~ubuntu-kernel/ubuntu/+source/linux/+git/focal:master-next
- Git
- lp:~ubuntu-kernel/ubuntu/+source/linux/+git/focal
- master-next
- Get this branch:
-
git clone
-b master-next
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal
Branch merges
Related source package recipes
Branch information
- Name:
- master-next
Recent commits
- e4320ce... by Manuel Diewald
-
UBUNTU: Upstream stable to v5.4.271
BugLink: https:/
/bugs.launchpad .net/bugs/ 2060216 Ignore: yes
Signed-off-by: Manuel Diewald <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - d0b84bc... by Greg Kroah-Hartman <email address hidden>
-
Linux 5.4.271
BugLink: https:/
/bugs.launchpad .net/bugs/ 2060216 Link: https://<email address hidden>
Tested-by: Jon Hunter <email address hidden>
Tested-by: Shuah Khan <email address hidden>
Tested-by: Harshit Mogalapalli <email address hidden>
Tested-by: Florian Fainelli <email address hidden>
Tested-by: Linux Kernel Functional Testing <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Manuel Diewald <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - 4a7e286... by Arturas Moskvinas <email address hidden>
-
gpio: 74x164: Enable output pins after registers are reset
BugLink: https:/
/bugs.launchpad .net/bugs/ 2060216 [ Upstream commit 530b1dbd97846b1
10ea8a94c7cc903 eca21786e5 ] Chip outputs are enabled[1] before actual reset is performed[2] which might
cause pin output value to flip flop if previous pin value was set to 1.
Fix that behavior by making sure chip is fully reset before all outputs are
enabled.Flip-flop can be noticed when module is removed and inserted again and one of
the pins was changed to 1 before removal. 100 microsecond flipping is
noticeable on oscilloscope (100khz SPI bus).For a properly reset chip - output is enabled around 100 microseconds (on 100khz
SPI bus) later during probing process hence should be irrelevant behavioral
change.Fixes: 7ebc194d0fd4 (gpio: 74x164: Introduce 'enable-gpios' property)
Link: https://elixir. bootlin. com/linux/ v6.7.4/ source/ drivers/ gpio/gpio- 74x164. c#L130 [1]
Link: https://elixir. bootlin. com/linux/ v6.7.4/ source/ drivers/ gpio/gpio- 74x164. c#L150 [2]
Signed-off-by: Arturas Moskvinas <email address hidden>
Signed-off-by: Bartosz Golaszewski <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Manuel Diewald <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - af3d5d0... by Oscar Salvador <email address hidden>
-
fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
BugLink: https:/
/bugs.launchpad .net/bugs/ 2060216 commit 79d72c68c58784a
3e1cd2378669d51 bfd0cb7498 upstream. When configuring a hugetlb filesystem via the fsconfig() syscall, there is
a possible NULL dereference in hugetlbfs_fill_super( ) caused by assigning
NULL to ctx->hstate in hugetlbfs_parse_param( ) when the requested pagesize
is non valid.E.g: Taking the following steps:
fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC);
fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0);
fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced
with NULL, losing its previous value, and we will print an error:...
...
case Opt_pagesize:
ps = memparse(param-> string, &rest);
ctx->hstate = h;
if (!ctx->hstate) {
pr_err( "Unsupported page size %lu MB\n", ps / SZ_1M);
return -EINVAL;
}
return 0;
...
...This is a problem because later on, we will dereference ctxt->hstate in
hugetlbfs_fill_super( ) ...
...
sb->s_blocksize = huge_page_size(ctx- >hstate) ;
...
...Causing below Oops.
Fix this by replacing cxt->hstate value only when then pagesize is known
to be valid.kernel: hugetlbfs: Unsupported page size 0 MB
kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028
kernel: #PF: supervisor read access in kernel mode
kernel: #PF: error_code(0x0000) - not-present page
kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0
kernel: Oops: 0000 [#1] PREEMPT SMP PTI
kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aab c35190ae8f
kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1. 86B.0016. D04.1705030402 05/03/2017
kernel: RIP: 0010:hugetlbfs_fill_super+ 0xb4/0x1a0
kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28
kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246
kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004
kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000
kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004
kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000
kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400
kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd700 0000(0000) knlGS:000000000 0000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0
kernel: Call Trace:
kernel: <TASK>
kernel: ? __die_body+0x1a/0x60
kernel: ? page_fault_oops+0x16f/ 0x4a0
kernel: ? search_bpf_extables+ 0x65/0x70
kernel: ? fixup_exception+0x22/0x310
kernel: ? exc_page_fault+0x69/ 0x150
kernel: ? asm_exc_page_fault+ 0x22/0x30
kernel: ? __pfx_hugetlbfs_fill_super+ 0x10/0x10
kernel: ? hugetlbfs_fill_super+ 0xb4/0x1a0
kernel: ? hugetlbfs_fill_super+ 0x28/0x1a0
kernel: ? __pfx_hugetlbfs_fill_super+ 0x10/0x10
kernel: vfs_get_super+0x40/ 0xa0
kernel: ? __pfx_bpf_lsm_capable+ 0x10/0x10
kernel: vfs_get_tree+0x25/ 0xd0
kernel: vfs_cmd_create+ 0x64/0xe0
kernel: __x64_sys_fsconfig+ 0x395/0x410
kernel: do_syscall_64+0x80/ 0x160
kernel: ? syscall_exit_to_ user_mode+ 0x82/0x240
kernel: ? do_syscall_64+0x8d/ 0x160
kernel: ? syscall_exit_to_ user_mode+ 0x82/0x240
kernel: ? do_syscall_64+0x8d/ 0x160
kernel: ? exc_page_fault+0x69/ 0x150
kernel: entry_SYSCALL_64_after_ hwframe+ 0x6e/0x76
kernel: RIP: 0033:0x7ffbc0cb87c9
kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48
kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af
kernel: RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffbc0cb87c9
kernel: RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003
kernel: RBP: 00007ffc29d2f3b0 R08: 0000000000000000 R09: 0000000000000000
kernel: R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
kernel: R13: 00007ffc29d2f4c0 R14: 0000000000000000 R15: 0000000000000000
kernel: </TASK>
kernel: Modules linked in: rpcsec_gss_krb5(E) auth_rpcgss(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) sunrpc(E) netfs(E) af_packet(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) intel_rapl_msr(E) intel_rapl_common( E) iTCO_wdt(E) intel_pmc_bxt(E) sb_edac(E) iTCO_vendor_ support( E) x86_pkg_ temp_thermal( E) intel_powerclamp(E) coretemp(E) kvm_intel(E) rfkill(E) ipmi_ssif(E) kvm(E) acpi_ipmi(E) irqbypass(E) pcspkr(E) igb(E) ipmi_si(E) mei_me(E) i2c_i801(E) joydev(E) intel_pch_ thermal( E) i2c_smbus(E) dca(E) lpc_ich(E) mei(E) ipmi_devintf(E) ipmi_msghandler(E) acpi_pad(E) tiny_power_ button( E) button(E) fuse(E) efi_pstore(E) configfs(E) ip_tables(E) x_tables(E) ext4(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) sd_mod(E) t10_pi(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) polyval_clmulni(E) ahci(E) xhci_pci(E) polyval_generic(E) gf128mul(E) ghash_clmulni_ intel(E) sha512_ssse3(E) sha256_ssse3(E) xhci_pci_renesas(E) libahci(E) ehci_pci(E) sha1_ssse3(E) xhci_hcd(E) ehci_hcd(E) libata(E)
kernel: mgag200(E) i2c_algo_bit(E) usbcore(E) wmi(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) scsi_common(E) aesni_intel(E) crypto_simd(E) cryptd(E)
kernel: Unloaded tainted modules: acpi_cpufreq(E):1 fjes(E):1
kernel: CR2: 0000000000000028
kernel: ---[ end trace 0000000000000000 ]---
kernel: RIP: 0010:hugetlbfs_fill_super+ 0xb4/0x1a0
kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28
kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246
kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004
kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000
kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004
kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000
kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400
kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd700 0000(0000) knlGS:000000000 0000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0Link: https://<email address hidden>
Fixes: 32021982a324 ("hugetlbfs: Convert to fs_context")
Signed-off-by: Michal Hocko <email address hidden>
Signed-off-by: Oscar Salvador <email address hidden>
Acked-by: Muchun Song <email address hidden>
Cc: <email address hidden>
Signed-off-by: Andrew Morton <email address hidden>
Signed-off-by: Vamsi Krishna Brahmajosyula <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Manuel Diewald <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - 2b03f3f... by Baokun Li <email address hidden>
-
cachefiles: fix memory leak in cachefiles_
add_cache( ) BugLink: https:/
/bugs.launchpad .net/bugs/ 2060216 commit e21a2f17566cbd6
4926fb8f1632397 2f7a064444 upstream. The following memory leak was reported after unbinding /dev/cachefiles:
=======
======= ======= ======= ======= ======= ======= ======= ======= ===
unreferenced object 0xffff9b674176e3c0 (size 192):
comm "cachefilesd2", pid 680, jiffies 4294881224
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc ea38a44b):
[<ffffffff8eb8a1a5> ] kmem_cache_ alloc+0x2d5/ 0x370
[<ffffffff8e917f86> ] prepare_ creds+0x26/ 0x2e0
[<ffffffffc002eeef> ] cachefiles_ determine_ cache_security+ 0x1f/0x120
[<ffffffffc00243ec> ] cachefiles_ add_cache+ 0x13c/0x3a0
[<ffffffffc0025216> ] cachefiles_ daemon_ write+0x146/ 0x1c0
[<ffffffff8ebc4a3b> ] vfs_write+ 0xcb/0x520
[<ffffffff8ebc5069> ] ksys_write+ 0x69/0xf0
[<ffffffff8f6d4662> ] do_syscall_ 64+0x72/ 0x140
[<ffffffff8f8000aa> ] entry_SYSCALL_ 64_after_ hwframe+ 0x6e/0x76
============== ======= ======= ======= ======= ======= ======= ======= === Put the reference count of cache_cred in cachefiles_
daemon_ unbind( ) to
fix the problem. And also put cache_cred in cachefiles_add_cache( ) error
branch to avoid memory leaks.Fixes: 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted filesystem")
CC: <email address hidden>
Signed-off-by: Baokun Li <email address hidden>
Link: https://<email address hidden>
Acked-by: David Howells <email address hidden>
Reviewed-by: Jingbo Xu <email address hidden>
Reviewed-by: Jeff Layton <email address hidden>
Signed-off-by: Christian Brauner <email address hidden>
Signed-off-by: Baokun Li <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Manuel Diewald <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - 98313cd... by Paolo Bonzini <email address hidden>
-
x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
BugLink: https:/
/bugs.launchpad .net/bugs/ 2060216 commit 6890cb1ace350b4
386c8aee1343dc3 b3ddd214da upstream. MKTME repurposes the high bit of physical address to key id for encryption
key and, even though MAXPHYADDR in CPUID[0x80000008] remains the same,
the valid bits in the MTRR mask register are based on the reduced number
of physical address bits.detect_tme() in arch/x86/
kernel/ cpu/intel. c detects TME and subtracts
it from the total usable physical bits, but it is called too late.
Move the call to early_init_intel() so that it is called in setup_arch(),
before MTRRs are setup.This fixes boot on TDX-enabled systems, which until now only worked with
"disable_mtrr_cleanup" . Without the patch, the values written to the
MTRRs mask registers were 52-bit wide (e.g. 0x000fffff_80000800) and
the writes failed; with the patch, the values are 46-bit wide, which
matches the reduced MAXPHYADDR that is shown in /proc/cpuinfo.Reported-by: Zixi Chen <email address hidden>
Signed-off-by: Paolo Bonzini <email address hidden>
Signed-off-by: Dave Hansen <email address hidden>
Cc:<email address hidden>
Link: https://lore.kernel. org/all/ 20240131230902. 1867092- 3-pbonzini% 40redhat. com
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Manuel Diewald <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - dd60d62... by Ivan Semenov <email address hidden>
-
mmc: core: Fix eMMC initialization with 1-bit bus connection
BugLink: https:/
/bugs.launchpad .net/bugs/ 2060216 commit ff3206d2186d84e
4f77e1378ba1d22 5633f17b9b upstream. Initializing an eMMC that's connected via a 1-bit bus is current failing,
if the HW (DT) informs that 4-bit bus is supported. In fact this is a
regression, as we were earlier capable of falling back to 1-bit mode, when
switching to 4/8-bit bus failed. Therefore, let's restore the behaviour.Log for Samsung eMMC 5.1 chip connected via 1bit bus (only D0 pin)
Before patch:
[134509.044225] mmc0: switch to bus width 4 failed
[134509.044509] mmc0: new high speed MMC card at address 0001
[134509.054594] mmcblk0: mmc0:0001 BGUF4R 29.1 GiB
[134509.281602] mmc0: switch to bus width 4 failed
[134509.282638] I/O error, dev mmcblk0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[134509.282657] Buffer I/O error on dev mmcblk0, logical block 0, async page read
[134509.284598] I/O error, dev mmcblk0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[134509.284602] Buffer I/O error on dev mmcblk0, logical block 0, async page read
[134509.284609] ldm_validate_partition_ table() : Disk read failed.
[134509.286495] I/O error, dev mmcblk0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[134509.286500] Buffer I/O error on dev mmcblk0, logical block 0, async page read
[134509.288303] I/O error, dev mmcblk0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[134509.288308] Buffer I/O error on dev mmcblk0, logical block 0, async page read
[134509.289540] I/O error, dev mmcblk0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[134509.289544] Buffer I/O error on dev mmcblk0, logical block 0, async page read
[134509.289553] mmcblk0: unable to read partition table
[134509.289728] mmcblk0boot0: mmc0:0001 BGUF4R 31.9 MiB
[134509.290283] mmcblk0boot1: mmc0:0001 BGUF4R 31.9 MiB
[134509.294577] I/O error, dev mmcblk0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[134509.295835] I/O error, dev mmcblk0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[134509.295841] Buffer I/O error on dev mmcblk0, logical block 0, async page readAfter patch:
[134551.089613] mmc0: switch to bus width 4 failed
[134551.090377] mmc0: new high speed MMC card at address 0001
[134551.102271] mmcblk0: mmc0:0001 BGUF4R 29.1 GiB
[134551.113365] mmcblk0: p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21
[134551.114262] mmcblk0boot0: mmc0:0001 BGUF4R 31.9 MiB
[134551.114925] mmcblk0boot1: mmc0:0001 BGUF4R 31.9 MiBFixes: 577fb13199b1 ("mmc: rework selection of bus speed mode")
Cc: <email address hidden>
Signed-off-by: Ivan Semenov <email address hidden>
Link: https://<email address hidden>
Signed-off-by: Ulf Hansson <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Manuel Diewald <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - 192d686... by Curtis Klein <email address hidden>
-
dmaengine: fsl-qdma: init irq after reg initialization
BugLink: https:/
/bugs.launchpad .net/bugs/ 2060216 commit 87a39071e0b639f
45e05d296cc0538 eef44ec0bd upstream. Initialize the qDMA irqs after the registers are configured so that
interrupts that may have been pending from a primary kernel don't get
processed by the irq handler before it is ready to and cause panic with
the following trace:Call trace:
fsl_qdma_queue_ handler+ 0xf8/0x3e8
__handle_irq_event_ percpu+ 0x78/0x2b0
handle_irq_event_ percpu+ 0x1c/0x68
handle_irq_event+ 0x44/0x78
handle_fasteoi_ irq+0xc8/ 0x178
generic_handle_ irq+0x24/ 0x38
__handle_domain_ irq+0x90/ 0x100
gic_handle_ irq+0x5c/ 0xb8
el1_irq+0xb8/ 0x180
_raw_spin_unlock_ irqrestore+ 0x14/0x40
__setup_irq+0x4bc/ 0x798
request_threaded_ irq+0xd8/ 0x190
devm_request_ threaded_ irq+0x74/ 0xe8
fsl_qdma_probe+ 0x4d4/0xca8
platform_drv_probe+ 0x50/0xa0
really_probe+0xe0/ 0x3f8
driver_probe_device+ 0x64/0x130
device_driver_ attach+ 0x6c/0x78
__driver_attach+ 0xbc/0x158
bus_for_each_ dev+0x5c/ 0x98
driver_attach+ 0x20/0x28
bus_add_driver+ 0x158/0x220
driver_register+ 0x60/0x110
__platform_driver_ register+ 0x44/0x50
fsl_qdma_driver_ init+0x18/ 0x20
do_one_initcall+ 0x48/0x258
kernel_init_freeable+ 0x1a4/0x23c
kernel_init+0x10/ 0xf8
ret_from_fork+ 0x10/0x18 Cc: <email address hidden>
Fixes: b092529e0aa0 ("dmaengine: fsl-qdma: Add qDMA controller driver for Layerscape SoCs")
Signed-off-by: Curtis Klein <email address hidden>
Signed-off-by: Yi Zhao <email address hidden>
Signed-off-by: Frank Li <email address hidden>
Link: https://<email address hidden>
Signed-off-by: Vinod Koul <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Manuel Diewald <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - f7050ca... by Peng Ma <email address hidden>
-
dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
BugLink: https:/
/bugs.launchpad .net/bugs/ 2060216 commit 9d739bccf261dd9
3ec1babf82f5c5d 71dd4caa3e upstream. There is chip (ls1028a) errata:
The SoC may hang on 16 byte unaligned read transactions by QDMA.
Unaligned read transactions initiated by QDMA may stall in the NOC
(Network On-Chip), causing a deadlock condition. Stalled transactions will
trigger completion timeouts in PCIe controller.Workaround:
Enable prefetch by setting the source descriptor prefetchable bit
( SD[PF] = 1 ).Implement this workaround.
Cc: <email address hidden>
Fixes: b092529e0aa0 ("dmaengine: fsl-qdma: Add qDMA controller driver for Layerscape SoCs")
Signed-off-by: Peng Ma <email address hidden>
Signed-off-by: Frank Li <email address hidden>
Link: https://<email address hidden>
Signed-off-by: Vinod Koul <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Manuel Diewald <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - 83da974... by David Sterba <email address hidden>
-
btrfs: dev-replace: properly validate device names
BugLink: https:/
/bugs.launchpad .net/bugs/ 2060216 commit 9845664b9ee47ce
7ee7ea93caf47d3 9a9d4552c4 upstream. There's a syzbot report that device name buffers passed to device
replace are not properly checked for string termination which could lead
to a read out of bounds in getname_kernel().Add a helper that validates both source and target device name buffers.
For devid as the source initialize the buffer to empty string in case
something tries to read it later.This was originally analyzed and fixed in a different way by Edward Adam
Davis (see links).Link: https://<email address hidden>/
Link: https://lore.kernel<email address hidden>/
CC: <email address hidden> # 4.19+
CC: Edward Adam Davis <email address hidden>
Reported-and-tested- by: <email address hidden>
Reviewed-by: Boris Burkov <email address hidden>
Signed-off-by: David Sterba <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Manuel Diewald <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden>