1. 14 Jun, 2023 1 commit
    • Mauro Carvalho Chehab's avatar
      Revert "media: dvb-core: Fix use-after-free on race condition at dvb_frontend" · ec21a38d
      Mauro Carvalho Chehab authored
      As reported by Thomas Voegtle <tv@lio96.de>, sometimes a DVB card does
      not initialize properly booting Linux 6.4-rc4. This is not always, maybe
      in 3 out of 4 attempts.
      
      After double-checking, the root cause seems to be related to the
      UAF fix, which is causing a race issue:
      
      [   26.332149] tda10071 7-0005: found a 'NXP TDA10071' in cold state, will try to load a firmware
      [   26.340779] tda10071 7-0005: downloading firmware from file 'dvb-fe-tda10071.fw'
      [  989.277402] INFO: task vdr:743 blocked for more than 491 seconds.
      [  989.283504]       Not tainted 6.4.0-rc5-i5 #249
      [  989.288036] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
      [  989.295860] task:vdr             state:D stack:0     pid:743   ppid:711    flags:0x00004002
      [  989.295865] Call Trace:
      [  989.295867]  <TASK>
      [  989.295869]  __schedule+0x2ea/0x12d0
      [  989.295877]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
      [  989.295881]  schedule+0x57/0xc0
      [  989.295884]  schedule_preempt_disabled+0xc/0x20
      [  989.295887]  __mutex_lock.isra.16+0x237/0x480
      [  989.295891]  ? dvb_get_property.isra.10+0x1bc/0xa50
      [  989.295898]  ? dvb_frontend_stop+0x36/0x180
      [  989.338777]  dvb_frontend_stop+0x36/0x180
      [  989.338781]  dvb_frontend_open+0x2f1/0x470
      [  989.338784]  dvb_device_open+0x81/0xf0
      [  989.338804]  ? exact_lock+0x20/0x20
      [  989.338808]  chrdev_open+0x7f/0x1c0
      [  989.338811]  ? generic_permission+0x1a2/0x230
      [  989.338813]  ? link_path_walk.part.63+0x340/0x380
      [  989.338815]  ? exact_lock+0x20/0x20
      [  989.338817]  do_dentry_open+0x18e/0x450
      [  989.374030]  path_openat+0xca5/0xe00
      [  989.374031]  ? terminate_walk+0xec/0x100
      [  989.374034]  ? path_lookupat+0x93/0x140
      [  989.374036]  do_filp_open+0xc0/0x140
      [  989.374038]  ? __call_rcu_common.constprop.91+0x92/0x240
      [  989.374041]  ? __check_object_size+0x147/0x260
      [  989.374043]  ? __check_object_size+0x147/0x260
      [  989.374045]  ? alloc_fd+0xbb/0x180
      [  989.374048]  ? do_sys_openat2+0x243/0x310
      [  989.374050]  do_sys_openat2+0x243/0x310
      [  989.374052]  do_sys_open+0x52/0x80
      [  989.374055]  do_syscall_64+0x5b/0x80
      [  989.421335]  ? __task_pid_nr_ns+0x92/0xa0
      [  989.421337]  ? syscall_exit_to_user_mode+0x20/0x40
      [  989.421339]  ? do_syscall_64+0x67/0x80
      [  989.421341]  ? syscall_exit_to_user_mode+0x20/0x40
      [  989.421343]  ? do_syscall_64+0x67/0x80
      [  989.421345]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
      [  989.421348] RIP: 0033:0x7fe895d067e3
      [  989.421349] RSP: 002b:00007fff933c2ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
      [  989.421351] RAX: ffffffffffffffda RBX: 00007fff933c2c10 RCX: 00007fe895d067e3
      [  989.421352] RDX: 0000000000000802 RSI: 00005594acdce160 RDI: 00000000ffffff9c
      [  989.421353] RBP: 0000000000000802 R08: 0000000000000000 R09: 0000000000000000
      [  989.421353] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
      [  989.421354] R13: 00007fff933c2ca0 R14: 00000000ffffffff R15: 00007fff933c2c90
      [  989.421355]  </TASK>
      
      This reverts commit 6769a0b7.
      
      Fixes: 6769a0b7 ("media: dvb-core: Fix use-after-free on race condition at dvb_frontend")
      Link: https://lore.kernel.org/all/da5382ad-09d6-20ac-0d53-611594b30861@lio96.de/Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@kernel.org>
      ec21a38d
  2. 09 Jun, 2023 1 commit
    • Mauro Carvalho Chehab's avatar
      Merge tag 'v6.4-rc5' into v4l_for_linus · 4b0a5014
      Mauro Carvalho Chehab authored
      Linux 6.4-rc5
      
      * tag 'v6.4-rc5': (303 commits)
        Linux 6.4-rc5
        leds: qcom-lpg: Fix PWM period limits
        selftests/ftrace: Choose target function for filter test from samples
        KVM: selftests: Add test for race in kvm_recalculate_apic_map()
        KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds
        KVM: x86: Account fastpath-only VM-Exits in vCPU stats
        KVM: SVM: vNMI pending bit is V_NMI_PENDING_MASK not V_NMI_BLOCKING_MASK
        KVM: x86/mmu: Grab memslot for correct address space in NX recovery worker
        tpm, tpm_tis: correct tpm_tis_flags enumeration values
        Revert "ext4: remove ac->ac_found > sbi->s_mb_min_to_scan dead check in ext4_mb_check_limits"
        riscv: Implement missing huge_ptep_get
        riscv: Fix huge_ptep_set_wrprotect when PTE is a NAPOT
        module/decompress: Fix error checking on zstd decompression
        fork, vhost: Use CLONE_THREAD to fix freezer/ps regression
        dt-bindings: serial: 8250_omap: add rs485-rts-active-high
        selinux: don't use make's grouped targets feature yet
        riscv: perf: Fix callchain parse error with kernel tracepoint events
        mptcp: fix active subflow finalization
        mptcp: add annotations around sk->sk_shutdown accesses
        mptcp: fix data race around msk->first access
        ...
      4b0a5014
  3. 04 Jun, 2023 10 commits
    • Linus Torvalds's avatar
      Linux 6.4-rc5 · 9561de3a
      Linus Torvalds authored
      9561de3a
    • Linus Torvalds's avatar
      Merge tag 'irq_urgent_for_v6.4_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 6f64a5eb
      Linus Torvalds authored
      Pull irq fix from Borislav Petkov:
      
       - Fix open firmware quirks validation so that they don't get applied
         wrongly
      
      * tag 'irq_urgent_for_v6.4_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/gic: Correctly validate OF quirk descriptors
      6f64a5eb
    • Linus Torvalds's avatar
      Merge tag 'media/v6.4-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media · 5e89d62e
      Linus Torvalds authored
      Pull media fixes from Mauro Carvalho Chehab:
       "Some driver fixes:
         - a regression fix for the verisilicon driver
         - uvcvideo: don't expose unsupported video formats to userspace
         - camss-video: don't zero subdev format after init
         - mediatek: some fixes for 4K decoder formats
         - fix a Sphinx build warning (missing doc for client_caps)
         - some fixes for imx and atomisp staging drivers
      
        And two CEC core fixes:
         - don't set last_initiator if TX in progress
         - disable adapter in cec_devnode_unregister"
      
      * tag 'media/v6.4-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
        media: uvcvideo: Don't expose unsupported formats to userspace
        media: v4l2-subdev: Fix missing kerneldoc for client_caps
        media: staging: media: imx: initialize hs_settle to avoid warning
        media: v4l2-mc: Drop subdev check in v4l2_create_fwnode_links_to_pad()
        media: staging: media: atomisp: init high & low vars
        media: cec: core: don't set last_initiator if tx in progress
        media: cec: core: disable adapter in cec_devnode_unregister
        media: mediatek: vcodec: Only apply 4K frame sizes on decoder formats
        media: camss: camss-video: Don't zero subdev format again after initialization
        media: verisilicon: Additional fix for the crash when opening the driver
      5e89d62e
    • Mauro Carvalho Chehab's avatar
      Merge tag 'v6.4-rc4' into v4l_for_linus · 899e373e
      Mauro Carvalho Chehab authored
      Linux 6.4-rc4
      
      * tag 'v6.4-rc4': (606 commits)
        Linux 6.4-rc4
        cxl: Explicitly initialize resources when media is not ready
        x86: re-introduce support for ERMS copies for user space accesses
        NVMe: Add MAXIO 1602 to bogus nid list.
        module: error out early on concurrent load of the same module file
        x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
        cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf()
        io_uring: unlock sqd->lock before sq thread release CPU
        MAINTAINERS: update arm64 Microchip entries
        udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
        net: phy: mscc: enable VSC8501/2 RGMII RX clock
        net: phy: mscc: remove unnecessary phydev locking
        net: phy: mscc: add support for VSC8501
        net: phy: mscc: add VSC8502 to MODULE_DEVICE_TABLE
        net/handshake: Enable the SNI extension to work properly
        net/handshake: Unpin sock->file if a handshake is cancelled
        net/handshake: handshake_genl_notify() shouldn't ignore @flags
        net/handshake: Fix uninitialized local variable
        net/handshake: Fix handshake_dup() ref counting
        net/handshake: Remove unneeded check from handshake_dup()
        ...
      899e373e
    • Linus Torvalds's avatar
      Merge tag 'char-misc-6.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 209835e8
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are a bunch of tiny char/misc/other driver fixes for 6.4-rc5 that
        resolve a number of reported issues. Included in here are:
      
         - iio driver fixes
      
         - fpga driver fixes
      
         - test_firmware bugfixes
      
         - fastrpc driver tiny bugfixes
      
         - MAINTAINERS file updates for some subsystems
      
        All of these have been in linux-next this past week with no reported
        issues"
      
      * tag 'char-misc-6.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (34 commits)
        test_firmware: fix the memory leak of the allocated firmware buffer
        test_firmware: fix a memory leak with reqs buffer
        test_firmware: prevent race conditions by a correct implementation of locking
        firmware_loader: Fix a NULL vs IS_ERR() check
        MAINTAINERS: Vaibhav Gupta is the new ipack maintainer
        dt-bindings: fpga: replace Ivan Bornyakov maintainership
        MAINTAINERS: update Microchip MPF FPGA reviewers
        misc: fastrpc: reject new invocations during device removal
        misc: fastrpc: return -EPIPE to invocations on device removal
        misc: fastrpc: Reassign memory ownership only for remote heap
        misc: fastrpc: Pass proper scm arguments for secure map request
        iio: imu: inv_icm42600: fix timestamp reset
        iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag
        dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value
        iio: dac: mcp4725: Fix i2c_master_send() return value handling
        iio: accel: kx022a fix irq getting
        iio: bu27034: Ensure reset is written
        iio: dac: build ad5758 driver when AD5758 is selected
        iio: addac: ad74413: fix resistance input processing
        iio: light: vcnl4035: fixed chip ID check
        ...
      209835e8
    • Linus Torvalds's avatar
      Merge tag 'driver-core-6.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core · 41f3ab2d
      Linus Torvalds authored
      Pull driver core fixes from Greg KH:
       "Here are two small driver core cacheinfo fixes for 6.4-rc5 that
        resolve a number of reported issues with that file. These changes have
        been in linux-next this past week with no reported problems"
      
      * tag 'driver-core-6.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        drivers: base: cacheinfo: Update cpu_map_populated during CPU Hotplug
        drivers: base: cacheinfo: Fix shared_cpu_map changes in event of CPU hotplug
      41f3ab2d
    • Linus Torvalds's avatar
      Merge tag 'tty-6.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 12c2f77b
      Linus Torvalds authored
      Pull tty/serial driver fixes from Greg KH:
       "Here are some small tty/serial driver fixes for 6.4-rc5 that have all
        been in linux-next this past week with no reported problems. Included
        in here are:
      
         - 8250_tegra driver bugfix
      
         - fsl uart driver bugfixes
      
         - Kconfig fix for dependancy issue
      
         - dt-bindings fix for the 8250_omap driver"
      
      * tag 'tty-6.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        dt-bindings: serial: 8250_omap: add rs485-rts-active-high
        serial: cpm_uart: Fix a COMPILE_TEST dependency
        soc: fsl: cpm1: Fix TSA and QMC dependencies in case of COMPILE_TEST
        tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK
        serial: 8250_tegra: Fix an error handling path in tegra_uart_probe()
      12c2f77b
    • Linus Torvalds's avatar
      Merge tag 'usb-6.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 8b435e40
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are some USB driver and core fixes for 6.4-rc5. Most of these are
        tiny driver fixes, including:
      
         - udc driver bugfix
      
         - f_fs gadget driver bugfix
      
         - cdns3 driver bugfix
      
         - typec bugfixes
      
        But the "big" thing in here is a fix yet-again for how the USB buffers
        are handled from userspace when dealing with DMA issues. The changes
        were discussed a lot, and tested a lot, on the list, and acked by the
        relevant mm maintainers and have been in linux-next all this past week
        with no reported problems"
      
      * tag 'usb-6.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: typec: tps6598x: Fix broken polling mode after system suspend/resume
        mm: page_table_check: Ensure user pages are not slab pages
        mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
        usb: usbfs: Use consistent mmap functions
        usb: usbfs: Enforce page requirements for mmap
        dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type
        usb: gadget: udc: fix NULL dereference in remove()
        usb: gadget: f_fs: Add unbind event before functionfs_unbind
        usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM
      8b435e40
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · b066935b
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "ARM:
      
         - Address some fallout of the locking rework, this time affecting the
           way the vgic is configured
      
         - Fix an issue where the page table walker frees a subtree and then
           proceeds with walking what it has just freed...
      
         - Check that a given PA donated to the guest is actually memory (only
           affecting pKVM)
      
         - Correctly handle MTE CMOs by Set/Way
      
         - Fix the reported address of a watchpoint forwarded to userspace
      
         - Fix the freeing of the root of stage-2 page tables
      
         - Stop creating spurious PMU events to perform detection of the
           default PMU and use the existing PMU list instead
      
        x86:
      
         - Fix a memslot lookup bug in the NX recovery thread that could
           theoretically let userspace bypass the NX hugepage mitigation
      
         - Fix a s/BLOCKING/PENDING bug in SVM's vNMI support
      
         - Account exit stats for fastpath VM-Exits that never leave the super
           tight run-loop
      
         - Fix an out-of-bounds bug in the optimized APIC map code, and add a
           regression test for the race"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: selftests: Add test for race in kvm_recalculate_apic_map()
        KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds
        KVM: x86: Account fastpath-only VM-Exits in vCPU stats
        KVM: SVM: vNMI pending bit is V_NMI_PENDING_MASK not V_NMI_BLOCKING_MASK
        KVM: x86/mmu: Grab memslot for correct address space in NX recovery worker
        KVM: arm64: Document default vPMU behavior on heterogeneous systems
        KVM: arm64: Iterate arm_pmus list to probe for default PMU
        KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free_removed()
        KVM: arm64: Populate fault info for watchpoint
        KVM: arm64: Reload PTE after invoking walker callback on preorder traversal
        KVM: arm64: Handle trap of tagged Set/Way CMOs
        arm64: Add missing Set/Way CMO encodings
        KVM: arm64: Prevent unconditional donation of unmapped regions from the host
        KVM: arm64: vgic: Fix a comment
        KVM: arm64: vgic: Fix locking comment
        KVM: arm64: vgic: Wrap vgic_its_create() with config_lock
        KVM: arm64: vgic: Fix a circular locking issue
      b066935b
    • Linus Torvalds's avatar
      Merge tag 'powerpc-6.4-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 9455b4b6
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - Fix link errors in new aes-gcm-p10 code when built-in with other
         drivers
      
       - Limit number of TCEs passed to H_STUFF_TCE hcall as per spec
      
       - Use KSYM_NAME_LEN in xmon array size to avoid possible OOB write
      
      Thanks to Gaurav Batra and Maninder Singh Vishal Chourasia.
      
      * tag 'powerpc-6.4-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/xmon: Use KSYM_NAME_LEN in array size
        powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
        powerpc/crypto: Fix aes-gcm-p10 link errors
      9455b4b6
  4. 03 Jun, 2023 10 commits
  5. 02 Jun, 2023 18 commits