kmd73qLs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=1oEs6zK8Eilkghd6Pw/IUf3m5nIOBzIGYGJ+/8xzFB6nqO4q2V73J7Z/yNTLODBul nJBotNg8j8dGbjmWk6w8ucXC0N/X/WeyHVx5tSY/y0xWnAC5RERXOnQSkjD0x9Dsx7 o2c+wgDZ18NP211fKZFuWXXlM2/cU+S3C7FUf3hY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728825AbgFAR5K (ORCPT ); Mon, 1 Jun 2020 13:57:10 -0400 Received: from mail.kernel.org ([198.145.29.99]:38080 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728841AbgFAR5I (ORCPT ); Mon, 1 Jun 2020 13:57:08 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3603A2076B; Mon, 1 Jun 2020 17:57:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034227; bh=ehOoFKpAgqAUWFOKBYLRoV4KD26jKHw9qA5kmd73qLs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0Un4upDz/zXwkd3/k0gWutBD26xiOF0QPcpcXvzUztA1Vc0owe6u75z52BOZTD36L cpfhPl4jPK0zvGuMdB92vJk5fYKID3zWq0on2Bk6+iFsrxOV6bha+0MMKZQppW5UtC NLitvWiyPRPaWWHDOMq07o28CxsKv0iJhJCY3mJ0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Michael Braun , Pablo Neira Ayuso Subject: [PATCH 4.4 32/48] netfilter: nft_reject_bridge: enable reject with bridge vlan Date: Mon, 1 Jun 2020 19:53:42 +0200 Message-Id: <20200601174002.056829859@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Michael Braun commit e9c284ec4b41c827f4369973d2792992849e4fa5 upstream. Currently, using the bridge reject target with tagged packets results in untagged packets being sent back. Fix this by mirroring the vlan id as well. Fixes: 85f5b3086a04 ("netfilter: bridge: add reject support") Signed-off-by: Michael Braun Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- net/bridge/netfilter/nft_reject_bridge.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/net/bridge/netfilter/nft_reject_bridge.c +++ b/net/bridge/netfilter/nft_reject_bridge.c @@ -35,6 +35,12 @@ static void nft_reject_br_push_etherhdr( ether_addr_copy(eth->h_dest, eth_hdr(oldskb)->h_source); eth->h_proto = eth_hdr(oldskb)->h_proto; skb_pull(nskb, ETH_HLEN); + + if (skb_vlan_tag_present(oldskb)) { + u16 vid = skb_vlan_tag_get(oldskb); + + __vlan_hwaccel_put_tag(nskb, oldskb->vlan_proto, vid); + } } /* We cannot use oldskb->dev, it can be either bridge device (NF_BRIDGE INPUT) From patchwork Mon Jun 1 17:53:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224861 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 99C71C433E0 for ; Mon, 1 Jun 2020 18:59:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7790320679 for ; Mon, 1 Jun 2020 18:59:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591037982; bh=ru+pvfRNkcRro2tT1hG+yGfIL3EmNtJfHDStCSXK02A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=UqLreAGdvpvE0jIHcXQJxV7ns6wJcG3yOI34rxdLA1jcWjXI0aQ9oJIH2OFcibzWj LE/RbzCeix50IwFIR7iF+xw3fCMdFCI0pJzumBnpbnrLOX/fPt8o1AGlNndqD4WRao JP/3lzh1cmjZzf9PFS2TDfJiQ4giHRV2oPsMBrnQ= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728746AbgFAS7h (ORCPT ); Mon, 1 Jun 2020 14:59:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:38202 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728861AbgFAR5M (ORCPT ); Mon, 1 Jun 2020 13:57:12 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B214A206E2; Mon, 1 Jun 2020 17:57:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034232; bh=ru+pvfRNkcRro2tT1hG+yGfIL3EmNtJfHDStCSXK02A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Vv1R9rtkBStK6PuPxeHN/FSTamwQ9owKfw3cGfmWJ9BzZSxiJ+FG1eJEU0+P2m8Uu 7XNBeeLWWGbyLS1CfhTb8bQTSAVso3pmJl5vcPm3ngDMeioaOHhKthV8skKS6hr2/x zfcyezL/QFVkeFJLFeTmpyhmltoqI6jRIZy6gmZM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dan Carpenter , Pablo Neira Ayuso Subject: [PATCH 4.4 34/48] netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code Date: Mon, 1 Jun 2020 19:53:44 +0200 Message-Id: <20200601174002.511218187@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Pablo Neira Ayuso commit 4c559f15efcc43b996f4da528cd7f9483aaca36d upstream. Dan Carpenter says: "Smatch complains that the value for "cmd" comes from the network and can't be trusted." Add pptp_msg_name() helper function that checks for the array boundary. Fixes: f09943fefe6b ("[NETFILTER]: nf_conntrack/nf_nat: add PPTP helper port") Reported-by: Dan Carpenter Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- include/linux/netfilter/nf_conntrack_pptp.h | 2 net/ipv4/netfilter/nf_nat_pptp.c | 7 --- net/netfilter/nf_conntrack_pptp.c | 62 +++++++++++++++------------- 3 files changed, 38 insertions(+), 33 deletions(-) --- a/include/linux/netfilter/nf_conntrack_pptp.h +++ b/include/linux/netfilter/nf_conntrack_pptp.h @@ -4,7 +4,7 @@ #include -extern const char *const pptp_msg_name[]; +extern const char *const pptp_msg_name(u_int16_t msg); /* state of the control session */ enum pptp_ctrlsess_state { --- a/net/ipv4/netfilter/nf_nat_pptp.c +++ b/net/ipv4/netfilter/nf_nat_pptp.c @@ -156,8 +156,7 @@ pptp_outbound_pkt(struct sk_buff *skb, break; default: pr_debug("unknown outbound packet 0x%04x:%s\n", msg, - msg <= PPTP_MSG_MAX ? pptp_msg_name[msg] : - pptp_msg_name[0]); + pptp_msg_name(msg)); /* fall through */ case PPTP_SET_LINK_INFO: /* only need to NAT in case PAC is behind NAT box */ @@ -250,9 +249,7 @@ pptp_inbound_pkt(struct sk_buff *skb, pcid_off = offsetof(union pptp_ctrl_union, setlink.peersCallID); break; default: - pr_debug("unknown inbound packet %s\n", - msg <= PPTP_MSG_MAX ? pptp_msg_name[msg] : - pptp_msg_name[0]); + pr_debug("unknown inbound packet %s\n", pptp_msg_name(msg)); /* fall through */ case PPTP_START_SESSION_REQUEST: case PPTP_START_SESSION_REPLY: --- a/net/netfilter/nf_conntrack_pptp.c +++ b/net/netfilter/nf_conntrack_pptp.c @@ -71,24 +71,32 @@ EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_expec #if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG) /* PptpControlMessageType names */ -const char *const pptp_msg_name[] = { - "UNKNOWN_MESSAGE", - "START_SESSION_REQUEST", - "START_SESSION_REPLY", - "STOP_SESSION_REQUEST", - "STOP_SESSION_REPLY", - "ECHO_REQUEST", - "ECHO_REPLY", - "OUT_CALL_REQUEST", - "OUT_CALL_REPLY", - "IN_CALL_REQUEST", - "IN_CALL_REPLY", - "IN_CALL_CONNECT", - "CALL_CLEAR_REQUEST", - "CALL_DISCONNECT_NOTIFY", - "WAN_ERROR_NOTIFY", - "SET_LINK_INFO" +static const char *const pptp_msg_name_array[PPTP_MSG_MAX + 1] = { + [0] = "UNKNOWN_MESSAGE", + [PPTP_START_SESSION_REQUEST] = "START_SESSION_REQUEST", + [PPTP_START_SESSION_REPLY] = "START_SESSION_REPLY", + [PPTP_STOP_SESSION_REQUEST] = "STOP_SESSION_REQUEST", + [PPTP_STOP_SESSION_REPLY] = "STOP_SESSION_REPLY", + [PPTP_ECHO_REQUEST] = "ECHO_REQUEST", + [PPTP_ECHO_REPLY] = "ECHO_REPLY", + [PPTP_OUT_CALL_REQUEST] = "OUT_CALL_REQUEST", + [PPTP_OUT_CALL_REPLY] = "OUT_CALL_REPLY", + [PPTP_IN_CALL_REQUEST] = "IN_CALL_REQUEST", + [PPTP_IN_CALL_REPLY] = "IN_CALL_REPLY", + [PPTP_IN_CALL_CONNECT] = "IN_CALL_CONNECT", + [PPTP_CALL_CLEAR_REQUEST] = "CALL_CLEAR_REQUEST", + [PPTP_CALL_DISCONNECT_NOTIFY] = "CALL_DISCONNECT_NOTIFY", + [PPTP_WAN_ERROR_NOTIFY] = "WAN_ERROR_NOTIFY", + [PPTP_SET_LINK_INFO] = "SET_LINK_INFO" }; + +const char *const pptp_msg_name(u_int16_t msg) +{ + if (msg > PPTP_MSG_MAX) + return pptp_msg_name_array[0]; + + return pptp_msg_name_array[msg]; +} EXPORT_SYMBOL(pptp_msg_name); #endif @@ -278,7 +286,7 @@ pptp_inbound_pkt(struct sk_buff *skb, un typeof(nf_nat_pptp_hook_inbound) nf_nat_pptp_inbound; msg = ntohs(ctlh->messageType); - pr_debug("inbound control message %s\n", pptp_msg_name[msg]); + pr_debug("inbound control message %s\n", pptp_msg_name(msg)); switch (msg) { case PPTP_START_SESSION_REPLY: @@ -313,7 +321,7 @@ pptp_inbound_pkt(struct sk_buff *skb, un pcid = pptpReq->ocack.peersCallID; if (info->pns_call_id != pcid) goto invalid; - pr_debug("%s, CID=%X, PCID=%X\n", pptp_msg_name[msg], + pr_debug("%s, CID=%X, PCID=%X\n", pptp_msg_name(msg), ntohs(cid), ntohs(pcid)); if (pptpReq->ocack.resultCode == PPTP_OUTCALL_CONNECT) { @@ -330,7 +338,7 @@ pptp_inbound_pkt(struct sk_buff *skb, un goto invalid; cid = pptpReq->icreq.callID; - pr_debug("%s, CID=%X\n", pptp_msg_name[msg], ntohs(cid)); + pr_debug("%s, CID=%X\n", pptp_msg_name(msg), ntohs(cid)); info->cstate = PPTP_CALL_IN_REQ; info->pac_call_id = cid; break; @@ -349,7 +357,7 @@ pptp_inbound_pkt(struct sk_buff *skb, un if (info->pns_call_id != pcid) goto invalid; - pr_debug("%s, PCID=%X\n", pptp_msg_name[msg], ntohs(pcid)); + pr_debug("%s, PCID=%X\n", pptp_msg_name(msg), ntohs(pcid)); info->cstate = PPTP_CALL_IN_CONF; /* we expect a GRE connection from PAC to PNS */ @@ -359,7 +367,7 @@ pptp_inbound_pkt(struct sk_buff *skb, un case PPTP_CALL_DISCONNECT_NOTIFY: /* server confirms disconnect */ cid = pptpReq->disc.callID; - pr_debug("%s, CID=%X\n", pptp_msg_name[msg], ntohs(cid)); + pr_debug("%s, CID=%X\n", pptp_msg_name(msg), ntohs(cid)); info->cstate = PPTP_CALL_NONE; /* untrack this call id, unexpect GRE packets */ @@ -386,7 +394,7 @@ pptp_inbound_pkt(struct sk_buff *skb, un invalid: pr_debug("invalid %s: type=%d cid=%u pcid=%u " "cstate=%d sstate=%d pns_cid=%u pac_cid=%u\n", - msg <= PPTP_MSG_MAX ? pptp_msg_name[msg] : pptp_msg_name[0], + pptp_msg_name(msg), msg, ntohs(cid), ntohs(pcid), info->cstate, info->sstate, ntohs(info->pns_call_id), ntohs(info->pac_call_id)); return NF_ACCEPT; @@ -406,7 +414,7 @@ pptp_outbound_pkt(struct sk_buff *skb, u typeof(nf_nat_pptp_hook_outbound) nf_nat_pptp_outbound; msg = ntohs(ctlh->messageType); - pr_debug("outbound control message %s\n", pptp_msg_name[msg]); + pr_debug("outbound control message %s\n", pptp_msg_name(msg)); switch (msg) { case PPTP_START_SESSION_REQUEST: @@ -428,7 +436,7 @@ pptp_outbound_pkt(struct sk_buff *skb, u info->cstate = PPTP_CALL_OUT_REQ; /* track PNS call id */ cid = pptpReq->ocreq.callID; - pr_debug("%s, CID=%X\n", pptp_msg_name[msg], ntohs(cid)); + pr_debug("%s, CID=%X\n", pptp_msg_name(msg), ntohs(cid)); info->pns_call_id = cid; break; @@ -442,7 +450,7 @@ pptp_outbound_pkt(struct sk_buff *skb, u pcid = pptpReq->icack.peersCallID; if (info->pac_call_id != pcid) goto invalid; - pr_debug("%s, CID=%X PCID=%X\n", pptp_msg_name[msg], + pr_debug("%s, CID=%X PCID=%X\n", pptp_msg_name(msg), ntohs(cid), ntohs(pcid)); if (pptpReq->icack.resultCode == PPTP_INCALL_ACCEPT) { @@ -482,7 +490,7 @@ pptp_outbound_pkt(struct sk_buff *skb, u invalid: pr_debug("invalid %s: type=%d cid=%u pcid=%u " "cstate=%d sstate=%d pns_cid=%u pac_cid=%u\n", - msg <= PPTP_MSG_MAX ? pptp_msg_name[msg] : pptp_msg_name[0], + pptp_msg_name(msg), msg, ntohs(cid), ntohs(pcid), info->cstate, info->sstate, ntohs(info->pns_call_id), ntohs(info->pac_call_id)); return NF_ACCEPT; From patchwork Mon Jun 1 17:53:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 225137 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A7A5C433DF for ; Mon, 1 Jun 2020 17:57:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1C6082076B for ; Mon, 1 Jun 2020 17:57:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034243; bh=xe0N+7sYbFtwojUydJ8S15eOlZCR8+wuTi/LeGmYtAE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=CJQo/4RmDBjKXdeiq8Di1kIoBXQj0TgzS0h9QwtCTQQUHRH32EM9KQD9viBFaxt6L ZFAgYUlBFpRmpzjs/wpPHtjTEK9rSEq5Qz6DfXa2DJCuh2MLDrNHYz342RWOjqDWQF EQ0M6VlcM3yvOjRbMUC2jrQC28+xly8Vl08UqIrY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728889AbgFAR5U (ORCPT ); Mon, 1 Jun 2020 13:57:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:38456 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728884AbgFAR5T (ORCPT ); Mon, 1 Jun 2020 13:57:19 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6DB552076B; Mon, 1 Jun 2020 17:57:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034238; bh=xe0N+7sYbFtwojUydJ8S15eOlZCR8+wuTi/LeGmYtAE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=unJLlDDNnGzFa2VeegPjbLDhx0hn+tPatmHwOTTtPmua8aW4I94UjCbu/cIhB3UDg PY06q6BCCvL7QTbsISi+8bhkKApt3ZedPvoFN8ecYQfT+DcVCgvdcs6TGtMerekjqT cHw/kMdB5Jc00HfwOJRVHX8z4VSl245MG7XOq5EU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org Subject: [PATCH 4.4 37/48] Revert "Input: i8042 - add ThinkPad S230u to i8042 nomux list" Date: Mon, 1 Jun 2020 19:53:47 +0200 Message-Id: <20200601174002.998935723@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Dmitry Torokhov commit f4dec2d6160976b14e54be9c3950ce0f52385741 upstream. This reverts commit 18931506465a762ffd3f4803d36a18d336a67da9. From Kevin Locke: "... nomux only appeared to fix the issue because the controller continued working after warm reboots. After more thorough testing from both warm and cold start, I now believe the entry should be added to i8042_dmi_reset_table rather than i8042_dmi_nomux_table as i8042.reset=1 alone is sufficient to avoid the issue from both states while i8042.nomux is not." Signed-off-by: Greg Kroah-Hartman --- drivers/input/serio/i8042-x86ia64io.h | 7 ------- 1 file changed, 7 deletions(-) --- a/drivers/input/serio/i8042-x86ia64io.h +++ b/drivers/input/serio/i8042-x86ia64io.h @@ -545,13 +545,6 @@ static const struct dmi_system_id __init DMI_MATCH(DMI_PRODUCT_NAME, "Aspire 5738"), }, }, - { - /* Lenovo ThinkPad Twist S230u */ - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), - DMI_MATCH(DMI_PRODUCT_NAME, "33474HU"), - }, - }, { } }; From patchwork Mon Jun 1 17:53:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224862 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DFDD8C433DF for ; Mon, 1 Jun 2020 18:59:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BF6A520679 for ; Mon, 1 Jun 2020 18:59:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591037975; bh=6fU6roTFzC+TA+Ol0XxJWSS2BpufeCtqNSOpSiz+trk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=A14ZjqlhSV6se3wnpaX75oI2nvRUYh68OXDmrEXNN7MerCMyvksgURX36LEkBwcC7 wGOoLakawx66iWMRJxJnREVqj3Ovg/q0i9Pwk18lkpNeN6B2xM54TlqtUgnop/psyp qvpKhmaT33HkiaHQVvvJyi3p38DrY8ztm/DAKTHk= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728097AbgFAS7a (ORCPT ); Mon, 1 Jun 2020 14:59:30 -0400 Received: from mail.kernel.org ([198.145.29.99]:38508 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728358AbgFAR5V (ORCPT ); Mon, 1 Jun 2020 13:57:21 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AC4CD206E2; Mon, 1 Jun 2020 17:57:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034241; bh=6fU6roTFzC+TA+Ol0XxJWSS2BpufeCtqNSOpSiz+trk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TLrTJ8U/ZVn0J7wsM8hHSxBtTUtndeWYwqPBpf/vye7FsfdqpKTdEZZJk/0Wpn+RQ RehXDlkCtoch2obZSM2c118XILB90riNszmUQM6vcclB/psbFoYQstsHeeAqMRVbue sJbdB3Nc5P2pNLpLDZrOAxqNMNQSoPWlfDY14hYI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, kbuild test robot , Pablo Neira Ayuso Subject: [PATCH 4.4 38/48] netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build Date: Mon, 1 Jun 2020 19:53:48 +0200 Message-Id: <20200601174003.198014582@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Pablo Neira Ayuso commit 4946ea5c1237036155c3b3a24f049fd5f849f8f6 upstream. >> include/linux/netfilter/nf_conntrack_pptp.h:13:20: warning: 'const' type qualifier on return type has no effect [-Wignored-qualifiers] extern const char *const pptp_msg_name(u_int16_t msg); ^~~~~~ Reported-by: kbuild test robot Fixes: 4c559f15efcc ("netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code") Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- include/linux/netfilter/nf_conntrack_pptp.h | 2 +- net/netfilter/nf_conntrack_pptp.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/include/linux/netfilter/nf_conntrack_pptp.h +++ b/include/linux/netfilter/nf_conntrack_pptp.h @@ -4,7 +4,7 @@ #include -extern const char *const pptp_msg_name(u_int16_t msg); +const char *pptp_msg_name(u_int16_t msg); /* state of the control session */ enum pptp_ctrlsess_state { --- a/net/netfilter/nf_conntrack_pptp.c +++ b/net/netfilter/nf_conntrack_pptp.c @@ -90,7 +90,7 @@ static const char *const pptp_msg_name_a [PPTP_SET_LINK_INFO] = "SET_LINK_INFO" }; -const char *const pptp_msg_name(u_int16_t msg) +const char *pptp_msg_name(u_int16_t msg) { if (msg > PPTP_MSG_MAX) return pptp_msg_name_array[0]; From patchwork Mon Jun 1 17:53:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 225139 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46121C433E1 for ; Mon, 1 Jun 2020 17:56:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2AAFD208C7 for ; Mon, 1 Jun 2020 17:56:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034214; bh=/5VkpIO2UD91rUp5qWHQOHYDOK8hTEv34OEZz29srVY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=fsu0+OdhU+psrmVuS8YgaS5Prrg2iIBo/7aVl5Vy+2v3H/Hqo5ttortW9o39jgAxF FVh4Hwd8v2Fl8rpSiXWdCtx+2LjELsNN38E/RmN3OfQJFuBIm5rv3i3ItT6755hvgF 56poNnN8nsCay0/KC7row+2O0YtfXTwNEacWaP+o= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728752AbgFAR4x (ORCPT ); Mon, 1 Jun 2020 13:56:53 -0400 Received: from mail.kernel.org ([198.145.29.99]:37666 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728739AbgFAR4w (ORCPT ); Mon, 1 Jun 2020 13:56:52 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4A58C206E2; Mon, 1 Jun 2020 17:56:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034211; bh=/5VkpIO2UD91rUp5qWHQOHYDOK8hTEv34OEZz29srVY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PJl8FZ/ErtOFQ4q8lsjLcnst55O8b5MKhh338Dq1j+MCJ/hwE+ROeK8A9mK6KxsMJ 7sLfTY6l6nqBF+n9XAulhESqj05v58Y/xopmNLLBcaieVo1eeoRBpGW0w/lU9T5FU0 rnmxFYzB5yK+tfp2CA119iNqY9VpxuqT4TfqYFfc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kazuya Mizuguchi , Yoshihiro Shimoda , Felipe Balbi , Guenter Roeck Subject: [PATCH 4.4 42/48] usb: renesas_usbhs: gadget: fix spin_lock_init() for &uep->lock Date: Mon, 1 Jun 2020 19:53:52 +0200 Message-Id: <20200601174003.939899118@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Yoshihiro Shimoda commit 14a8d4bfc2102f85ce097563d151370c91c1898a upstream. This patch fixes an issue that the spin_lock_init() is not called for almost all pipes. Otherwise, the lockdep output the following message when we connect a usb cable using g_ncm: INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. Reported-by: Kazuya Mizuguchi Fixes: b8b9c974afee ("usb: renesas_usbhs: gadget: disable all eps when the driver stops") Signed-off-by: Yoshihiro Shimoda Tested-by: Kazuya Mizuguchi Signed-off-by: Felipe Balbi Cc: Guenter Roeck Signed-off-by: Greg Kroah-Hartman --- drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/usb/renesas_usbhs/mod_gadget.c +++ b/drivers/usb/renesas_usbhs/mod_gadget.c @@ -1103,7 +1103,6 @@ int usbhs_mod_gadget_probe(struct usbhs_ ret = -ENOMEM; goto usbhs_mod_gadget_probe_err_gpriv; } - spin_lock_init(&uep->lock); gpriv->transceiver = usb_get_phy(USB_PHY_TYPE_UNDEFINED); dev_info(dev, "%stransceiver found\n", @@ -1151,6 +1150,7 @@ int usbhs_mod_gadget_probe(struct usbhs_ uep->ep.name = uep->ep_name; uep->ep.ops = &usbhsg_ep_ops; INIT_LIST_HEAD(&uep->ep.ep_list); + spin_lock_init(&uep->lock); /* init DCP */ if (usbhsg_is_dcp(uep)) { From patchwork Mon Jun 1 17:53:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224858 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05692C433DF for ; Mon, 1 Jun 2020 18:59:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D86C4206E2 for ; Mon, 1 Jun 2020 18:59:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591037994; bh=jmdWX0SZuQKksabiIIN5yQmlcrrl6R9CUJOj0zjDu6A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=uylrP5asM/QUuj082D2TmgASOthLWM/2+o/2W+ro0X8NWnw+0VMxiyY4IAlZO951w WvSWAuKesU62MhvGAI8qG9d3OkkCL4UunWXKasT9hE1CIAPhunnOAcJp3BRAKwvM6q T/Uo/npsbnWOb+thX1kIsSkhLwqmgRJ0tX8lOALs= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728766AbgFAR4z (ORCPT ); Mon, 1 Jun 2020 13:56:55 -0400 Received: from mail.kernel.org ([198.145.29.99]:37742 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728760AbgFAR4y (ORCPT ); Mon, 1 Jun 2020 13:56:54 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 89680207D0; Mon, 1 Jun 2020 17:56:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034214; bh=jmdWX0SZuQKksabiIIN5yQmlcrrl6R9CUJOj0zjDu6A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2p4/EpaiJJOC2dvXsu5e2kArRdbvwaQodzyB0R65L+V/SxTysok9tMlLDNG9I3cfK 7JISn33z+5IIhVNsF4QcnkiYVgOhneltF96ap1oW9NTZUk8ETI2WCo4fcW7+lZA93E MiIoqyLqotUwl87ojC+5tIJ7pEB3smIaJ9Q7Ur2M= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Julian Calaby , Sudip Mukherjee , Johannes Berg , Guenter Roeck Subject: [PATCH 4.4 43/48] mac80211: fix memory leak Date: Mon, 1 Jun 2020 19:53:53 +0200 Message-Id: <20200601174004.493887733@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Sudip Mukherjee commit ea32f065bd3e3e09f0bcb3042f1664caf6b3e233 upstream. On error we jumped to the error label and returned the error code but we missed releasing sinfo. Fixes: 5fe74014172d ("mac80211: avoid excessive stack usage in sta_info") Reviewed-by: Julian Calaby Signed-off-by: Sudip Mukherjee Signed-off-by: Johannes Berg Cc: Guenter Roeck Signed-off-by: Greg Kroah-Hartman --- net/mac80211/sta_info.c | 1 + 1 file changed, 1 insertion(+) --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -555,6 +555,7 @@ static int sta_info_insert_finish(struct __cleanup_single_sta(sta); out_err: mutex_unlock(&local->sta_mtx); + kfree(sinfo); rcu_read_lock(); return err; } From patchwork Mon Jun 1 17:53:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224859 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 338D0C433DF for ; Mon, 1 Jun 2020 18:59:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 10762207DA for ; Mon, 1 Jun 2020 18:59:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591037991; bh=Tny3VTVURpEgeM+9w0M0n1RNAkfCIp6+8DfMnH6Z1FY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=UccMuOxzTbV3DSYK+95xgKE2hW3MWPM9xaA5FfFoqMY7cKIgiofj8WtZ8jc4yY9LZ 7P7x99tAiOdmfYhnYMEvzM+Tciyl1FeVSc+vLABhZig5NbSNpP2MfyWlMF8Ua4YCGC CACsUAe1r23Crs39a4wlCWukVCykMW43dAB7T09Y= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728796AbgFAR47 (ORCPT ); Mon, 1 Jun 2020 13:56:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:37876 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728791AbgFAR46 (ORCPT ); Mon, 1 Jun 2020 13:56:58 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0D84F207DA; Mon, 1 Jun 2020 17:56:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034218; bh=Tny3VTVURpEgeM+9w0M0n1RNAkfCIp6+8DfMnH6Z1FY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HUljWw7akgkmxwALXjPSpy9WoN0pLTj9l7TCww2O7ufO3VR5wOQphLWDVaFU9jcFc YLfYeSUZ5cFimVCfTZXHrl3LwbbNkgp88a+6jUFtfwf3VZN/gIyRTVLhspgZicREIu Z06X5xN1Zl/5rzjuDVM7QQV6xY72v2T4hoTMIeOo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Liviu Dudau , Andrew Morton , Chintan Pandya , Andrey Ryabinin , Linus Torvalds , Guenter Roeck Subject: [PATCH 4.4 45/48] mm/vmalloc.c: dont dereference possible NULL pointer in __vunmap() Date: Mon, 1 Jun 2020 19:53:55 +0200 Message-Id: <20200601174004.957880557@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Liviu Dudau commit 6ade20327dbb808882888ed8ccded71e93067cf9 upstream. find_vmap_area() can return a NULL pointer and we're going to dereference it without checking it first. Use the existing find_vm_area() function which does exactly what we want and checks for the NULL pointer. Link: http://lkml.kernel.org/r/20181228171009.22269-1-liviu@dudau.co.uk Fixes: f3c01d2f3ade ("mm: vmalloc: avoid racy handling of debugobjects in vunmap") Signed-off-by: Liviu Dudau Reviewed-by: Andrew Morton Cc: Chintan Pandya Cc: Andrey Ryabinin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Cc: Guenter Roeck Signed-off-by: Greg Kroah-Hartman --- mm/vmalloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -1464,7 +1464,7 @@ static void __vunmap(const void *addr, i addr)) return; - area = find_vmap_area((unsigned long)addr)->vm; + area = find_vm_area(addr); if (unlikely(!area)) { WARN(1, KERN_ERR "Trying to vfree() nonexistent vm area (%p)\n", addr); From patchwork Mon Jun 1 17:53:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 224860 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 53B3FC433E0 for ; Mon, 1 Jun 2020 18:59:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 33F4F20679 for ; Mon, 1 Jun 2020 18:59:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591037985; bh=Sv50GhNdNfAEmQPgwJon282Ryl8sV1jtnma2waxrDZg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=F3VGK/0Jb66lx0AkKIFONa0ntl6YDcaKnw74JKA240oKyDWIBPKAac64j98WPcsLU ryfl2uw9qfsilCaHYWaEOjwsQlyGyZ/2Aj99RxOAspYQt8MJYNWOFfl6hAdAJc8qQn vAg4Xx/71DSscsszdfZFJ2KgRLAxzPWHtksLqiD8= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728829AbgFAR5G (ORCPT ); Mon, 1 Jun 2020 13:57:06 -0400 Received: from mail.kernel.org ([198.145.29.99]:38040 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728825AbgFAR5G (ORCPT ); Mon, 1 Jun 2020 13:57:06 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EAA28207DF; Mon, 1 Jun 2020 17:57:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034225; bh=Sv50GhNdNfAEmQPgwJon282Ryl8sV1jtnma2waxrDZg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LU+cS3QUqRQpaI0Y5Hk8AewS74OppJJIiEiLkbTqs1NpaiJ2pyNjnr1EALHf1pmqX yue6ZvXKJHCx7F+RoojtaSLIE3yF1jb+rl0xJBZLA+IjXxpecGirJOs1EJAklLMJFo 2v0OkfR4k5JRy2H3DevylOSfYrOhuQATXt8BpVj8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ben Hutchings , Jordan Crouse , Rob Clark , Guenter Roeck Subject: [PATCH 4.4 48/48] drm/msm: Fix possible null dereference on failure of get_pages() Date: Mon, 1 Jun 2020 19:53:58 +0200 Message-Id: <20200601174005.784720752@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601173952.175939894@linuxfoundation.org> References: <20200601173952.175939894@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Ben Hutchings commit 3976626ea3d2011f8fd3f3a47070a8b792018253 upstream. Commit 62e3a3e342af changed get_pages() to initialise msm_gem_object::pages before trying to initialise msm_gem_object::sgt, so that put_pages() would properly clean up pages in the failure case. However, this means that put_pages() now needs to check that msm_gem_object::sgt is not null before trying to clean it up, and this check was only applied to part of the cleanup code. Move it all into the conditional block. (Strictly speaking we don't need to make the kfree() conditional, but since we can't avoid checking for null ourselves we may as well do so.) Fixes: 62e3a3e342af ("drm/msm: fix leak in failed get_pages") Signed-off-by: Ben Hutchings Reviewed-by: Jordan Crouse Signed-off-by: Rob Clark Cc: Guenter Roeck Signed-off-by: Greg Kroah-Hartman --- drivers/gpu/drm/msm/msm_gem.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) --- a/drivers/gpu/drm/msm/msm_gem.c +++ b/drivers/gpu/drm/msm/msm_gem.c @@ -116,17 +116,19 @@ static void put_pages(struct drm_gem_obj struct msm_gem_object *msm_obj = to_msm_bo(obj); if (msm_obj->pages) { - /* For non-cached buffers, ensure the new pages are clean - * because display controller, GPU, etc. are not coherent: - */ - if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED)) - dma_unmap_sg(obj->dev->dev, msm_obj->sgt->sgl, - msm_obj->sgt->nents, DMA_BIDIRECTIONAL); + if (msm_obj->sgt) { + /* For non-cached buffers, ensure the new + * pages are clean because display controller, + * GPU, etc. are not coherent: + */ + if (msm_obj->flags & (MSM_BO_WC|MSM_BO_UNCACHED)) + dma_unmap_sg(obj->dev->dev, msm_obj->sgt->sgl, + msm_obj->sgt->nents, + DMA_BIDIRECTIONAL); - if (msm_obj->sgt) sg_free_table(msm_obj->sgt); - - kfree(msm_obj->sgt); + kfree(msm_obj->sgt); + } if (use_pages(obj)) drm_gem_put_pages(obj, msm_obj->pages, true, false);