Skip to content

L
linux
Switch branch/tag
  1. 21 May, 2021 16 commits
  3. 20 May, 2021 12 commits
    • Rohith Surabattula's avatar
      Fix KASAN identified use-after-free issue. · 9687c85d
      Rohith Surabattula authored 
      [  612.157429] ==================================================================
[  612.158275] BUG: KASAN: use-after-free in process_one_work+0x90/0x9b0
[  612.158801] Read of size 8 at addr ffff88810a31ca60 by task kworker/2:9/2382

[  612.159611] CPU: 2 PID: 2382 Comm: kworker/2:9 Tainted: G
OE     5.13.0-rc2+ #98
[  612.159623] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.14.0-1.fc33 04/01/2014
[  612.159640] Workqueue:  0x0 (deferredclose)
[  612.159669] Call Trace:
[  612.159685]  dump_stack+0xbb/0x107
[  612.159711]  print_address_description.constprop.0+0x18/0x140
[  612.159733]  ? process_one_work+0x90/0x9b0
[  612.159743]  ? process_one_work+0x90/0x9b0
[  612.159754]  kasan_report.cold+0x7c/0xd8
[  612.159778]  ? lock_is_held_type+0x80/0x130
[  612.159789]  ? process_one_work+0x90/0x9b0
[  612.159812]  kasan_check_range+0x145/0x1a0
[  612.159834]  process_one_work+0x90/0x9b0
[  612.159877]  ? pwq_dec_nr_in_flight+0x110/0x110
[  612.159914]  ? spin_bug+0x90/0x90
[  612.159967]  worker_thread+0x3b6/0x6c0
[  612.160023]  ? process_one_work+0x9b0/0x9b0
[  612.160038]  kthread+0x1dc/0x200
[  612.160051]  ? kthread_create_worker_on_cpu+0xd0/0xd0
[  612.160092]  ret_from_fork+0x1f/0x30

[  612.160399] Allocated by task 2358:
[  612.160757]  kasan_save_stack+0x1b/0x40
[  612.160768]  __kasan_kmalloc+0x9b/0xd0
[  612.160778]  cifs_new_fileinfo+0xb0/0x960 [cifs]
[  612.161170]  cifs_open+0xadf/0xf20 [cifs]
[  612.161421]  do_dentry_open+0x2aa/0x6b0
[  612.161432]  path_openat+0xbd9/0xfa0
[  612.161441]  do_filp_open+0x11d/0x230
[  612.161450]  do_sys_openat2+0x115/0x240
[  612.161460]  __x64_sys_openat+0xce/0x140

When mod_delayed_work is called to modify the delay of pending work,
it might return false and queue a new work when pending work is
already scheduled or when try to grab pending work failed.

So, Increase the reference count when new work is scheduled to
avoid use-after-free.
Signed-off-by: default avatarRohith Surabattula <rohiths@microsoft.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      9687c85d
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · f01da525
      Linus Torvalds authored 
      Pull rdma fixes from Jason Gunthorpe:
 "A mixture of small bug fixes, most for longer standing problems:

   - NULL pointer crash in siw

   - Various error unwind bugs in siw, rxe, cm

   - User triggerable errors in uverbs

   - Minor bugs in mlx5 and rxe drivers"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
  RDMA/uverbs: Fix a NULL vs IS_ERR() bug
  RDMA/mlx5: Fix query DCT via DEVX
  RDMA/core: Don't access cm_id after its destruction
  RDMA/rxe: Return CQE error if invalid lkey was supplied
  RDMA/mlx5: Recover from fatal event in dual port mode
  RDMA/mlx5: Verify that DM operation is reasonable
  RDMA/rxe: Clear all QP fields if creation failed
  RDMA/core: Prevent divide-by-zero error triggered by the user
  RDMA/siw: Release xarray entry
  RDMA/siw: Properly check send and receive CQ pointers
      f01da525
    • Linus Torvalds's avatar
      Merge tag 'sound-5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 6aa37a53
      Linus Torvalds authored 
      Pull sound fixes from Takashi Iwai:
 "All small device-specific fixes here: a series of FireWire audio
  fixes, UAF and other fixes in USB-audio and co spotted by fuzzer,
  and a few HD-audio quirks as usual"

* tag 'sound-5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: line6: Fix racy initialization of LINE6 MIDI
  ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency
  ALSA: dice: disable double_pcm_frames mode for M-Audio Profire 610, 2626 and Avid M-Box 3 Pro
  ALSA: intel8x0: Don't update period unless prepared
  ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293
  ALSA: firewire-lib: fix amdtp_packet tracepoints event for packet_index field
  ALSA: firewire-lib: fix calculation for size of IR context payload
  ALSA: firewire-lib: fix check for the size of isochronous packet payload
  ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
  ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26
  ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx
  ALSA: usb-audio: Fix potential out-of-bounce access in MIDI EP parser
  ALSA: usb-audio: Validate MS endpoint descriptors
  ALSA: hda: fixup headset for ASUS GU502 laptop
  ALSA: hda/realtek: reset eapd coeff to default value for alc287
      6aa37a53
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v5.13-2' of... · 9ebd8118
      Linus Torvalds authored 
      Merge tag 'platform-drivers-x86-v5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86

Pull x86 platform driver fixes from Hans de Goede:
 "Assorted pdx86 bug-fixes and model-specific quirks for 5.13"

* tag 'platform-drivers-x86-v5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
  platform/x86: touchscreen_dmi: Add info for the Chuwi Hi10 Pro (CWI529) tablet
  platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet
  platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
  platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
  platform/x86: hp-wireless: add AMD's hardware id to the supported list
  platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle
  platform/x86: gigabyte-wmi: add support for B550 Aorus Elite
  platform/x86: gigabyte-wmi: add support for X570 UD
  platform/x86: gigabyte-wmi: streamline dmi matching
  platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue
  platform/surface: dtx: Fix poll function
  platform/surface: aggregator: Add platform-drivers-x86 list to MAINTAINERS entry
  platform/surface: aggregator: avoid clang -Wconstant-conversion warning
  platform/surface: aggregator: Do not mark interrupt as shared
  platform/x86: hp_accel: Avoid invoking _INI to speed up resume
  platform/x86: ideapad-laptop: fix method name typo
  platform/x86: ideapad-laptop: fix a NULL pointer dereference
      9ebd8118
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 50f09a3d
      Linus Torvalds authored 
      Pull char/misc driver fixes from Greg KH:
 "Here is a big set of char/misc/other driver fixes for 5.13-rc3.

  The majority here is the fallout of the umn.edu re-review of all prior
  submissions. That resulted in a bunch of reverts along with the
  "correct" changes made, such that there is no regression of any of the
  potential fixes that were made by those individuals. I would like to
  thank the over 80 different developers who helped with the review and
  fixes for this mess.

  Other than that, there's a few habanna driver fixes for reported
  issues, and some dyndbg fixes for reported problems.

  All of these have been in linux-next for a while with no reported
  problems"

* tag 'char-misc-5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (82 commits)
  misc: eeprom: at24: check suspend status before disable regulator
  uio_hv_generic: Fix another memory leak in error handling paths
  uio_hv_generic: Fix a memory leak in error handling paths
  uio/uio_pci_generic: fix return value changed in refactoring
  Revert "Revert "ALSA: usx2y: Fix potential NULL pointer dereference""
  dyndbg: drop uninformative vpr_info
  dyndbg: avoid calling dyndbg_emit_prefix when it has no work
  binder: Return EFAULT if we fail BINDER_ENABLE_ONEWAY_SPAM_DETECTION
  cdrom: gdrom: initialize global variable at init time
  brcmfmac: properly check for bus register errors
  Revert "brcmfmac: add a check for the status of usb_register"
  video: imsttfb: check for ioremap() failures
  Revert "video: imsttfb: fix potential NULL pointer dereferences"
  net: liquidio: Add missing null pointer checks
  Revert "net: liquidio: fix a NULL pointer dereference"
  media: gspca: properly check for errors in po1030_probe()
  Revert "media: gspca: Check the return value of write_bridge for timeout"
  media: gspca: mt9m111: Check write_bridge for timeout
  Revert "media: gspca: mt9m111: Check write_bridge for timeout"
  media: dvb: Add check on sp8870_readreg return
  ...
      50f09a3d
    • Linus Torvalds's avatar
      Merge tag 'quota_for_v5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · 7ac17714
      Linus Torvalds authored 
      Pull quota fixes from Jan Kara:
 "The most important part in the pull is disablement of the new syscall
  quotactl_path() which was added in rc1.

  The reason is some people at LWN discussion pointed out dirfd would be
  useful for this path based syscall and Christian Brauner agreed.

  Without dirfd it may be indeed problematic for containers. So let's
  just disable the syscall for now when it doesn't have users yet so
  that we have more time to mull over how to best specify the filesystem
  we want to work on"

* tag 'quota_for_v5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  quota: Disable quotactl_path syscall
  quota: Use 'hlist_for_each_entry' to simplify code
      7ac17714
    • Hans de Goede's avatar
      platform/x86: touchscreen_dmi: Add info for the Chuwi Hi10 Pro (CWI529) tablet · e68671e9
      Hans de Goede authored 
      Add touchscreen info for the Chuwi Hi10 Pro (CWI529) tablet. This includes
info for getting the firmware directly from the UEFI, so that the user does
not need to manually install the firmware in /lib/firmware/silead.

This change will make the touchscreen on these devices work OOTB,
without requiring any manual setup.
Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20210520093228.7439-1-hdegoede@redhat.com
      e68671e9
    • Christian König's avatar
      dma-buf: fix unintended pin/unpin warnings · 7e008b02
      Christian König authored 
      DMA-buf internal users call the pin/unpin functions without having a
dynamic attachment. Avoid the warning and backtrace in the logs.
Signed-off-by: default avatarChristian König <christian.koenig@amd.com>
Bugs: https://gitlab.freedesktop.org/drm/intel/-/issues/3481
Fixes: c545781e ("dma-buf: doc polish for pin/unpin")
Reviewed-by: default avatarAlex Deucher <alexander.deucher@amd.com>
Reviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
CC: stable@kernel.org
Link: https://patchwork.freedesktop.org/patch/msgid/20210517115705.2141-1-christian.koenig@amd.com
      7e008b02
    • Rohith Surabattula's avatar
      Defer close only when lease is enabled. · 0ab95c25
      Rohith Surabattula authored 
      When smb2 lease parameter is disabled on server. Server grants
batch oplock instead of RHW lease by default on open, inode page cache
needs to be zapped immediatley upon close as cache is not valid.
Signed-off-by: default avatarRohith Surabattula <rohiths@microsoft.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      0ab95c25
    • Rohith Surabattula's avatar
      Fix kernel oops when CONFIG_DEBUG_ATOMIC_SLEEP is enabled. · 860b69a9
      Rohith Surabattula authored 
      Removed oplock_break_received flag which was added to achieve
synchronization between oplock handler and open handler by earlier commit.

It is not needed because there is an existing lock open_file_lock to achieve
the same. find_readable_file takes open_file_lock and then traverses the
openFileList. Similarly, cifs_oplock_break while closing the deferred
handle (i.e cifsFileInfo_put) takes open_file_lock and then sends close
to the server.

Added comments for better readability.
Signed-off-by: default avatarRohith Surabattula <rohiths@microsoft.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      860b69a9
    • Jiapeng Chong's avatar
      cifs: Fix inconsistent indenting · e83aa352
      Jiapeng Chong authored 
      Eliminate the follow smatch warning:

fs/cifs/fs_context.c:1148 smb3_fs_context_parse_param() warn:
inconsistent indenting.
Reported-by: default avatarAbaci Robot <abaci@linux.alibaba.com>
Signed-off-by: default avatarJiapeng Chong <jiapeng.chong@linux.alibaba.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      e83aa352
    • Ronnie Sahlberg's avatar
      cifs: fix memory leak in smb2_copychunk_range · d201d763
      Ronnie Sahlberg authored 
      When using smb2_copychunk_range() for large ranges we will
run through several iterations of a loop calling SMB2_ioctl()
but never actually free the returned buffer except for the final
iteration.
This leads to memory leaks everytime a large copychunk is requested.

Fixes: 9bf0c9cd ("CIFS: Fix SMB2/SMB3 Copy offload support (refcopy) for large files")
Cc: <stable@vger.kernel.org>
Reviewed-by: default avatarAurelien Aptel <aaptel@suse.com>
Signed-off-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      d201d763
  5. 19 May, 2021 12 commits
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7