diff --git a/blacklist.conf b/blacklist.conf index b959ce9..833ef13 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -503,10 +503,12 @@ def98c84b6cdf2eeea19ec5736e90e316df5206b # workqueue: Too intrusive. Could the r a81d1ab3cad77e20c2df8baef0a35a4980fc511c # nfc: revert: not applicable 1051e2c304b5cf17d4117505985f8128c5c64fd9 # devfreq: revert: need rest series dbee3d02458b129b847c21f5fa60baba3eafc6f7 # Commit ceef7d10dfb6 not fully backported +730037c3ee57f892e6df019bc88d417a5944737c # Duplicate of 205d300aea75623e1ae4aa43e0d265ab9cf195fd: serial: 8250: change lock order in serial8250_do_startup() ba552399954dde1b388f7749fecad5c349216981 # printk: fixes 719f6a7040f1bdaf96fcc that is needed only when printing trace buffer when panicing in NMI (bsc#1112173) a338f84dc196f44b63ba0863d2f34fd9b1613572 # printk: fixes 719f6a7040f1bdaf96fcc that is needed only when printing trace buffer when panicing in NMI (bsc#1112173) 03fc7f9c99c1e7ae2925d459e8487f1a6f199f79 # printk: fixes 719f6a7040f1bdaf96fcc that is needed only when printing trace buffer when panicing in NMI (bsc#1112173) c3fee60908db4a8594f2e4a2131998384b8fa006 # printk: cosmetic; anyway, it fixes a commit that we do not have in SLE15 +0f7636e1654338c34e3c220c02b2ffad78b6ccc0 # printk: cosmetic; documentation 075e1a0c50f59ea210561d0d0fedbd945615df78 # sysrq: prehistoric bug, non-critical, found by code review b642e44e8ab335868b549fe5753b783ca47bf3a3 # kstrto*: comment fix ef0f2685336bbc334e8b6997ce9b155e5f7edd31 # kstrto*: comment fix diff --git a/patches.kabi/usermodehelper-kABI-workaround.patch b/patches.kabi/usermodehelper-kABI-workaround.patch new file mode 100644 index 0000000..eae3d46 --- /dev/null +++ b/patches.kabi/usermodehelper-kABI-workaround.patch @@ -0,0 +1,22 @@ +From: Petr Mladek +Subject: kABI workaround for usermodehelper changes +Patch-mainline: Never, kABI workaround for SLE15 & co +References: bsc#1179406 + +Signed-off-by: Petr Mladek +--- + kernel/kmod.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/kernel/kmod.c ++++ b/kernel/kmod.c +@@ -30,7 +30,9 @@ + #include + #include + #include ++#ifndef __GENKSYMS__ + #include ++#endif + #include + #include + #include diff --git a/patches.suse/Revert-kernel-reboot.c-convert-simple_strtoul-to-kst.patch b/patches.suse/Revert-kernel-reboot.c-convert-simple_strtoul-to-kst.patch new file mode 100644 index 0000000..71007c8 --- /dev/null +++ b/patches.suse/Revert-kernel-reboot.c-convert-simple_strtoul-to-kst.patch @@ -0,0 +1,85 @@ +From 8b92c4ff4423aa9900cf838d3294fcade4dbda35 Mon Sep 17 00:00:00 2001 +From: Matteo Croce +Date: Fri, 13 Nov 2020 22:52:02 -0800 +Subject: [PATCH] Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" +References: bsc#1179418 +Git-commit: 8b92c4ff4423aa9900cf838d3294fcade4dbda35 +Patch-mainline: v5.10-rc4 + +Patch series "fix parsing of reboot= cmdline", v3. + +The parsing of the reboot= cmdline has two major errors: + + - a missing bound check can crash the system on reboot + + - parsing of the cpu number only works if specified last + +Fix both. + +This patch (of 2): + +This reverts commit 616feab753972b97. + +kstrtoint() and simple_strtoul() have a subtle difference which makes +them non interchangeable: if a non digit character is found amid the +parsing, the former will return an error, while the latter will just +stop parsing, e.g. simple_strtoul("123xyx") = 123. + +The kernel cmdline reboot= argument allows to specify the CPU used for +rebooting, with the syntax `s####` among the other flags, e.g. +"reboot=warm,s31,force", so if this flag is not the last given, it's +silently ignored as well as the subsequent ones. + +Fixes: 616feab75397 ("kernel/reboot.c: convert simple_strtoul to kstrtoint") +Signed-off-by: Matteo Croce +Signed-off-by: Andrew Morton +Cc: Guenter Roeck +Cc: Petr Mladek +Cc: Arnd Bergmann +Cc: Mike Rapoport +Cc: Kees Cook +Cc: Pavel Tatashin +Cc: Robin Holt +Cc: Fabian Frederick +Cc: Greg Kroah-Hartman +Cc: +Link: https://lkml.kernel.org/r/20201103214025.116799-2-mcroce@linux.microsoft.com +Signed-off-by: Linus Torvalds +Acked-by: Petr Mladek + +--- + kernel/reboot.c | 21 +++++++-------------- + 1 file changed, 7 insertions(+), 14 deletions(-) + +--- a/kernel/reboot.c ++++ b/kernel/reboot.c +@@ -512,22 +512,15 @@ static int __init reboot_setup(char *str + break; + + case 's': +- { +- int rc; +- +- if (isdigit(*(str+1))) { +- rc = kstrtoint(str+1, 0, &reboot_cpu); +- if (rc) +- return rc; +- } else if (str[1] == 'm' && str[2] == 'p' && +- isdigit(*(str+3))) { +- rc = kstrtoint(str+3, 0, &reboot_cpu); +- if (rc) +- return rc; +- } else ++ if (isdigit(*(str+1))) ++ reboot_cpu = simple_strtoul(str+1, NULL, 0); ++ else if (str[1] == 'm' && str[2] == 'p' && ++ isdigit(*(str+3))) ++ reboot_cpu = simple_strtoul(str+3, NULL, 0); ++ else + reboot_mode = REBOOT_SOFT; + break; +- } ++ + case 'g': + reboot_mode = REBOOT_GPIO; + break; diff --git a/patches.suse/reboot-fix-overflow-parsing-reboot-cpu-number.patch b/patches.suse/reboot-fix-overflow-parsing-reboot-cpu-number.patch new file mode 100644 index 0000000..f1cc424 --- /dev/null +++ b/patches.suse/reboot-fix-overflow-parsing-reboot-cpu-number.patch @@ -0,0 +1,73 @@ +From df5b0ab3e08a156701b537809914b339b0daa526 Mon Sep 17 00:00:00 2001 +From: Matteo Croce +Date: Fri, 13 Nov 2020 22:52:07 -0800 +Subject: [PATCH] reboot: fix overflow parsing reboot cpu number +Git-commit: df5b0ab3e08a156701b537809914b339b0daa526 +Patch-mainline: v5.10-rc4 +References: bsc#1179421 + +Limit the CPU number to num_possible_cpus(), because setting it to a +value lower than INT_MAX but higher than NR_CPUS produces the following +error on reboot and shutdown: + + BUG: unable to handle page fault for address: ffffffff90ab1bb0 + #PF: supervisor read access in kernel mode + #PF: error_code(0x0000) - not-present page + PGD 1c09067 P4D 1c09067 PUD 1c0a063 PMD 0 + Oops: 0000 [#1] SMP + CPU: 1 PID: 1 Comm: systemd-shutdow Not tainted 5.9.0-rc8-kvm #110 + Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 + RIP: 0010:migrate_to_reboot_cpu+0xe/0x60 + Code: ea ea 00 48 89 fa 48 c7 c7 30 57 f1 81 e9 fa ef ff ff 66 2e 0f 1f 84 00 00 00 00 00 53 8b 1d d5 ea ea 00 e8 14 33 fe ff 89 da <48> 0f a3 15 ea fc bd 00 48 89 d0 73 29 89 c2 c1 e8 06 65 48 8b 3c + RSP: 0018:ffffc90000013e08 EFLAGS: 00010246 + RAX: ffff88801f0a0000 RBX: 0000000077359400 RCX: 0000000000000000 + RDX: 0000000077359400 RSI: 0000000000000002 RDI: ffffffff81c199e0 + RBP: ffffffff81c1e3c0 R08: ffff88801f41f000 R09: ffffffff81c1e348 + R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 + R13: 00007f32bedf8830 R14: 00000000fee1dead R15: 0000000000000000 + FS: 00007f32bedf8980(0000) GS:ffff88801f480000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: ffffffff90ab1bb0 CR3: 000000001d057000 CR4: 00000000000006a0 + DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + Call Trace: + __do_sys_reboot.cold+0x34/0x5b + do_syscall_64+0x2d/0x40 + +Fixes: 1b3a5d02ee07 ("reboot: move arch/x86 reboot= handling to generic kernel") +Signed-off-by: Matteo Croce +Signed-off-by: Andrew Morton +Cc: Arnd Bergmann +Cc: Fabian Frederick +Cc: Greg Kroah-Hartman +Cc: Guenter Roeck +Cc: Kees Cook +Cc: Mike Rapoport +Cc: Pavel Tatashin +Cc: Petr Mladek +Cc: Robin Holt +Cc: +Link: https://lkml.kernel.org/r/20201103214025.116799-3-mcroce@linux.microsoft.com +Signed-off-by: Linus Torvalds +Acked-by: Petr Mladek + +--- + kernel/reboot.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/kernel/reboot.c ++++ b/kernel/reboot.c +@@ -519,6 +519,13 @@ static int __init reboot_setup(char *str + reboot_cpu = simple_strtoul(str+3, NULL, 0); + else + reboot_mode = REBOOT_SOFT; ++ if (reboot_cpu >= num_possible_cpus()) { ++ pr_err("Ignoring the CPU number in reboot= option. " ++ "CPU %d exceeds possible cpu number %d\n", ++ reboot_cpu, num_possible_cpus()); ++ reboot_cpu = 0; ++ break; ++ } + break; + + case 'g': diff --git a/patches.suse/tracing-Fix-out-of-bounds-write-in-get_trace_buf.patch b/patches.suse/tracing-Fix-out-of-bounds-write-in-get_trace_buf.patch new file mode 100644 index 0000000..a0ff1df --- /dev/null +++ b/patches.suse/tracing-Fix-out-of-bounds-write-in-get_trace_buf.patch @@ -0,0 +1,42 @@ +From c1acb4ac1a892cf08d27efcb964ad281728b0545 Mon Sep 17 00:00:00 2001 +From: Qiujun Huang +Date: Fri, 30 Oct 2020 00:19:05 +0800 +Subject: [PATCH] tracing: Fix out of bounds write in get_trace_buf +Git-commit: c1acb4ac1a892cf08d27efcb964ad281728b0545 +Patch-mainline: v5.10-rc3 +References: bsc#1179403 + +The nesting count of trace_printk allows for 4 levels of nesting. The +nesting counter starts at zero and is incremented before being used to +retrieve the current context's buffer. But the index to the buffer uses the +nesting counter after it was incremented, and not its original number, +which in needs to do. + +Link: https://lkml.kernel.org/r/20201029161905.4269-1-hqjagain@gmail.com + +Cc: stable@vger.kernel.org +Fixes: 3d9622c12c887 ("tracing: Add barrier to trace_printk() buffer nesting modification") +Signed-off-by: Qiujun Huang +Signed-off-by: Steven Rostedt (VMware) +Acked-by: Petr Mladek + +--- + kernel/trace/trace.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index 528971714fc6..daa96215e294 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -3132,7 +3132,7 @@ static char *get_trace_buf(void) + + /* Interrupts must see nesting incremented before we use the buffer */ + barrier(); +- return &buffer->buffer[buffer->nesting][0]; ++ return &buffer->buffer[buffer->nesting - 1][0]; + } + + static void put_trace_buf(void) +-- +2.26.2 + diff --git a/patches.suse/usermodehelper-reset-umask-to-default-before-executi.patch b/patches.suse/usermodehelper-reset-umask-to-default-before-executi.patch new file mode 100644 index 0000000..c031035 --- /dev/null +++ b/patches.suse/usermodehelper-reset-umask-to-default-before-executi.patch @@ -0,0 +1,64 @@ +From 4013c1496c49615d90d36b9d513eee8e369778e9 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Mon, 5 Oct 2020 10:56:22 -0700 +Subject: [PATCH] usermodehelper: reset umask to default before executing user + process +Git-commit: 4013c1496c49615d90d36b9d513eee8e369778e9 +Patch-mainline: v5.9 +References: bsc#1179406 + +Kernel threads intentionally do CLONE_FS in order to follow any changes +that 'init' does to set up the root directory (or cwd). + +It is admittedly a bit odd, but it avoids the situation where 'init' +does some extensive setup to initialize the system environment, and then +we execute a usermode helper program, and it uses the original FS setup +from boot time that may be very limited and incomplete. + +[ Both Al Viro and Eric Biederman point out that 'pivot_root()' will + follow the root regardless, since it fixes up other users of root (see + chroot_fs_refs() for details), but overmounting root and doing a + chroot() would not. ] + +However, Vegard Nossum noticed that the CLONE_FS not only means that we +follow the root and current working directories, it also means we share +umask with whatever init changed it to. That wasn't intentional. + +Just reset umask to the original default (0022) before actually starting +the usermode helper program. + +Reported-by: Vegard Nossum +Cc: Al Viro +Acked-by: Eric W. Biederman +Signed-off-by: Linus Torvalds +Acked-by: Petr Mladek + +--- + kernel/kmod.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/kernel/kmod.c ++++ b/kernel/kmod.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -240,6 +241,14 @@ static int call_usermodehelper_exec_asyn + spin_unlock_irq(¤t->sighand->siglock); + + /* ++ * Initial kernel threads share ther FS with init, in order to ++ * get the init root directory. But we've now created a new ++ * thread that is going to execve a user process and has its own ++ * 'struct fs_struct'. Reset umask to the default. ++ */ ++ current->fs->umask = 0022; ++ ++ /* + * Our parent (unbound workqueue) runs with elevated scheduling + * priority. Avoid propagating that into the userspace child. + */ diff --git a/series.conf b/series.conf index f62cf29..917e09f 100644 --- a/series.conf +++ b/series.conf @@ -56071,6 +56071,7 @@ patches.suse/platform-x86-thinkpad_acpi-initialize-tp_nvram_state.patch patches.suse/platform-x86-fix-kconfig-dependency-warning-for-FUJI.patch patches.suse/platform-x86-thinkpad_acpi-re-initialize-ACPI-buffer.patch + patches.suse/usermodehelper-reset-umask-to-default-before-executi.patch patches.suse/fbdev-newport_con-Move-FONT_EXTRA_WORDS-macros-into-.patch patches.suse/Fonts-Support-FONT_EXTRA_WORDS-macros-for-built-in-f.patch patches.suse/fbcon-Fix-global-out-of-bounds-read-in-fbcon_get_fon.patch @@ -56414,6 +56415,7 @@ patches.suse/RDMA-srpt-Fix-typo-in-srpt_unregister_mad_agent-docs.patch patches.suse/msft-hv-2168-hv_balloon-disable-warning-when-floor-reached.patch patches.suse/msft-hv-2169-x86-hyperv-Clarify-comment-on-x2apic-mode.patch + patches.suse/tracing-Fix-out-of-bounds-write-in-get_trace_buf.patch patches.suse/ftrace-fix-recursion-check-for-nmi-test.patch patches.suse/ftrace-handle-tracing-when-switching-between-context.patch patches.suse/ring-buffer-fix-recursion-protection-transitions-between-interrupt-context.patch @@ -56453,6 +56455,8 @@ patches.suse/xfs-fix-flags-argument-to-rmap-lookup-when-convertin.patch patches.suse/xfs-fix-rmap-key-and-record-comparison-functions.patch patches.suse/xfs-fix-a-missing-unlock-on-error-in-xfs_fs_map_bloc.patch + patches.suse/Revert-kernel-reboot.c-convert-simple_strtoul-to-kst.patch + patches.suse/reboot-fix-overflow-parsing-reboot-cpu-number.patch patches.suse/futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch patches.suse/thunderbolt-Add-the-missed-ida_simple_remove-in-ring.patch patches.suse/usb-cdc-acm-Add-DISABLE_ECHO-for-Renesas-USB-Downloa.patch @@ -57343,6 +57347,8 @@ patches.kabi/crypto-af_alg-kABI-workaround.patch + patches.kabi/usermodehelper-kABI-workaround.patch + patches.kabi/kabi-fix-vmem_altmap.patch patches.kabi/kabi-fixup-alloc_dax_region.patch