Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.4.287 2021-10-07T06:30:44Z 2021-10-07T06:30:44Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2021-10-07T06:30:44Z urn:sha1:a123b2f4737a9f4e34e92e502972b6388f90133f Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-10-07T06:30:44Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2021-10-07T06:18:59Z urn:sha1:43aa7a41ea67d8f69182ddfc4a3cc6c337fbafe7 This reverts commit 69e450b170995e8a4e3eb94fb14c822553124870 which is commit 9fcb2e93f41c07a400885325e7dbdfceba6efaec upstream. Turns out to break the build when CONFIG_CC_STACKPROTECTOR=y. Reported-by: Hans-Christian Egtvedt <hegtvedt@cisco.com> Link: https://lore.kernel.org/r/DM5PR11MB001226B8D03B8CC8FA093AC6DDB09@DM5PR11MB0012.namprd11.prod.outlook.com Cc: Dan Li <ashimida@linux.alibaba.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Sasha Levin <sashal@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-10-06T08:22:26Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2021-10-06T08:22:26Z urn:sha1:fb33274be249a0dd7d4d470a1f6ab392e0c76720 Link: https://lore.kernel.org/r/20211004125026.597501645@linuxfoundation.org Tested-by: Pavel Machek (CIP) <pavel@denx.de> Tested-by: Shuah Khan <skhan@linuxfoundation.org> Tested-by: Guenter Roeck <linux@roeck-us.net> Link: https://lore.kernel.org/r/20211005083253.853051879@linuxfoundation.org Tested-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Pavel Machek (CIP) <pavel@denx.de> Tested-by: Shuah Khan <skhan@linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-10-06T08:22:25Z NeilBrown neilb@suse.com 2018-12-03T00:30:30Z urn:sha1:c2192a6299b8cf1b3e4e3cc18d2550e73e3bb472 commit f06bc03339ad4c1baa964a5f0606247ac1c3c50b upstream. It is common practice for helpers like this to silently, accept a NULL pointer. get_rpccred() and put_rpccred() used by NFS act this way and using the same interface will ease the conversion for NFS, and simplify the resulting code. Signed-off-by: NeilBrown <neilb@suse.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Cc: Eric Dumazet <edumazet@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-10-06T08:22:25Z Anirudh Rayabharam mail@anirudhrb.com 2021-06-23T18:40:29Z urn:sha1:7ce4e49146612261265671b1d30d117139021030 commit f7744fa16b96da57187dc8e5634152d3b63d72de upstream. Free the unsent raw_report buffers when the device is removed. Fixes a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47 Reported-by: syzbot+47b26cd837ececfc666d@syzkaller.appspotmail.com Tested-by: syzbot+47b26cd837ececfc666d@syzkaller.appspotmail.com Signed-off-by: Anirudh Rayabharam <mail@anirudhrb.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-10-06T08:22:25Z Jozsef Kadlecsik kadlec@netfilter.org 2021-09-06T16:26:34Z urn:sha1:c55127a19d3cc334978eaddc2d7cdb19e2c2b29f commit 7bbc3d385bd813077acaf0e6fdb2a86a901f5382 upstream. The commit commit 7661809d493b426e979f39ab512e3adf41fbcc69 Author: Linus Torvalds <torvalds@linux-foundation.org> Date: Wed Jul 14 09:45:49 2021 -0700 mm: don't allow oversized kvmalloc() calls limits the max allocatable memory via kvmalloc() to MAX_INT. Apply the same limit in ipset. Reported-by: syzbot+3493b1873fb3ea827986@syzkaller.appspotmail.com Reported-by: syzbot+2b8443c35458a617c904@syzkaller.appspotmail.com Reported-by: syzbot+ee5cb15f4a0e85e0d54e@syzkaller.appspotmail.com Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-10-06T08:22:25Z F.A.Sulaiman asha.16@itfac.mrt.ac.lk 2021-08-24T15:07:30Z urn:sha1:a4faa7153b87fbcfe4be15f4278676f79ca6e019 commit 1e4ce418b1cb1a810256b5fb3fd33d22d1325993 upstream. Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver. The problem is the driver assumes the device must have an input report but some malicious devices violate this assumption. So this patch checks hid_device's input is non empty before it's been used. Reported-by: syzbot+07efed3bc5a1407bd742@syzkaller.appspotmail.com Signed-off-by: F.A. SULAIMAN <asha.16@itfac.mrt.ac.lk> Reviewed-by: Pavel Skripkin <paskripkin@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-10-06T08:22:25Z Suzuki K Poulose suzuki.poulose@arm.com 2021-02-03T23:00:57Z urn:sha1:6f5648603a693527baa995f8f189bd8925ef2042 commit c0b15c25d25171db4b70cc0b7dbc1130ee94017d upstream. The erratum 1024718 affects Cortex-A55 r0p0 to r2p0. However we apply the work around for r0p0 - r1p0. Unfortunately this won't be fixed for the future revisions for the CPU. Thus extend the work around for all versions of A55, to cover for r2p0 and any future revisions. Cc: stable@vger.kernel.org Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will@kernel.org> Cc: James Morse <james.morse@arm.com> Cc: Kunihiko Hayashi <hayashi.kunihiko@socionext.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> Link: https://lore.kernel.org/r/20210203230057.3961239-1-suzuki.poulose@arm.com [will: Update Kconfig help text] Signed-off-by: Will Deacon <will@kernel.org> [Nanyon: adjust for stable version below v4.16, which set TCR_HD earlier in assembly code] Signed-off-by: Nanyong Sun <sunnanyong@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-10-06T08:22:25Z Sai Krishna Potthuri lakshmi.sai.krishna.potthuri@xilinx.com 2021-08-18T07:23:14Z urn:sha1:be3d91ceea78f140bc6e9140ed4c53b5eadfb3af commit 5297cfa6bdf93e3889f78f9b482e2a595a376083 upstream. dimm->edac_mode contains values of type enum edac_type - not the corresponding capability flags. Fix that. Issue caught by Coverity check "enumerated type mixed with another type." [ bp: Rewrite commit message, add tags. ] Fixes: ae9b56e3996d ("EDAC, synps: Add EDAC support for zynq ddr ecc controller") Signed-off-by: Sai Krishna Potthuri <lakshmi.sai.krishna.potthuri@xilinx.com> Signed-off-by: Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com> Signed-off-by: Borislav Petkov <bp@suse.de> Cc: <stable@vger.kernel.org> Link: https://lkml.kernel.org/r/20210818072315.15149-1-shubhrajyoti.datta@xilinx.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-10-06T08:22:25Z yangerkun yangerkun@huawei.com 2021-09-14T11:14:15Z urn:sha1:112b8f0344779bf8c9fcccfeafe0f391a33b1e2a commit 42cb447410d024e9d54139ae9c21ea132a8c384c upstream. When ext4_htree_fill_tree() fails, ext4_dx_readdir() can run into an infinite loop since if info->last_pos != ctx->pos this will reset the directory scan and reread the failing entry. For example: 1. a dx_dir which has 3 block, block 0 as dx_root block, block 1/2 as leaf block which own the ext4_dir_entry_2 2. block 1 read ok and call_filldir which will fill the dirent and update the ctx->pos 3. block 2 read fail, but we has already fill some dirent, so we will return back to userspace will a positive return val(see ksys_getdents64) 4. the second ext4_dx_readdir will reset the world since info->last_pos != ctx->pos, and will also init the curr_hash which pos to block 1 5. So we will read block1 too, and once block2 still read fail, we can only fill one dirent because the hash of the entry in block1(besides the last one) won't greater than curr_hash 6. this time, we forget update last_pos too since the read for block2 will fail, and since we has got the one entry, ksys_getdents64 can return success 7. Latter we will trapped in a loop with step 4~6 Cc: stable@kernel.org Signed-off-by: yangerkun <yangerkun@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Link: https://lore.kernel.org/r/20210914111415.3921954-1-yangerkun@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>