user/sven/linux.git, branch v5.12.8 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v5.12.8 2021-05-28T11:18:53Z Linux 5.12.8 2021-05-28T11:18:53Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2021-05-28T11:18:53Z urn:sha1:cfb3ea79045ad3c7bcaa0036b5a66609ccdadffe Link: https://lore.kernel.org/r/20210527151139.241267495@linuxfoundation.org Tested-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Fox Chen <foxhlchen@gmail.com> Tested-by: Shuah Khan <skhan@linuxfoundation.org> Tested-by: Florian Fainelli <f.fainelli@gmail.com> Reviewed-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Linux Kernel Functional Testing <lkft@linaro.org> NFC: nci: fix memory leak in nci_allocate_device 2021-05-28T11:18:53Z Dongliang Mu mudongliangabcd@gmail.com 2021-05-14T23:29:06Z urn:sha1:65234f50a90b64b335cbb9164b8a98c2a0d031dd commit e0652f8bb44d6294eeeac06d703185357f25d50b upstream. nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 Reported-by: syzbot+19bcfc64a8df1318d1c3@syzkaller.appspotmail.com Fixes: 11f54f228643 ("NFC: nci: Add HCI over NCI protocol support") Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> KVM: x86: Defer vtime accounting 'til after IRQ handling 2021-05-28T11:18:53Z Wanpeng Li wanpengli@tencent.com 2021-05-05T00:27:30Z urn:sha1:a7fcb65fa1cf2a6da7264f4f61a309406f33cb9a commit 160457140187c5fb127b844e5a85f87f00a01b14 upstream. Defer the call to account guest time until after servicing any IRQ(s) that happened in the guest or immediately after VM-Exit. Tick-based accounting of vCPU time relies on PF_VCPU being set when the tick IRQ handler runs, and IRQs are blocked throughout the main sequence of vcpu_enter_guest(), including the call into vendor code to actually enter and exit the guest. This fixes a bug where reported guest time remains '0', even when running an infinite loop in the guest: https://bugzilla.kernel.org/show_bug.cgi?id=209831 Fixes: 87fa7f3e98a131 ("x86/kvm: Move context tracking where it belongs") Suggested-by: Thomas Gleixner <tglx@linutronix.de> Co-developed-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Wanpeng Li <wanpengli@tencent.com> Signed-off-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210505002735.1684165-4-seanjc@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> context_tracking: Move guest exit vtime accounting to separate helpers 2021-05-28T11:18:52Z Wanpeng Li wanpengli@tencent.com 2021-05-05T00:27:29Z urn:sha1:a4367bbe866beba3a4ba8e448181832ab21f1885 commit 88d8220bbf06dd8045b2ac4be1046290eaa7773a upstream. Provide separate vtime accounting functions for guest exit instead of open coding the logic within the context tracking code. This will allow KVM x86 to handle vtime accounting slightly differently when using tick-based accounting. Suggested-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Wanpeng Li <wanpengli@tencent.com> Co-developed-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Link: https://lore.kernel.org/r/20210505002735.1684165-3-seanjc@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> context_tracking: Move guest exit context tracking to separate helpers 2021-05-28T11:18:52Z Wanpeng Li wanpengli@tencent.com 2021-05-05T00:27:28Z urn:sha1:e325dc7acbdb4140dc7268caac1fa437e86edc51 commit 866a6dadbb027b2955a7ae00bab9705d382def12 upstream. Provide separate context tracking helpers for guest exit, the standalone helpers will be called separately by KVM x86 in later patches to fix tick-based accounting. Suggested-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Wanpeng Li <wanpengli@tencent.com> Co-developed-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20210505002735.1684165-2-seanjc@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> bpf: No need to simulate speculative domain for immediates 2021-05-28T11:18:52Z Daniel Borkmann daniel@iogearbox.net 2021-05-04T08:58:25Z urn:sha1:f3ab9709b00ed389f870f6b20d323193bcf572c8 commit a7036191277f9fa68d92f2071ddc38c09b1e5ee5 upstream. In 801c6058d14a ("bpf: Fix leakage of uninitialized bpf stack under speculation") we replaced masking logic with direct loads of immediates if the register is a known constant. Given in this case we do not apply any masking, there is also no reason for the operation to be truncated under the speculative domain. Therefore, there is also zero reason for the verifier to branch-off and simulate this case, it only needs to do it for unknown but bounded scalars. As a side-effect, this also enables few test cases that were previously rejected due to simulation under zero truncation. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Piotr Krysiuk <piotras@gmail.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> bpf: Fix mask direction swap upon off reg sign change 2021-05-28T11:18:52Z Daniel Borkmann daniel@iogearbox.net 2021-05-21T10:19:22Z urn:sha1:4dd2aaaddbcfd8e9f097512c745d69018f8e9801 commit bb01a1bba579b4b1c5566af24d95f1767859771e upstream. Masking direction as indicated via mask_to_left is considered to be calculated once and then used to derive pointer limits. Thus, this needs to be placed into bpf_sanitize_info instead so we can pass it to sanitize_ptr_alu() call after the pointer move. Piotr noticed a corner case where the off reg causes masking direction change which then results in an incorrect final aux->alu_limit. Fixes: 7fedb63a8307 ("bpf: Tighten speculative pointer arithmetic mask") Reported-by: Piotr Krysiuk <piotras@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Piotr Krysiuk <piotras@gmail.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> bpf: Wrap aux data inside bpf_sanitize_info container 2021-05-28T11:18:52Z Daniel Borkmann daniel@iogearbox.net 2021-05-21T10:17:36Z urn:sha1:9accd53bd479974c434554e3446149884890623a commit 3d0220f6861d713213b015b582e9f21e5b28d2e0 upstream. Add a container structure struct bpf_sanitize_info which holds the current aux info, and update call-sites to sanitize_ptr_alu() to pass it in. This is needed for passing in additional state later on. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Piotr Krysiuk <piotras@gmail.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Linux 5.12.7 2021-05-26T10:59:15Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2021-05-26T10:59:15Z urn:sha1:55c17a63e51a668438d3d9fa5ff8ef959fe90a4c Link: https://lore.kernel.org/r/20210524152334.857620285@linuxfoundation.org Tested-by: Rudi Heitbaum <rudi@heitbaum.com> Tested-by: Fox Chen <foxhlchen@gmail.com> Tested-by: Shuah Khan <skhan@linuxfoundation.org> Tested-by: Florian Fainelli <f.fainelli@gmail.com> Tested-by: Jason Self <jason@bluehome.net> Tested-by: Linux Kernel Functional Testing <lkft@linaro.org> Tested-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Justin M. Forbes <jforbes@fedoraproject.org> Tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Bluetooth: SMP: Fail if remote and local public keys are identical 2021-05-26T10:59:14Z Luiz Augusto von Dentz luiz.von.dentz@intel.com 2021-03-10T22:13:08Z urn:sha1:58cca5ec43be72a1af95f11966381e9953b0c9f5 commit 6d19628f539fccf899298ff02ee4c73e4bf6df3f upstream. This fails the pairing procedure when both remote and local non-debug public keys are identical. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>