Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@lists.debian.org>;
Reported by: Elliott Mitchell <ehem+debian@m5p.com>
Date: Fri, 5 Jun 2020 05:42:01 UTC
Severity: grave
Tags: security, upstream
Merged with 934160
Found in versions linux/4.19.118-2, linux/5.6.14-2, linux/5.7~rc5-1~exp1, linux/4.10-1~exp1
Fixed in versions linux/5.7.6-1, linux/4.19.131-1
Done: Salvatore Bonaccorso <carnil@debian.org>
Reply or subscribe to this bug.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Fri, 05 Jun 2020 05:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Elliott Mitchell <ehem+debian@m5p.com>
:
New Bug report received and forwarded. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Fri, 05 Jun 2020 05:42:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: src:linux Version: 4.19.118+2 Severity: important Somewhere between linux-image-4.19.0-8-amd64/4.19.98+1+deb10u1 and linux-image-4.19.0-9-amd64/4.19.118+2 NFS, in particular v4 got broken. Mounting an appropriate filesystem became unreliable, and once mounted behavior is unpredictable. In particular in the problematic case `umask 022 ; touch foo ; ls -l foo` yields a -rw-rw-rw- file. This occurs if *both* the server *and* client are on 4.19.118+2. I have confirmed this does NOT occur if the server is on a 4.9 kernel. I have also confirmed this does NOT occur if the client is on a 4.9 or 4.19.98+1+deb10u1 kernel. -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | ehem+sigmsg@m5p.com PGP 87145445 | ) / \_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ 8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Fri, 05 Jun 2020 06:48:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Fri, 05 Jun 2020 06:48:02 GMT) (full text, mbox, link).
Message #10 received at 962254@bugs.debian.org (full text, mbox, reply):
Control: tags -1 + moreinfo unreproducible Control: notfound -1 4.19.118+2 Control: found -1 4.19.118-2 Hi Elliot, On Thu, Jun 04, 2020 at 10:16:07PM -0700, Elliott Mitchell wrote: > Package: src:linux > Version: 4.19.118+2 > Severity: important > > Somewhere between linux-image-4.19.0-8-amd64/4.19.98+1+deb10u1 and > linux-image-4.19.0-9-amd64/4.19.118+2 NFS, in particular v4 got broken. > Mounting an appropriate filesystem became unreliable, and once mounted > behavior is unpredictable. > > In particular in the problematic case `umask 022 ; touch foo ; ls -l foo` > yields a -rw-rw-rw- file. > > This occurs if *both* the server *and* client are on 4.19.118+2. I have > confirmed this does NOT occur if the server is on a 4.9 kernel. I have > also confirmed this does NOT occur if the client is on a 4.9 or > 4.19.98+1+deb10u1 kernel. I cannot reproducde the described behaviour. Can you give more details on your setup? How do you export the filesystem? What is the underlying filesystem exported? How and whith which options do clients mount the NFS share? Regards, Salvatore
Added tag(s) unreproducible and moreinfo.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 962254-submit@bugs.debian.org
.
(Fri, 05 Jun 2020 06:48:02 GMT) (full text, mbox, link).
No longer marked as found in versions linux/4.19.118+2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 05 Jun 2020 08:24:06 GMT) (full text, mbox, link).
Marked as found in versions linux/4.19.118-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 05 Jun 2020 08:24:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Fri, 05 Jun 2020 18:12:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Elliott Mitchell <ehem+debian@m5p.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Fri, 05 Jun 2020 18:12:02 GMT) (full text, mbox, link).
Message #21 received at 962254@bugs.debian.org (full text, mbox, reply):
On Fri, Jun 05, 2020 at 08:44:26AM +0200, Salvatore Bonaccorso wrote: > > On Thu, Jun 04, 2020 at 10:16:07PM -0700, Elliott Mitchell wrote: > > Somewhere between linux-image-4.19.0-8-amd64/4.19.98+1+deb10u1 and > > linux-image-4.19.0-9-amd64/4.19.118+2 NFS, in particular v4 got broken. > > Mounting an appropriate filesystem became unreliable, and once mounted > > behavior is unpredictable. > > > > In particular in the problematic case `umask 022 ; touch foo ; ls -l foo` > > yields a -rw-rw-rw- file. > > > > This occurs if *both* the server *and* client are on 4.19.118+2. I have > > confirmed this does NOT occur if the server is on a 4.9 kernel. I have > > also confirmed this does NOT occur if the client is on a 4.9 or > > 4.19.98+1+deb10u1 kernel. > > I cannot reproducde the described behaviour. Can you give more details > on your setup? > > How do you export the filesystem? > What is the underlying filesystem exported? > How and whith which options do clients mount the NFS share? Presently it is a whole directories being exported to hosts. The filesystem on the server is ZFS. Client is mounting hard,intr. Client is using cachefilesd, but that appears unrelated to the issue. As this is NFSv4 (v2 and v3 are thoroughly disabled on the server), TCP is being used. The port is non-standard. I'm uncertain I properly tried server on 4.9, client on 4.19.118+2 (could be this is strictly 4.19.118+2 NFSv4 client code). -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | ehem+sigmsg@m5p.com PGP 87145445 | ) / \_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ 8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Fri, 05 Jun 2020 18:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Fri, 05 Jun 2020 18:39:04 GMT) (full text, mbox, link).
Message #26 received at 962254@bugs.debian.org (full text, mbox, reply):
Hi Elliott, Thanks for the additional information. On Fri, Jun 05, 2020 at 10:43:49AM -0700, Elliott Mitchell wrote: > On Fri, Jun 05, 2020 at 08:44:26AM +0200, Salvatore Bonaccorso wrote: > > > > On Thu, Jun 04, 2020 at 10:16:07PM -0700, Elliott Mitchell wrote: > > > Somewhere between linux-image-4.19.0-8-amd64/4.19.98+1+deb10u1 and > > > linux-image-4.19.0-9-amd64/4.19.118+2 NFS, in particular v4 got broken. > > > Mounting an appropriate filesystem became unreliable, and once mounted > > > behavior is unpredictable. > > > > > > In particular in the problematic case `umask 022 ; touch foo ; ls -l foo` > > > yields a -rw-rw-rw- file. > > > > > > This occurs if *both* the server *and* client are on 4.19.118+2. I have > > > confirmed this does NOT occur if the server is on a 4.9 kernel. I have > > > also confirmed this does NOT occur if the client is on a 4.9 or > > > 4.19.98+1+deb10u1 kernel. > > > > I cannot reproducde the described behaviour. Can you give more details > > on your setup? > > > > How do you export the filesystem? > > What is the underlying filesystem exported? > > How and whith which options do clients mount the NFS share? > > Presently it is a whole directories being exported to hosts. The > filesystem on the server is ZFS. > > Client is mounting hard,intr. Client is using cachefilesd, but that > appears unrelated to the issue. > > As this is NFSv4 (v2 and v3 are thoroughly disabled on the server), TCP > is being used. The port is non-standard. > > I'm uncertain I properly tried server on 4.9, client on 4.19.118+2 (could > be this is strictly 4.19.118+2 NFSv4 client code). This now let some rings bell, the described scenario is very similar to what was reported in https://bugs.debian.org/934160 Respectively https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779736 and https://bugzilla.redhat.com/show_bug.cgi?id=1667761 . Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Fri, 05 Jun 2020 22:33:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Elliott Mitchell <ehem+debian@m5p.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Fri, 05 Jun 2020 22:33:02 GMT) (full text, mbox, link).
Message #31 received at 962254@bugs.debian.org (full text, mbox, reply):
On Fri, Jun 05, 2020 at 08:36:31PM +0200, Salvatore Bonaccorso wrote: > This now let some rings bell, the described scenario is very similar > to what was reported in https://bugs.debian.org/934160 > > Respectively > https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779736 and > https://bugzilla.redhat.com/show_bug.cgi?id=1667761 . Those do indeed seem similar and could be the same bug, but attributing the bug to a distinct package. Alternatively this is several bugs and *all* of them need to be present for the issue to occur. Seems I'll need to do some checking of the VM with the earlier kernel and see which updates cause it to break... -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | ehem+sigmsg@m5p.com PGP 87145445 | ) / \_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ 8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
Added tag(s) security.
Request was from Elliott Mitchell <ehem+debian@m5p.com>
to 934160-submit@bugs.debian.org
.
(Tue, 09 Jun 2020 01:57:02 GMT) (full text, mbox, link).
Removed tag(s) unreproducible.
Request was from Elliott Mitchell <ehem+debian@m5p.com>
to 934160-submit@bugs.debian.org
.
(Tue, 09 Jun 2020 01:57:03 GMT) (full text, mbox, link).
Severity set to 'grave' from 'important'
Request was from Elliott Mitchell <ehem+debian@m5p.com>
to 934160-submit@bugs.debian.org
.
(Tue, 09 Jun 2020 01:57:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Tue, 09 Jun 2020 01:57:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Elliott Mitchell <ehem+debian@m5p.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Tue, 09 Jun 2020 01:57:06 GMT) (full text, mbox, link).
Message #42 received at 962254@bugs.debian.org (full text, mbox, reply):
Control: tags 962254 +security -unreproducible Control: severity 962254 grave On Fri, Jun 05, 2020 at 08:36:31PM +0200, Salvatore Bonaccorso wrote: > This now let some rings bell, the described scenario is very similar > to what was reported in https://bugs.debian.org/934160 > > Respectively > https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779736 and > https://bugzilla.redhat.com/show_bug.cgi?id=1667761 . Upon more experimentation I continue to favor this being a kernel bug (src:linux, bug #962254) and not a bug with nfs-common. Setting vers=4.1 works around the issue, so this is *strictly* NFSv4.2. I was able to reproduce this issue on a system with nfs-common 1:1.3.4-2.1 and a 4.19.118-2 kernel. Based upon what I've observed I believe this requires a recent kernel on *both* NFS client and NFS server. A NFS client with 4.9 connecting to a NFS server with 4.19 does NOT experience this issue. I suspect my earlier assessment of this appearing between 4.19.98-1 and 4.19.118-2 was erroneous. I think I was mislead by the order of computers being updated, and a NFS client with 4.19 connecting to a NFS server with 4.9 also does not experience this issue. From https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779736 this bug appeared somewhere between Linux kernels 4.9 and 4.15. I concur with John Goerzen's assessment of this qualifying as grave due to its security implications. -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | ehem+sigmsg@m5p.com PGP 87145445 | ) / \_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ 8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
Removed tag(s) moreinfo.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 09 Jun 2020 04:21:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Thu, 11 Jun 2020 22:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Elliott Mitchell <ehem+debian@m5p.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Thu, 11 Jun 2020 22:39:03 GMT) (full text, mbox, link).
Message #49 received at 962254@bugs.debian.org (full text, mbox, reply):
Bit more experimentation on this issue. I tried a very small C program meant to create files with fewer permissions bits set. This succeeded which strengthens the theory of the umask getting ignored. I haven't seen anything hinting whether this is more a client or server issue. I can speculate perhaps somewhere between 4.9 and 4.15 the NFS client code stepped closer to proper the "proper" 4.2 protocol. If a corresponding NFS server was slow at getting merged, what we're seeing could happen. Alternatively someone was trying to get a Linux NFS v4.2 client to work better with a different NFS v4.2 server, so they fixed Linux's NFS v4.2 client. Yet they failed to test with Linux's v4.2 server. This though is speculation. All I can say is sometime between kernels 4.9 and 4.15, NFS v4.2 got broken. There are hints this is related to handling of umask. -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | ehem+sigmsg@m5p.com PGP 87145445 | ) / \_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ 8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Sat, 13 Jun 2020 12:57:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Sat, 13 Jun 2020 12:57:02 GMT) (full text, mbox, link).
Message #54 received at 962254@bugs.debian.org (full text, mbox, reply):
Hi Elliott, [I'm adding linux-nfs upstream hopefully J. Bruce Fields or others can help clarifying] On Thu, Jun 11, 2020 at 03:37:11PM -0700, Elliott Mitchell wrote: > Bit more experimentation on this issue. > > I tried a very small C program meant to create files with fewer > permissions bits set. This succeeded which strengthens the theory of > the umask getting ignored. > > I haven't seen anything hinting whether this is more a client or server > issue. > > I can speculate perhaps somewhere between 4.9 and 4.15 the NFS client > code stepped closer to proper the "proper" 4.2 protocol. If a > corresponding NFS server was slow at getting merged, what we're seeing > could happen. > > Alternatively someone was trying to get a Linux NFS v4.2 client to work > better with a different NFS v4.2 server, so they fixed Linux's NFS v4.2 > client. Yet they failed to test with Linux's v4.2 server. > > > This though is speculation. All I can say is sometime between kernels > 4.9 and 4.15, NFS v4.2 got broken. There are hints this is related to > handling of umask. I was initially confused because of the mentioning of only appearing with the update to 4.19.118-2 but this is now cleared up, so it shows up when changing from 4.9.x from stretch to 4.19.x. Now I'm quite unsure if this should and is to be considered a Linux kernel issue. What follows is just what I found with respect of the mentioned behaviour. There is a specific aspect of the NFSv4.2 implementation: In upstream, with [nfsv4.2-umask-support], [47057abde515] NFSv4.2 support was added. The repsective RFC describing it is [RFC8275]. [nfsv4.2-umask-support]: <https://lore.kernel.org/linux-nfs/1477686228-12158-1-git-send-email-bfields@redhat.com/> [47057abde515]: <https://git.kernel.org/linus/47057abde515155a4fee53038e7772d6b387e0aa> [RFC8275]: <https://tools.ietf.org/html/rfc8275> Since, they allow the umask to be ignored in the presence of inheritable NFSv4 ACLs. Now what is or will be confusing is that the behaviour is reproducible with ZFS default of acltype=off (aclinherit=restricted, sharenfs=off). Reproducing the issue is easy as follows (all done on Debian unstable to verify the behaviours can be triggered there as well with more current 5.6.14-2, zfs-linux on 0.8.4-1): # zpool create zfs_test /dev/vdb and exporting /zfs_test in /etc/exports as /zfs_test 192.168.122.1/24(rw,sync,no_subtree_check,no_root_squash) The properties of zfs_test would be: # zfs get acltype,aclinherit,sharenfs zfs_test NAME PROPERTY VALUE SOURCE zfs_test acltype off local zfs_test aclinherit restricted local zfs_test sharenfs off default And reproducing then with # mount -t nfs 192.168.122.150:/zfs_test /mnt # mkdir /mnt/foo && ls -ld /mnt/foo && rmdir /mnt/foo drwxrwxrwx 2 root root 2 Jun 13 14:25 /mnt/fo # umount /mnt The comment from J. Bruce Fields, in https://bugzilla.redhat.com/show_bug.cgi?id=1667761#c1 can help debug it further: > To start debugging this, I'd recommend looking running wireshark to > sniff traffic while running your reproducer (mount, mkdir) and > compare to what's expected from the umask RFC. Somewhere there > should be a getattr from the client for the supported_attrs > attribute, and the reply from the server will probably indicate > support for the new mode_umask attribute. If you find the CREATE > operation that creates the new directory, you should see the client > set the mode_umask attribute, with the mode part set to the open > mode and the umask to the process umask. If those values look > right, then the problem is likely on the server side. In fact in sniffing the traffic, there, the gettattr from the client and the server does indicate support for the new mode_umask. Then later in the CREATE operation, the client sets the mode_umask attribute, with mode part set to '0777' and umask to '022'. The mode replied is then as well '0777'. If further needed to debug we should try to distill a sniff with wireshark providing the repsective pcap. https://bugzilla.redhat.com/show_bug.cgi?id=1667761 did not further contain specific information on followups. https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779736 indicated this was specifically observed on ZFS on Linux only. Seth Arnold's answer seem to be inline with that that the issue is more on the ZFS on Linux side and the issue keeps biting people a bit unexpectedly. Why does this break with ACL off settings? But there was at least one other (but again without further detail/followups) that it was observed on an export from OpenWRT, but no specific details here: https://bugs.openwrt.org/index.php?do=details&task_id=2581 Both Debian bugs itself were as well with underlying ZFS filesystem exported: https://bugs.debian.org/934160 https://bugs.debian.org/962254 Any hint on were to pin-point the issue? Both on Linux anf ZFS on Linux side or only on one of the components? Regards, Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Sat, 13 Jun 2020 18:48:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Elliott Mitchell <ehem+debian@m5p.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Sat, 13 Jun 2020 18:48:02 GMT) (full text, mbox, link).
Message #59 received at 962254@bugs.debian.org (full text, mbox, reply):
On Sat, Jun 13, 2020 at 02:54:31PM +0200, Salvatore Bonaccorso wrote: > indicated this was specifically observed on ZFS on Linux only. Seth > Arnold's answer seem to be inline with that that the issue is more on > the ZFS on Linux side and the issue keeps biting people a bit > unexpectedly. Why does this break with ACL off settings? I disagree with this assessment. All of the reporters have been using ZFS, but this could indicate an absence of testers using other filesystems. We need someone with a NFS server which has a 4.15+ kernel and uses a different filesystem which supports ACLs. I'm though doubtful ACLs are related to the actual problem. My impression of what I've read is they're a useful tool to work around the problem, but not related to the actual cause. > But there was at least one other (but again without further > detail/followups) that it was observed on an export from OpenWRT, but > no specific details here: > > https://bugs.openwrt.org/index.php?do=details&task_id=2581 This appears to be the same reporter as the RedHat bug report (comment 3 on the RedHat report). This is a report for the server portion of the reporter's setup. Analyzing the setup, I disagree with one of the prior assessment of this report. This is OpenWRT on x86_64 hardware which would suggest a high-end router or embedded device. Such might well have ECC memory and a processor fast enough to handle ZFS. Let me add one more data point. I had been thinking I might need the additional features in Linux-ZFS 0.7.12. As such my NFS server had been running a 4.9 kernel with Debian's ZFS 0.7.12-2+debg10u1~bpo9+1 packages. Now with the problem manifesting my NFS server is running a 4.19 kernel with Debian's ZFS 0.7.12-2+deb10u2 packages. I could well believe the actual root cause is a problem with the Linux-ZFS implementation. What manifested the problem though seems to be in Linux's NFS implementation between 4.9 and 4.15. ie Linux-ZFS implemented /something/ which worked when implemented, but may not have properly implemented the intended API and was broken by Linux-NFS. -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | ehem+sigmsg@m5p.com PGP 87145445 | ) / \_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ 8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Mon, 15 Jun 2020 12:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Christoph Hellwig <hch@infradead.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Mon, 15 Jun 2020 12:27:03 GMT) (full text, mbox, link).
Message #64 received at 962254@bugs.debian.org (full text, mbox, reply):
If you are violating our license please also don't spam our list when using your crappy combination.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Mon, 15 Jun 2020 15:03:09 GMT) (full text, mbox, link).
Acknowledgement sent
to "J. Bruce Fields" <bfields@redhat.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Mon, 15 Jun 2020 15:03:09 GMT) (full text, mbox, link).
Message #69 received at 962254@bugs.debian.org (full text, mbox, reply):
On Sat, Jun 13, 2020 at 11:45:27AM -0700, Elliott Mitchell wrote: > I disagree with this assessment. All of the reporters have been using > ZFS, but this could indicate an absence of testers using other > filesystems. We need someone with a NFS server which has a 4.15+ kernel > and uses a different filesystem which supports ACLs. Honestly I don't think I currently have a regression test for this so it's possible I could have missed something upstream. I haven't seen any reports, though.... ZFS's ACL implementation is very different from any in-tree filesystem's, and given limited time, a filesystem with no prospect of going upstream isn't going to get much attention, so, yes, I'd need to see a reproducer on xfs or ext4 or something. --b.
Changed Bug title to 'NFS v4.2 broken between 4.9 and 4.15' from 'NFS(v4) broken at 4.19.118-2'.
Request was from Elliott Mitchell <ehem+debian@m5p.com>
to control@bugs.debian.org
.
(Mon, 15 Jun 2020 18:21:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Mon, 15 Jun 2020 18:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Mon, 15 Jun 2020 18:57:05 GMT) (full text, mbox, link).
Message #76 received at 962254@bugs.debian.org (full text, mbox, reply):
Hi Bruce, On Mon, Jun 15, 2020 at 10:50:35AM -0400, J. Bruce Fields wrote: > On Sat, Jun 13, 2020 at 11:45:27AM -0700, Elliott Mitchell wrote: > > I disagree with this assessment. All of the reporters have been using > > ZFS, but this could indicate an absence of testers using other > > filesystems. We need someone with a NFS server which has a 4.15+ kernel > > and uses a different filesystem which supports ACLs. > > Honestly I don't think I currently have a regression test for this so > it's possible I could have missed something upstream. I haven't seen > any reports, though.... > > ZFS's ACL implementation is very different from any in-tree > filesystem's, and given limited time, a filesystem with no prospect of > going upstream isn't going to get much attention, so, yes, I'd need to > see a reproducer on xfs or ext4 or something. I think the following is reproducible on a ext4 exported share (with underlying filesystem mounted with noacl to mimic the suspect from the reporter). I tested the same with an older kernel from Debian stretch (running 4.9.210-1+deb9u1) but this does not show the same behaviour. The current test system is running 5.6.14-2 Debian kernel (so 5.6.14). 1/ Create an ext4 filesystem: # mkfs.ext4 /dev/vdb1 2/ Mount the filesystem with noacl (to mimic the situation): /dev/vdb1 /srv/data ext4 defaults,noacl 0 0 root@nfs-test:~# mount | grep vdb1 /dev/vdb1 on /srv/data type ext4 (rw,relatime,noacl) 3/ Export with /srv/data 192.168.122.1/24(rw,sync,no_subtree_check,no_root_squash) 4/ Reproduce the issue root@nfs-test:~# mount -t nfs 192.168.122.150:/srv/data /mnt root@nfs-test:~# mkdir /mnt/foo && ls -ld /mnt/foo && rmdir /mnt/foo drwxrwxrwx 2 root root 4096 Jun 15 20:24 /mnt/foo root@nfs-test:~# mount | grep data /dev/vdb1 on /srv/data type ext4 (rw,relatime,noacl) 192.168.122.150:/srv/data on /mnt type nfs4 (rw,relatime,vers=4.2,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.122.150,local_lock=none,addr=192.168.122.150) root@nfs-test:~# umount /mnt Looking at a wireshark captured sniff, the situation was the same as in the previous ZFS case, in the gettattr from the client and the server does indicate support for the new mode_umask. Then later in the CREATE operation, the client sets the mode_umask attribute, with mode part set to '0777' and umask to '022'. The mode replied is then as well '0777'. Notabene: if not mounting the filesystem with noacl, then there is no observed behaviour change here. Regards, Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Tue, 16 Jun 2020 02:00:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Elliott Mitchell <ehem+debian@m5p.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Tue, 16 Jun 2020 02:00:03 GMT) (full text, mbox, link).
Message #81 received at 962254@bugs.debian.org (full text, mbox, reply):
On Mon, Jun 15, 2020 at 10:50:35AM -0400, J. Bruce Fields wrote: > Honestly I don't think I currently have a regression test for this so > it's possible I could have missed something upstream. I haven't seen > any reports, though.... > > ZFS's ACL implementation is very different from any in-tree > filesystem's, and given limited time, a filesystem with no prospect of > going upstream isn't going to get much attention, so, yes, I'd need to > see a reproducer on xfs or ext4 or something. Salvatore managing to reproduce it with ext4 yet all prior reports with the filesystem used being known was ZFS seems to suggest one of two things. First, could be enabling POSIX ACLs has been very strongly pushed by other filesystems, while ZFS hasn't pushed them as strongly. Second, could be a substantial majority of users of NFS are using ZFS. If the former, this simply means an additional test case is needed. If the latter, then any testing of NFS which excludes ZFS is going to have underwhelming coverage. -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | ehem+sigmsg@m5p.com PGP 87145445 | ) / \_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ 8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Tue, 16 Jun 2020 02:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "J. Bruce Fields" <bfields@redhat.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Tue, 16 Jun 2020 02:42:03 GMT) (full text, mbox, link).
Message #86 received at 962254@bugs.debian.org (full text, mbox, reply):
Thanks for the detailed reproducer. It's weird, as the server is basically just setting the transmitted umask and then calling into the vfs to handle the rest, so it's not much different from any other user. But the same reproducer run just on the ext4 filesystem does give the right permissions.... Oh, but looking at the system call, fs_namei.c:do_mkdirat(), it does: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); error = security_path_mkdir(&path, dentry, mode); if (!error) error = vfs_mkdir(path.dentry->d_inode, dentry, mode); whereas nfsd just calls into vfs_mkdir(). And that IS_POSIXACL() check is exactly a check whether the filesystem supports ACLs. So I guess it's the responsibility of the caller of vfs_mkdir() to handle that case. So the obvious fix is something like (untested!) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 0aa02eb18bd3..dabdcca58969 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1234,6 +1234,8 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, nfsd_check_ignore_resizing(iap); break; case S_IFDIR: + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); host_err = vfs_mkdir(dirp, dchild, iap->ia_mode); if (!host_err && unlikely(d_unhashed(dchild))) { struct dentry *d; --b.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Tue, 16 Jun 2020 02:45:02 GMT) (full text, mbox, link).
Acknowledgement sent
to "J. Bruce Fields" <bfields@redhat.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Tue, 16 Jun 2020 02:45:02 GMT) (full text, mbox, link).
Message #91 received at 962254@bugs.debian.org (full text, mbox, reply):
On Mon, Jun 15, 2020 at 10:38:20PM -0400, J. Bruce Fields wrote: > Thanks for the detailed reproducer. > > It's weird, as the server is basically just setting the transmitted > umask and then calling into the vfs to handle the rest, so it's not much > different from any other user. But the same reproducer run just on the > ext4 filesystem does give the right permissions.... > > Oh, but looking at the system call, fs_namei.c:do_mkdirat(), it does: > > if (!IS_POSIXACL(path.dentry->d_inode)) > mode &= ~current_umask(); > error = security_path_mkdir(&path, dentry, mode); > if (!error) > error = vfs_mkdir(path.dentry->d_inode, dentry, mode); > > whereas nfsd just calls into vfs_mkdir(). > > And that IS_POSIXACL() check is exactly a check whether the filesystem > supports ACLs. So I guess it's the responsibility of the caller of > vfs_mkdir() to handle that case. But, that's unsatisfying: why isn't vfs_mkdir() taking care of this itself? And what about that security_path_mkdir() call? And are the other cases of that switch in fs/nfsd/vfs.c:nfsd_create_locked() correct? I think there may be some more cleanup here called for, I'll poke around tomorrow. --b.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Tue, 16 Jun 2020 05:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Tue, 16 Jun 2020 05:33:03 GMT) (full text, mbox, link).
Message #96 received at 962254@bugs.debian.org (full text, mbox, reply):
Hi Bruce, On Mon, Jun 15, 2020 at 10:38:20PM -0400, J. Bruce Fields wrote: > Thanks for the detailed reproducer. > > It's weird, as the server is basically just setting the transmitted > umask and then calling into the vfs to handle the rest, so it's not much > different from any other user. But the same reproducer run just on the > ext4 filesystem does give the right permissions.... > > Oh, but looking at the system call, fs_namei.c:do_mkdirat(), it does: > > if (!IS_POSIXACL(path.dentry->d_inode)) > mode &= ~current_umask(); > error = security_path_mkdir(&path, dentry, mode); > if (!error) > error = vfs_mkdir(path.dentry->d_inode, dentry, mode); > > whereas nfsd just calls into vfs_mkdir(). > > And that IS_POSIXACL() check is exactly a check whether the filesystem > supports ACLs. So I guess it's the responsibility of the caller of > vfs_mkdir() to handle that case. > > So the obvious fix is something like (untested!) > > diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c > index 0aa02eb18bd3..dabdcca58969 100644 > --- a/fs/nfsd/vfs.c > +++ b/fs/nfsd/vfs.c > @@ -1234,6 +1234,8 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, > nfsd_check_ignore_resizing(iap); > break; > case S_IFDIR: > + if (!IS_POSIXACL(dirp)) > + iap->ia_mode &= ~current_umask(); > host_err = vfs_mkdir(dirp, dchild, iap->ia_mode); > if (!host_err && unlikely(d_unhashed(dchild))) { > struct dentry *d; Thank you! Tested your patch on top, and it would solve the directory case, but the underlying problem is more general (and as you said proably needs further checking in other places): root@nfs-test:~# mount -t nfs 192.168.122.150:/srv/data /mnt root@nfs-test:~# mkdir /mnt/foo && ls -ld /mnt/foo && rmdir /mnt/foo drwxr-xr-x 2 root root 4096 Jun 16 07:24 /mnt/foo root@nfs-test:~# touch /mnt/foo && ls -ld /mnt/foo && rm /mnt/foo -rw-rw-rw- 1 root root 0 Jun 16 07:25 /mnt/foo root@nfs-test:~# umount /mnt root@nfs-test:~# So when creating files the umask is still ignored in the noacl mounted case. Regards, Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Tue, 16 Jun 2020 05:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Tue, 16 Jun 2020 05:36:03 GMT) (full text, mbox, link).
Message #101 received at 962254@bugs.debian.org (full text, mbox, reply):
On Mon, Jun 15, 2020 at 10:42:12PM -0400, J. Bruce Fields wrote: > On Mon, Jun 15, 2020 at 10:38:20PM -0400, J. Bruce Fields wrote: > > Thanks for the detailed reproducer. > > > > It's weird, as the server is basically just setting the transmitted > > umask and then calling into the vfs to handle the rest, so it's not much > > different from any other user. But the same reproducer run just on the > > ext4 filesystem does give the right permissions.... > > > > Oh, but looking at the system call, fs_namei.c:do_mkdirat(), it does: > > > > if (!IS_POSIXACL(path.dentry->d_inode)) > > mode &= ~current_umask(); > > error = security_path_mkdir(&path, dentry, mode); > > if (!error) > > error = vfs_mkdir(path.dentry->d_inode, dentry, mode); > > > > whereas nfsd just calls into vfs_mkdir(). > > > > And that IS_POSIXACL() check is exactly a check whether the filesystem > > supports ACLs. So I guess it's the responsibility of the caller of > > vfs_mkdir() to handle that case. > > But, that's unsatisfying: why isn't vfs_mkdir() taking care of this > itself? And what about that security_path_mkdir() call? And are the > other cases of that switch in fs/nfsd/vfs.c:nfsd_create_locked() > correct? I think there may be some more cleanup here called for, I'll > poke around tomorrow. Yes agreed and can confirm: The other cases in fs/nfsd/vfs.c:nfsd_create_locked() seem to have the problem as well. Regards, Salvatore
Set Bug forwarded-to-address to 'https://lore.kernel.org/linux-nfs/20200616052835.GA19246@lorien.valinor.li/T/#m9c41f33123a7c44cdd7fa07611c678c1b0dace61'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 16 Jun 2020 11:12:04 GMT) (full text, mbox, link).
Merged 934160 962254
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 16 Jun 2020 11:27:08 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 16 Jun 2020 11:27:09 GMT) (full text, mbox, link).
Marked as found in versions linux/5.6.14-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 16 Jun 2020 14:57:05 GMT) (full text, mbox, link).
Marked as found in versions linux/5.7~rc5-1~exp1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 16 Jun 2020 14:57:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Tue, 16 Jun 2020 16:21:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Tue, 16 Jun 2020 16:21:02 GMT) (full text, mbox, link).
Message #116 received at 962254@bugs.debian.org (full text, mbox, reply):
Hi Bruce, On Mon, Jun 15, 2020 at 10:42:12PM -0400, J. Bruce Fields wrote: > On Mon, Jun 15, 2020 at 10:38:20PM -0400, J. Bruce Fields wrote: > > Thanks for the detailed reproducer. > > > > It's weird, as the server is basically just setting the transmitted > > umask and then calling into the vfs to handle the rest, so it's not much > > different from any other user. But the same reproducer run just on the > > ext4 filesystem does give the right permissions.... > > > > Oh, but looking at the system call, fs_namei.c:do_mkdirat(), it does: > > > > if (!IS_POSIXACL(path.dentry->d_inode)) > > mode &= ~current_umask(); > > error = security_path_mkdir(&path, dentry, mode); > > if (!error) > > error = vfs_mkdir(path.dentry->d_inode, dentry, mode); > > > > whereas nfsd just calls into vfs_mkdir(). > > > > And that IS_POSIXACL() check is exactly a check whether the filesystem > > supports ACLs. So I guess it's the responsibility of the caller of > > vfs_mkdir() to handle that case. > > But, that's unsatisfying: why isn't vfs_mkdir() taking care of this > itself? And what about that security_path_mkdir() call? And are the > other cases of that switch in fs/nfsd/vfs.c:nfsd_create_locked() > correct? I think there may be some more cleanup here called for, I'll > poke around tomorrow. This might be unneeded to test but as additional datapoint which confirms the suspect: I tried check the commit around 47057abde515 ("nfsd: add support for the umask attribute") in 4.10-rc1 A kernel built with 47057abde515~1, and mounting from an enough recent client which has at least dff25ddb4808 ("nfs: add support for the umask attribute") does not show the observed behaviour, the server built with 47057abde515 does. Regards, Salvatore
Marked as found in versions linux/4.10-1~exp1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 16 Jun 2020 16:21:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Wed, 17 Jun 2020 01:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "J. Bruce Fields" <bfields@redhat.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Wed, 17 Jun 2020 01:03:03 GMT) (full text, mbox, link).
Message #123 received at 962254@bugs.debian.org (full text, mbox, reply):
On Tue, Jun 16, 2020 at 06:16:58PM +0200, Salvatore Bonaccorso wrote: > This might be unneeded to test but as additional datapoint which > confirms the suspect: I tried check the commit around 47057abde515 > ("nfsd: add support for the umask attribute") in 4.10-rc1 > > A kernel built with 47057abde515~1, and mounting from an enough recent > client which has at least dff25ddb4808 ("nfs: add support for the > umask attribute") does not show the observed behaviour, the server > built with 47057abde515 does. Thanks for the confirmation! I think I'll send the following upstream. --b. commit 595ccdca9321 Author: J. Bruce Fields <bfields@redhat.com> Date: Tue Jun 16 16:43:18 2020 -0400 nfsd: apply umask on fs without ACL support The server is failing to apply the umask when creating new objects on filesystems without ACL support. To reproduce this, you need to use NFSv4.2 and a client and server recent enough to support umask, and you need to export a filesystem that lacks ACL support (for example, ext4 with the "noacl" mount option). Filesystems with ACL support are expected to take care of the umask themselves (usually by calling posix_acl_create). For filesystems without ACL support, this is up to the caller of vfs_create(), vfs_mknod(), or vfs_mkdir(). Reported-by: Elliott Mitchell <ehem+debian@m5p.com> Reported-by: Salvatore Bonaccorso <carnil@debian.org> Fixes: 47057abde515 ("nfsd: add support for the umask attribute") Signed-off-by: J. Bruce Fields <bfields@redhat.com> diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 0aa02eb18bd3..8fa3e0ff3671 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1225,6 +1225,9 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, iap->ia_mode = 0; iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + err = 0; host_err = 0; switch (type) { @@ -1457,6 +1460,9 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, goto out; } + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + host_err = vfs_create(dirp, dchild, iap->ia_mode, true); if (host_err < 0) { fh_drop_write(fhp);
Changed Bug title to 'NFSv4.2: umask not applied on filesystem without ACL support' from 'NFS v4.2 broken between 4.9 and 4.15'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 17 Jun 2020 04:39:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Wed, 17 Jun 2020 05:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Wed, 17 Jun 2020 05:03:03 GMT) (full text, mbox, link).
Message #130 received at 962254@bugs.debian.org (full text, mbox, reply):
Hi, On Tue, Jun 16, 2020 at 08:58:49PM -0400, J. Bruce Fields wrote: > On Tue, Jun 16, 2020 at 06:16:58PM +0200, Salvatore Bonaccorso wrote: > > This might be unneeded to test but as additional datapoint which > > confirms the suspect: I tried check the commit around 47057abde515 > > ("nfsd: add support for the umask attribute") in 4.10-rc1 > > > > A kernel built with 47057abde515~1, and mounting from an enough recent > > client which has at least dff25ddb4808 ("nfs: add support for the > > umask attribute") does not show the observed behaviour, the server > > built with 47057abde515 does. > > Thanks for the confirmation! > > I think I'll send the following upstream. > > --b. > > commit 595ccdca9321 > Author: J. Bruce Fields <bfields@redhat.com> > Date: Tue Jun 16 16:43:18 2020 -0400 > > nfsd: apply umask on fs without ACL support > > The server is failing to apply the umask when creating new objects on > filesystems without ACL support. > > To reproduce this, you need to use NFSv4.2 and a client and server > recent enough to support umask, and you need to export a filesystem that > lacks ACL support (for example, ext4 with the "noacl" mount option). > > Filesystems with ACL support are expected to take care of the umask > themselves (usually by calling posix_acl_create). > > For filesystems without ACL support, this is up to the caller of > vfs_create(), vfs_mknod(), or vfs_mkdir(). > > Reported-by: Elliott Mitchell <ehem+debian@m5p.com> > Reported-by: Salvatore Bonaccorso <carnil@debian.org> > Fixes: 47057abde515 ("nfsd: add support for the umask attribute") > Signed-off-by: J. Bruce Fields <bfields@redhat.com> > > diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c > index 0aa02eb18bd3..8fa3e0ff3671 100644 > --- a/fs/nfsd/vfs.c > +++ b/fs/nfsd/vfs.c > @@ -1225,6 +1225,9 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, > iap->ia_mode = 0; > iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; > > + if (!IS_POSIXACL(dirp)) > + iap->ia_mode &= ~current_umask(); > + > err = 0; > host_err = 0; > switch (type) { > @@ -1457,6 +1460,9 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, > goto out; > } > > + if (!IS_POSIXACL(dirp)) > + iap->ia_mode &= ~current_umask(); > + > host_err = vfs_create(dirp, dchild, iap->ia_mode, true); > if (host_err < 0) { > fh_drop_write(fhp); Thank you, could test this on my test setup and seem to work properly. Should it also be CC'ed to stable@vger.kernel.org so it is picked up by the current supported stable series? Regards, Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Wed, 17 Jun 2020 12:51:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "J. Bruce Fields" <bfields@redhat.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Wed, 17 Jun 2020 12:51:03 GMT) (full text, mbox, link).
Message #135 received at 962254@bugs.debian.org (full text, mbox, reply):
On Wed, Jun 17, 2020 at 06:58:29AM +0200, Salvatore Bonaccorso wrote: > On Tue, Jun 16, 2020 at 08:58:49PM -0400, J. Bruce Fields wrote: > Thank you, could test this on my test setup and seem to work properly. Great, thanks. > Should it also be CC'ed to stable@vger.kernel.org so it is picked up > by the current supported stable series? Will do.--b.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Wed, 17 Jun 2020 14:51:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Andreas Gruenbacher <agruenba@redhat.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Wed, 17 Jun 2020 14:51:05 GMT) (full text, mbox, link).
Message #140 received at 962254@bugs.debian.org (full text, mbox, reply):
Hi Bruce, On Wed, Jun 17, 2020 at 2:58 AM J. Bruce Fields <bfields@redhat.com> wrote: > I think I'll send the following upstream. looking good, but how about using a little helper for this? Also I'm not sure if ecryptfs gets this right, so taking the ecryptfs list into the CC. Thanks, Andreas -- Add a posix_acl_apply_umask helper for filesystems like nfsd to apply the umask before calling into vfs_create, vfs_mkdir, and vfs_mknod when necessary. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> --- fs/namei.c | 9 +++------ fs/nfsd/vfs.c | 6 ++---- fs/overlayfs/dir.c | 4 ++-- fs/posix_acl.c | 15 +++++++++++++++ include/linux/posix_acl.h | 6 ++++++ 5 files changed, 28 insertions(+), 12 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 72d4219c93ac..a68887d3a446 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3054,8 +3054,7 @@ static struct dentry *lookup_open(struct nameidata *nd, struct file *file, if (open_flag & O_CREAT) { if (open_flag & O_EXCL) open_flag &= ~O_TRUNC; - if (!IS_POSIXACL(dir->d_inode)) - mode &= ~current_umask(); + posix_acl_apply_umask(dir->d_inode, &mode); if (likely(got_write)) create_error = may_o_create(&nd->path, dentry, mode); else @@ -3580,8 +3579,7 @@ long do_mknodat(int dfd, const char __user *filename, umode_t mode, if (IS_ERR(dentry)) return PTR_ERR(dentry); - if (!IS_POSIXACL(path.dentry->d_inode)) - mode &= ~current_umask(); + posix_acl_apply_umask(path.dentry->d_inode, &mode); error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; @@ -3657,8 +3655,7 @@ long do_mkdirat(int dfd, const char __user *pathname, umode_t mode) if (IS_ERR(dentry)) return PTR_ERR(dentry); - if (!IS_POSIXACL(path.dentry->d_inode)) - mode &= ~current_umask(); + posix_acl_apply_umask(path.dentry->d_inode, &mode); error = security_path_mkdir(&path, dentry, mode); if (!error) error = vfs_mkdir(path.dentry->d_inode, dentry, mode); diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index d22a056da477..0c625b004b0c 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1226,8 +1226,7 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, iap->ia_mode = 0; iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; - if (!IS_POSIXACL(dirp)) - iap->ia_mode &= ~current_umask(); + posix_acl_apply_umask(dirp, &iap->ia_mode); err = 0; host_err = 0; @@ -1461,8 +1460,7 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, goto out; } - if (!IS_POSIXACL(dirp)) - iap->ia_mode &= ~current_umask(); + posix_acl_apply_umask(dirp, &iap->ia_mode); host_err = vfs_create(dirp, dchild, iap->ia_mode, true); if (host_err < 0) { diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 1bba4813f9cb..4d98db2a0208 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -325,8 +325,8 @@ static int ovl_create_upper(struct dentry *dentry, struct inode *inode, struct dentry *newdentry; int err; - if (!attr->hardlink && !IS_POSIXACL(udir)) - attr->mode &= ~current_umask(); + if (!attr->hardlink) + posix_acl_apply_umask(udir, &attr->mode); inode_lock_nested(udir, I_MUTEX_PARENT); newdentry = ovl_create_real(udir, diff --git a/fs/posix_acl.c b/fs/posix_acl.c index 95882b3f5f62..7ee647b74bc2 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -578,6 +578,21 @@ posix_acl_chmod(struct inode *inode, umode_t mode) } EXPORT_SYMBOL(posix_acl_chmod); +/* + * On inode creation, filesystems with ACL support are expected to apply the + * umask when no ACL is inherited from the parent directory; this is usually + * done by posix_acl_create. Filesystems like nfsd that call vfs_create, + * vfs_mknod, or vfs_mkdir directly are expected to call posix_acl_apply_umask + * to apply the umask first when necessary. + */ +void +posix_acl_apply_umask(struct inode *inode, umode_t *mode) +{ + if (!IS_POSIXACL(inode)) + *mode &= ~current_umask(); +} +EXPORT_SYMBOL(posix_acl_apply_umask); + int posix_acl_create(struct inode *dir, umode_t *mode, struct posix_acl **default_acl, struct posix_acl **acl) diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h index 90797f1b421d..76e402ff4f92 100644 --- a/include/linux/posix_acl.h +++ b/include/linux/posix_acl.h @@ -73,6 +73,7 @@ extern int set_posix_acl(struct inode *, int, struct posix_acl *); #ifdef CONFIG_FS_POSIX_ACL extern int posix_acl_chmod(struct inode *, umode_t); +extern void posix_acl_apply_umask(struct inode *, umode_t *); extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **, struct posix_acl **); extern int posix_acl_update_mode(struct inode *, umode_t *, struct posix_acl **); @@ -99,6 +100,11 @@ static inline int posix_acl_chmod(struct inode *inode, umode_t mode) #define simple_set_acl NULL +static inline void posix_acl_apply_umask(struct inode *inode, umode_t *mode) +{ + *mode &= ~current_umask(); +} + static inline int simple_acl_create(struct inode *dir, struct inode *inode) { return 0; base-commit: 69119673bd50b176ded34032fadd41530fb5af21 prerequisite-patch-id: a8319d40da9f70f478892d0bd8e63f540364b089 -- 2.26.2
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Wed, 17 Jun 2020 15:33:02 GMT) (full text, mbox, link).
Acknowledgement sent
to "J. Bruce Fields" <bfields@redhat.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Wed, 17 Jun 2020 15:33:02 GMT) (full text, mbox, link).
Message #145 received at 962254@bugs.debian.org (full text, mbox, reply):
On Wed, Jun 17, 2020 at 04:42:56PM +0200, Andreas Gruenbacher wrote: > Hi Bruce, > > On Wed, Jun 17, 2020 at 2:58 AM J. Bruce Fields <bfields@redhat.com> wrote: > > I think I'll send the following upstream. > > looking good, but how about using a little helper for this? I like it. And the new comment's helpful too. > > Also I'm not sure if ecryptfs gets this right, so taking the ecryptfs > list into the CC. Yes, questions I had while doing this: - cachefiles, ecrypfs, devtmpfs, and unix_mknod skip the check, is that OK for all of them? (Overlayfs too, I think?--that code's harder to follow. - why don't vfs_{create,mknod,mkdir} do the IS_POSIXACL check themselves? Even if it's unnecessary for some callers, surely it wouldn't be wrong? I also wondered why both vfs_{create,mknod,mkdir} and the callers were calling security hooks, but now I see that the callers are calling security_path_* hooks and the vfs_ functions are calling security_inode_* hooks, so I guess they're not redundant. Though now I wonder why some of the callers (nfsd, overlayfs) are skipping the security_path_* hooks. --b. > > Thanks, > Andreas > > -- > > Add a posix_acl_apply_umask helper for filesystems like nfsd to apply > the umask before calling into vfs_create, vfs_mkdir, and vfs_mknod when > necessary. > > Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> > --- > fs/namei.c | 9 +++------ > fs/nfsd/vfs.c | 6 ++---- > fs/overlayfs/dir.c | 4 ++-- > fs/posix_acl.c | 15 +++++++++++++++ > include/linux/posix_acl.h | 6 ++++++ > 5 files changed, 28 insertions(+), 12 deletions(-) > > diff --git a/fs/namei.c b/fs/namei.c > index 72d4219c93ac..a68887d3a446 100644 > --- a/fs/namei.c > +++ b/fs/namei.c > @@ -3054,8 +3054,7 @@ static struct dentry *lookup_open(struct nameidata *nd, struct file *file, > if (open_flag & O_CREAT) { > if (open_flag & O_EXCL) > open_flag &= ~O_TRUNC; > - if (!IS_POSIXACL(dir->d_inode)) > - mode &= ~current_umask(); > + posix_acl_apply_umask(dir->d_inode, &mode); > if (likely(got_write)) > create_error = may_o_create(&nd->path, dentry, mode); > else > @@ -3580,8 +3579,7 @@ long do_mknodat(int dfd, const char __user *filename, umode_t mode, > if (IS_ERR(dentry)) > return PTR_ERR(dentry); > > - if (!IS_POSIXACL(path.dentry->d_inode)) > - mode &= ~current_umask(); > + posix_acl_apply_umask(path.dentry->d_inode, &mode); > error = security_path_mknod(&path, dentry, mode, dev); > if (error) > goto out; > @@ -3657,8 +3655,7 @@ long do_mkdirat(int dfd, const char __user *pathname, umode_t mode) > if (IS_ERR(dentry)) > return PTR_ERR(dentry); > > - if (!IS_POSIXACL(path.dentry->d_inode)) > - mode &= ~current_umask(); > + posix_acl_apply_umask(path.dentry->d_inode, &mode); > error = security_path_mkdir(&path, dentry, mode); > if (!error) > error = vfs_mkdir(path.dentry->d_inode, dentry, mode); > diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c > index d22a056da477..0c625b004b0c 100644 > --- a/fs/nfsd/vfs.c > +++ b/fs/nfsd/vfs.c > @@ -1226,8 +1226,7 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, > iap->ia_mode = 0; > iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; > > - if (!IS_POSIXACL(dirp)) > - iap->ia_mode &= ~current_umask(); > + posix_acl_apply_umask(dirp, &iap->ia_mode); > > err = 0; > host_err = 0; > @@ -1461,8 +1460,7 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, > goto out; > } > > - if (!IS_POSIXACL(dirp)) > - iap->ia_mode &= ~current_umask(); > + posix_acl_apply_umask(dirp, &iap->ia_mode); > > host_err = vfs_create(dirp, dchild, iap->ia_mode, true); > if (host_err < 0) { > diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c > index 1bba4813f9cb..4d98db2a0208 100644 > --- a/fs/overlayfs/dir.c > +++ b/fs/overlayfs/dir.c > @@ -325,8 +325,8 @@ static int ovl_create_upper(struct dentry *dentry, struct inode *inode, > struct dentry *newdentry; > int err; > > - if (!attr->hardlink && !IS_POSIXACL(udir)) > - attr->mode &= ~current_umask(); > + if (!attr->hardlink) > + posix_acl_apply_umask(udir, &attr->mode); > > inode_lock_nested(udir, I_MUTEX_PARENT); > newdentry = ovl_create_real(udir, > diff --git a/fs/posix_acl.c b/fs/posix_acl.c > index 95882b3f5f62..7ee647b74bc2 100644 > --- a/fs/posix_acl.c > +++ b/fs/posix_acl.c > @@ -578,6 +578,21 @@ posix_acl_chmod(struct inode *inode, umode_t mode) > } > EXPORT_SYMBOL(posix_acl_chmod); > > +/* > + * On inode creation, filesystems with ACL support are expected to apply the > + * umask when no ACL is inherited from the parent directory; this is usually > + * done by posix_acl_create. Filesystems like nfsd that call vfs_create, > + * vfs_mknod, or vfs_mkdir directly are expected to call posix_acl_apply_umask > + * to apply the umask first when necessary. > + */ > +void > +posix_acl_apply_umask(struct inode *inode, umode_t *mode) > +{ > + if (!IS_POSIXACL(inode)) > + *mode &= ~current_umask(); > +} > +EXPORT_SYMBOL(posix_acl_apply_umask); > + > int > posix_acl_create(struct inode *dir, umode_t *mode, > struct posix_acl **default_acl, struct posix_acl **acl) > diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h > index 90797f1b421d..76e402ff4f92 100644 > --- a/include/linux/posix_acl.h > +++ b/include/linux/posix_acl.h > @@ -73,6 +73,7 @@ extern int set_posix_acl(struct inode *, int, struct posix_acl *); > > #ifdef CONFIG_FS_POSIX_ACL > extern int posix_acl_chmod(struct inode *, umode_t); > +extern void posix_acl_apply_umask(struct inode *, umode_t *); > extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **, > struct posix_acl **); > extern int posix_acl_update_mode(struct inode *, umode_t *, struct posix_acl **); > @@ -99,6 +100,11 @@ static inline int posix_acl_chmod(struct inode *inode, umode_t mode) > > #define simple_set_acl NULL > > +static inline void posix_acl_apply_umask(struct inode *inode, umode_t *mode) > +{ > + *mode &= ~current_umask(); > +} > + > static inline int simple_acl_create(struct inode *dir, struct inode *inode) > { > return 0; > > base-commit: 69119673bd50b176ded34032fadd41530fb5af21 > prerequisite-patch-id: a8319d40da9f70f478892d0bd8e63f540364b089 > -- > 2.26.2 >
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#962254
; Package src:linux
.
(Wed, 17 Jun 2020 16:54:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Andreas Gruenbacher <agruenba@redhat.com>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Wed, 17 Jun 2020 16:54:02 GMT) (full text, mbox, link).
Message #150 received at 962254@bugs.debian.org (full text, mbox, reply):
On Wed, Jun 17, 2020 at 5:31 PM J. Bruce Fields <bfields@redhat.com> wrote: > > On Wed, Jun 17, 2020 at 04:42:56PM +0200, Andreas Gruenbacher wrote: > > Hi Bruce, > > > > On Wed, Jun 17, 2020 at 2:58 AM J. Bruce Fields <bfields@redhat.com> wrote: > > > I think I'll send the following upstream. > > > > looking good, but how about using a little helper for this? > > I like it. And the new comment's helpful too. > > > > > Also I'm not sure if ecryptfs gets this right, so taking the ecryptfs > > list into the CC. > > Yes, questions I had while doing this: > > - cachefiles, ecrypfs, devtmpfs, and unix_mknod skip the check, > is that OK for all of them? (Overlayfs too, I think?--that > code's harder to follow. > > - why don't vfs_{create,mknod,mkdir} do the IS_POSIXACL check > themselves? Even if it's unnecessary for some callers, surely > it wouldn't be wrong? That's a good question. The security_path_{mkdir,mknod} hooks would then probably be passed the original create mode before applying the umask, but at that point it's not clear what the new inode's final mode will be, anyway. > I also wondered why both vfs_{create,mknod,mkdir} and the callers were > calling security hooks, but now I see that the callers are calling > security_path_* hooks and the vfs_ functions are calling > security_inode_* hooks, so I guess they're not redundant. > > Though now I wonder why some of the callers (nfsd, overlayfs) are > skipping the security_path_* hooks. The path based security hooks are only used by apparmor and tomoyo. Those hooks basically control who (which process) can do what where in the filesystem, but nfsd isn't aware of the "who", and overlayfs is a layer below the "where". Andreas
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Mon, 22 Jun 2020 11:45:04 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>
:
You have taken responsibility.
(Thu, 25 Jun 2020 10:03:57 GMT) (full text, mbox, link).
Notification sent
to Elliott Mitchell <ehem+debian@m5p.com>
:
Bug acknowledged by developer.
(Thu, 25 Jun 2020 10:03:57 GMT) (full text, mbox, link).
Message #157 received at 962254-close@bugs.debian.org (full text, mbox, reply):
Source: linux Source-Version: 5.7.6-1 Done: Salvatore Bonaccorso <carnil@debian.org> We believe that the bug you reported is fixed in the latest version of linux, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 962254@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated linux package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 24 Jun 2020 20:56:57 +0200 Source: linux Architecture: source Version: 5.7.6-1 Distribution: unstable Urgency: medium Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 942861 954294 959781 961299 961328 961516 961823 962254 Changes: linux (5.7.6-1) unstable; urgency=medium . * New upstream release: https://kernelnewbies.org/Linux_5.7 - [x86] syscalls: Revert "x86/syscalls: Make __X32_SYSCALL_BIT be unsigned long" (Closes: #954294) * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.1 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.2 - vt: keyboard: avoid signed integer overflow in k_ascii (CVE-2020-13974) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3 - [x86] speculation: Prevent rogue cross-process SSBD shutdown (CVE-2020-10766) - [x86] speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (CVE-2020-10767) - [x86] speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. (CVE-2020-10768) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.4 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.6 . [ Ben Hutchings ] * fs: Enable EXFAT_FS as module (Closes: #959781) * Fix conversion of meta-package doc directories to symlinks (Closes: #942861) . [ Vagrant Cascadian ] * [arm64] Enable DRM_ANALOGIX_ANX6345 as a module. * [arm64] Add analogix-anx6345, pwm-sun4i, sun4i-drm and sun8i-mixer to fb-modules udeb. . [ Helge Deller ] * [hppa] Don't run dh_strip on vmlinuz (Closes: #961299) . [ YunQiang Su ] * [mips/loongson-3] Enable SERIAL_OF_PLATFORM and OF (Closes: 961328) . [ Aurelien Jarno ] * Enable CONFIG_NVME_HWMON (Closes: #961823) . [ Romain Perier ] * [arm64] Enable PCIE_BRCMSTB * [arm64] Enable BCM2711_THERMAL . [ Salvatore Bonaccorso ] * nfsd: apply umask on fs without ACL support (Closes: #962254) * [rt] Add new signing key for Tom Zanussi * Set ABI to 1 * [arm64] Remove explicit setting of CONFIG_HNS * debian/config: Clean up with the help of kconfigeditor2 . [ Gianfranco Costamagna ] * [x86] Enable VBOXSF_FS as a module (Closes: #961516) Checksums-Sha1: 616ed11f7cd1a21f78b10d089e8e2cdafa36e1c7 194668 linux_5.7.6-1.dsc 9bcc8e3e07567863125088be5067efdb5b23d11a 117327288 linux_5.7.6.orig.tar.xz e69cfec61b986405aa5a62c4e986d7c3ddff0f6b 1210312 linux_5.7.6-1.debian.tar.xz a1315a981e4a5bbfabd21bee926d25312f6d219b 47133 linux_5.7.6-1_source.buildinfo Checksums-Sha256: 3f6eb07a80a2df52185e659fded7935969500e5a1f6e694643a523bf8322d83e 194668 linux_5.7.6-1.dsc 13741ce391d0b29c1b95f9f55a93ccdcae6308aeffbf3184e315a9c1eb3cdb6f 117327288 linux_5.7.6.orig.tar.xz ca46db495a0c5e9c610777927460428786f3ec2aa085dedf87549388d7847d55 1210312 linux_5.7.6-1.debian.tar.xz 7d07a0cfd4825f5bb2a9cfa63044fe909cf53fa1ef1dfee07f37ef464f7fcb4e 47133 linux_5.7.6-1_source.buildinfo Files: 18f794dedcd99d545dca5d13988957c5 194668 kernel optional linux_5.7.6-1.dsc 68ff196e4dcec00c9b5074b9915bbd01 117327288 kernel optional linux_5.7.6.orig.tar.xz 65ad5edadd43a823cc40ee0bd1e075ae 1210312 kernel optional linux_5.7.6-1.debian.tar.xz 0d079c57e836fd68de9d7e5fe2a95c6a 47133 kernel optional linux_5.7.6-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7zosJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EK9MQAJqA9DMHfZakVr4KwsHBOlezmn8WwtsS BV47SfzmXjxrHXzrjmpWh8960vz/OOACZ/H1jGFXXuCpZW68S8Wxnoa99ZdsMV3Q lEANlRxRdWAbKzmz4wOCnVc+ooN+NOvcyZ/7zfpA6bTab4VgMq04qxMcUA2eQqzV H4bO771C1BWY6aLRO8y6Mu/Cr9UkwR7T9biL3Q1iR80ER92pvRpW0zfAxNB8KSc/ pwTro8LY/jpBLZlQ13Of48r/1fcosKXGJp58iOTiqpE6Yh4OauUbmG18v8OLngLC a4e+JKhyNjm6JIGIulgYC2v4utLSRVnF+fCGPxnx0DyMnowKJhFSh+KEJpgWEt3S D/HvP91wu/VDMFr1YA8MVDIS3LcR0NJanKCO5U6Qh9N8XA2hz1BToMKd6rNFowgV 8+eCZGcAN/v9qw6gQmnE8rlBh9QVLCkN/umD35eV8sdSxe2qfE9UlTAEX5k6irCt Fl3qtI1zkcv7OMP6oRGQPc9No3beXx2N+I14+AyLKQhSpOLR7jQhHMxQa/L8esqc 8QzKo8f6ftO4mblz9nEnPPsOBBUb1WDTp2FE4FAN4CoLfsKo3iHPD6AULuyrfzEU 0d4vK2YlTBxF7SdyvwY2h+J15RweUs+FbLetc7yD6qmbWeVy4VyxKNrWgZ2gZBtL LtvyU8jcwqOZ =cy9K -----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>
:
You have taken responsibility.
(Thu, 25 Jun 2020 10:03:58 GMT) (full text, mbox, link).
Notification sent
to John Goerzen <jgoerzen@complete.org>
:
Bug acknowledged by developer.
(Thu, 25 Jun 2020 10:03:58 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>
:
You have taken responsibility.
(Fri, 10 Jul 2020 20:12:13 GMT) (full text, mbox, link).
Notification sent
to Elliott Mitchell <ehem+debian@m5p.com>
:
Bug acknowledged by developer.
(Fri, 10 Jul 2020 20:12:14 GMT) (full text, mbox, link).
Message #166 received at 962254-close@bugs.debian.org (full text, mbox, reply):
Source: linux Source-Version: 4.19.131-1 Done: Salvatore Bonaccorso <carnil@debian.org> We believe that the bug you reported is fixed in the latest version of linux, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 962254@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated linux package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 09 Jul 2020 04:45:56 +0200 Source: linux Architecture: source Version: 4.19.131-1 Distribution: buster Urgency: medium Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 958300 960493 962254 963493 Changes: linux (4.19.131-1) buster; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.119 - ext4: fix extent_status fragmentation for plain files - [arm64] drm/msm: Use the correct dma_sync calls harder - vti4: removed duplicate log message. - [arm64] Add part number for Neoverse N1 - [arm64] errata: Hide CTR_EL0.DIC on systems affected by Neoverse-N1 #1542419 - [arm64] Fake the IminLine size on systems affected by Neoverse-N1 #1542419 - [arm64] compat: Workaround Neoverse-N1 #1542419 for compat user-space - watchdog: reset last_hw_keepalive time at start - scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG - ceph: return ceph_mdsc_do_request() errors from __get_parent() - ceph: don't skip updating wanted caps when cap is stale - scsi: iscsi: Report unbind session event when the target has been removed - [x86] ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() - nvme: fix deadlock caused by ANA update wrong locking - ipc/util.c: sysvipc_find_ipc() should increase position index - [s390x] cio: avoid duplicated 'ADD' uevents - loop: Better discard support for block devices - [powerpc*] Revert "powerpc/64: irq_work avoid interrupt when called with hardware irqs enabled" - [arm*] pwm: bcm2835: Dynamically allocate base - perf/core: Disable page faults when getting phys address - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN MPWIN895CL tablet - xhci: Ensure link state is U3 after setting USB_SS_PORT_LS_U3 - virtio-blk: improve virtqueue error to BLK_STS - scsi: smartpqi: fix call trace in device discovery - PCI/ASPM: Allow re-enabling Clock PM - [x86] KVM: VMX: Zero out *all* general purpose registers after VM-Exit - cxgb4: fix adapter crash due to wrong MC size - cxgb4: fix large delays in PTP synchronization - ipv6: fix restrict IPV6_ADDRFORM operation - macsec: avoid to set wrong mtu - macvlan: fix null dereference in macvlan_device_event() - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node - [arm64,armhf] net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array - sched: etf: do not assume all sockets are full blown - tcp: cache line align MAX_TCP_HEADER - team: fix hang in team_mode_get() - vrf: Fix IPv6 with qdisc and xfrm - [armhf] net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled - [armhf] net: dsa: b53: Fix ARL register definitions - [armhf] net: dsa: b53: Rework ARL bin logic - [armhf] net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish - vrf: Check skb for XFRM_TRANSFORMED flag - KEYS: Avoid false positive ENOMEM error on key read - ALSA: hda: Remove ASUS ROG Zenith from the blacklist - ALSA: usb-audio: Add static mapping table for ALC1220-VB-based mobos - ALSA: usb-audio: Add connector notifier delegation - [armhf] iio: st_sensors: rely on odr mask to know if odr can be set - USB: sisusbvga: Change port variable from signed to unsigned - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE - USB: early: Handle AMD's spec-compliant identifiers, too - USB: hub: Fix handling of connect changes during sleep - vmalloc: fix remap_vmalloc_range() bounds checks - mm/hugetlb: fix a addressing exception caused by huge_pte_offset - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled - ALSA: hda/realtek - Fix unexpected init_amp override - ALSA: hda/realtek - Add new codec supported for ALC245 - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif - ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices - tpm/tpm_tis: Free IRQ if probing fails - [s390x] KVM: Return last valid slot if approx index is out-of-bounds - KVM: Check validity of resolved slot when searching memslots - [x86] KVM: VMX: Enable machine check support for 32bit targets - tty: hvc: fix buffer overflow during hvc_alloc(). - [x86] tty: rocket, avoid OOB access - usb-storage: Add unusual_devs entry for JMicron JMS566 - audit: check the length of userspace generated audit records - ASoC: dapm: fixup dapm kcontrol widget - iwlwifi: pcie: actually release queue memory in TVQM - iwlwifi: mvm: beacon statistics shouldn't go backwards - [armel,armhf] ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y - [powerpc*] setup_64: Set cache-line-size based on cache-block-size - [i386] staging: comedi: dt2815: fix writing hi byte of analog output - [x86] staging: comedi: Fix comedi_device refcnt leak in comedi_open - vt: don't hardcode the mem allocation upper bound - vt: don't use kmalloc() for the unicode screen buffer - [x86] staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default. - [x86] staging: vt6656: Fix calling conditions of vnt_set_bss_mode - [x86] staging: vt6656: Fix drivers TBTT timing counter. - [x86] staging: vt6656: Fix pairwise key entry save. - [x86] staging: vt6656: Power save stop wake_up_count wrap around. - cdc-acm: close race betrween suspend() and acm_softint - cdc-acm: introduce a cool down - UAS: no use logging any details in case of ENODEV - UAS: fix deadlock in error handling and PM flushing work - [arm64,armhf] usb: dwc3: gadget: Fix request completion check - usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() - xhci: prevent bus suspend if a roothub port detected a over-current condition - xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.120 - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer - [arm*] binder: take read mode of mmap_sem in binder_alloc_free_page() - [arm64,armhf] usb: dwc3: gadget: Do link recovery for SS and SSP - nfsd: memory corruption in nfsd4_lock() - rxrpc: Fix DATA Tx to disable nofrag for UDP on AF_INET6 socket - net/cxgb4: Check the return from t4_query_params properly - xfs: acquire superblock freeze protection on eofblocks scans - svcrdma: Fix trace point use-after-free race - svcrdma: Fix leak of svc_rdma_recv_ctxt objects - PCI: Avoid ASMedia XHCI USB PME# from D0 defect - [s390x] net/mlx5: Fix failing fw tracer allocation on s390 - perf/core: fix parent pid/tid in task exit events - [i386] bpf, x86_32: Fix incorrect encoding in BPF_LDX zero-extension - mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path - xfs: clear PF_MEMALLOC before exiting xfsaild thread - [x86] bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B - [armhf] net: fec: set GPR bit on suspend by DT configuration. - [x86] hyperv: report value of misc_features - xfs: fix partially uninitialized structure in xfs_reflink_remap_extent - ALSA: hda: Keep the controller initialization even if no codecs found - ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported - scsi: target: fix PR IN / READ FULL STATUS for FC - scsi: target: tcmu: reset_ring should reset TCMU_DEV_BIT_BROKEN - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status - ALSA: hda: call runtime_allow() for all hda controllers - [arm64] Delete the space separator in __emit_inst - ext4: use matching invalidatepage in ext4_writepage - ext4: increase wait time needed before reuse of deleted inode numbers - ext4: convert BUG_ON's to WARN_ON's in mballoc.c - hwmon: (jc42) Fix name to have no illegal characters - [i386] bpf, x86_32: Fix clobbering of dst for BPF_JSET - qed: Fix use after free in qed_chain_free - ext4: check for non-zero journal inum in ext4_calculate_overhead https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.121 - drm/edid: Fix off-by-one in DispID DTD pixel clock - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() - drm/qxl: qxl_release use after free - btrfs: fix block group leak when removing fails - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID - ALSA: hda/hdmi: fix without unlocked before return - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (Closes: #960493) - PM: ACPI: Output correct message on target power state - PM: hibernate: Freeze kernel threads in software_resume() - dm writecache: fix data corruption when reloading the target - dm multipath: use updated MPATHF_QUEUE_IO on mapping for bio-based mpath - scsi: qla2xxx: set UNLOADING before waiting for session deletion - scsi: qla2xxx: check UNLOADING before posting async work - RDMA/mlx5: Set GRH fields in query QP on RoCE - RDMA/mlx4: Initialize ib_spec on the stack - RDMA/core: Prevent mixed use of FDs between shared ufiles - RDMA/core: Fix race between destroy and release FD object - [amd64,arm64] vfio: avoid possible overflow in vfio_iommu_type1_pin_pages - [amd64,arm64] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() - [arm64] iommu/qcom: Fix local_base status check - scsi: target/iblock: fix WRITE SAME zeroing - [amd64] iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl - btrfs: fix partial loss of prealloc extent past i_size after fsync - btrfs: transaction: Avoid deadlock due to bad initialization timing of fs_info::journal_info - mmc: cqhci: Avoid false "cqhci: CQE stuck on" by not open-coding timeout loop - [arm64] mmc: sdhci-xenon: fix annoying 1.8V regulator warning - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers - [arm64] mmc: sdhci-msm: Enable host capabilities pertains to R1b response - [armhf] mmc: meson-mx-sdio: Set MMC_CAP_WAIT_WHILE_BUSY - [armhf] mmc: meson-mx-sdio: remove the broken ->card_busy() op https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.122 - vhost: vsock: kick send_pkt worker once device is started - [powerpc*] pci/of: Parse unassigned resources - [x86] ASoC: topology: Check return value of pcm_new_ver - [armhf] ASoC: sgtl5000: Fix VAG power-on handling - [arm64,armhf] usb: dwc3: gadget: Properly set maxpacket limit - [x86] ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry - wimax/i2400m: Fix potential urb refcnt leak - [armhf] net: stmmac: fix enabling socfpga's ptp_ref_clock - [armhf] net: stmmac: Fix sub-second increment - cifs: protect updating server->dstaddr with a spinlock - [s390x] ftrace: fix potential crashes when switching tracers - sctp: Fix SHUTDOWN CTSN Ack in the peer restart case - drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event - lib: devres: add a helper function for ioremap_uc - [x86] mfd: intel-lpss: Use devm_ioremap_uc for MMIO - ALSA: hda: Match both PCI ID and SSID for driver blacklist - [x86] platform: GPD pocket fan: Fix error message when temp-limits are out of range - mac80211: add ieee80211_is_any_nullfunc() - cgroup, netclassid: remove double cond_resched - drm/atomic: Take the atomic toys away from X https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.123 - USB: serial: qcserial: Add DW5816e support - tracing/kprobes: Fix a double initialization typo - vt: fix unicode console freeing with a common interface - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks - net: macsec: preserve ingress frame ordering - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() - net_sched: sch_skbprio: add message validation to skbprio_change() - net: usb: qmi_wwan: add support for DW5816e - sch_choke: avoid potential panic in choke_reset() - sch_sfq: validate silly quantum values - tipc: fix partial topology connection closure - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). - net/mlx5: Fix forced completion access non initialized command entry - net/mlx5: Fix command entry leak in Internal Error State - bnxt_en: Improve AER slot reset. - bnxt_en: Fix VF anti-spoof filter setup. - net: stricter validation of untrusted gso packets - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices - sctp: Fix bundling of SHUTDOWN with COOKIE-ACK - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() - USB: uas: add quirk for LaCie 2Big Quadra - USB: serial: garmin_gps: add sanity checking for data length - tracing: Add a vmalloc_sync_mappings() for safe measure - [arm64,armhf] KVM: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER - [arm64] KVM: Fix 32bit PC wrap-around - [arm64] hugetlb: avoid potential NULL dereference - mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() - [x86] KVM: VMX: Explicitly reference RCX as the vmx_vcpu pointer in asm blobs - [x86] KVM: VMX: Mark RCX, RDX and RSI as clobbered in vmx_vcpu_run()'s asm blob - batman-adv: fix batadv_nc_random_weight_tq - batman-adv: Fix refcnt leak in batadv_show_throughput_override - batman-adv: Fix refcnt leak in batadv_store_throughput_override - batman-adv: Fix refcnt leak in batadv_v_ogm_process - [amd64] x86/entry/64: Fix unwind hints in register clearing code - [amd64] x86/entry/64: Fix unwind hints in kernel exit path - [amd64] x86/entry/64: Fix unwind hints in rewind_stack_do_exit() - [amd64] x86/unwind/orc: Don't skip the first frame for inactive tasks - [amd64] x86/unwind/orc: Prevent unwinding before ORC initialization - [amd64] x86/unwind/orc: Fix error path for bad ORC entry type - [amd64] x86/unwind/orc: Fix premature unwind stoppage due to IRET frames - netfilter: nat: never update the UDP checksum when it's 0 - netfilter: nf_osf: avoid passing pointer to local var - scripts/decodecode: fix trapping instruction formatting - ipc/mqueue.c: change __do_notify() to bypass check_kill_permission() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.124 - [arm64,armhf] net: dsa: Do not make user port errors fatal - shmem: fix possible deadlocks on shmlock_user_lock - virtio-blk: handle block_device_operations callbacks after hot unplug - mmc: sdhci-acpi: Add SDHCI_QUIRK2_BROKEN_64_BIT_DMA for AMDI0040 - net: fix a potential recursive NETDEV_FEAT_CHANGE - net: phy: fix aneg restart in phy_ethtool_set_eee - pppoe: only process PADT targeted at local interfaces - Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu" - tcp: fix error recovery in tcp_zerocopy_receive() - virtio_net: fix lockdep warning on 32 bit - [x86,arm64] hinic: fix a bug of ndo_stop - net: ipv4: really enforce backoff for redirects - netprio_cgroup: Fix unlimited memory leak of v2 cgroups - net: tcp: fix rx timestamp behavior for tcp_recvmsg - tcp: fix SO_RCVLOWAT hangs with fat skbs - [i386] dmaengine: pch_dma.c: Avoid data race between probe and irq handler - [x86] cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once - ALSA: hda/hdmi: fix race in monitor detection during probe - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() - ipc/util.c: sysvipc_find_ipc() incorrectly updates position index - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse - gfs2: Another gfs2_walk_metadata fix - [x86] pinctrl: baytrail: Enable pin configuration setting for GPIO chip - [x86] pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler - i40iw: Fix error handling in i40iw_manage_arp_cache() - mmc: core: Check request type before completing the request - mmc: block: Fix request completion in the CQE timeout path - NFS: Fix fscache super_cookie index_key from changing after umount - nfs: fscache: use timespec64 in inode auxdata - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included - [arm64] fix the flush_icache_range arguments in machine_kexec - netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() - IB/mlx4: Test return value of calls to ib_get_cached_pkey - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B - [arm64,armhf] usb: host: xhci-plat: keep runtime active when removing host - usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list - cifs: fix leaked reference on requeued write - exec: Move would_dump into flush_old_exec - [arm64,armhf] clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks - [arm64,armhf] dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() - Revert "ALSA: hda/realtek: Fix pop noise on ALC225" - clk: Unlink clock if failed to prepare or enable - [arm64] dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards - [x86] KVM: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.125 - i2c: dev: Fix the race between the release of i2c_dev and cdev - fix multiplication overflow in copy_fdtable() - ubifs: remove broken lazytime support - [amd64] iommu/amd: Fix over-read of ACPI UID from IVRS table - ubi: Fix seq_file usage in detailed_erase_block_info debugfs file - HID: multitouch: add eGalaxTouch P80H84 support - HID: alps: Add AUI1657 device ID - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV - scsi: qla2xxx: Delete all sessions before unregister local nvme port - configfs: fix config_item refcnt leak in configfs_rmdir() - vhost/vsock: fix packet delivery order to monitoring devices - [amd64] aquantia: Fix the media type of AQC100 ethernet controller in the driver - component: Silence bind error on -EPROBE_DEFER - [ppc64el] scsi: ibmvscsi: Fix WARN_ON during event pool release - HID: i2c-hid: reset Synaptics SYNA2393 on resume - [x86] apic: Move TSC deadline timer debug printk - gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock - ceph: fix double unlock in handle_cap_export() - [arm64,armhf] stmmac: fix pointer check after utilization in stmmac_interrupt - USB: core: Fix misleading driver bug report - [x86] platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA - padata: Replace delayed timer with immediate workqueue in padata_reorder - padata: initialize pd->cpu with effective cpumask - padata: purge get_cpu and reorder_via_wq from padata_do_serial - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option - ALSA: pcm: fix incorrect hw_base increase - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme - ALSA: hda/realtek - Add more fixup entries for Clevo machines - [armhf] drm/etnaviv: fix perfmon domain interation - apparmor: Fix use-after-free in aa_audit_rule_init - apparmor: fix potential label refcnt leak in aa_change_profile - apparmor: Fix aa_label refcnt leak in policy_update - [arm64] dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' - [powerpc*] Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE - [powerpc*] 64s: Disable STRICT_KERNEL_RWX - [amd64,arm64] nfit: Add Hyper-V NVDIMM DSM command set to white list - [x86,arm64] libnvdimm/btt: Remove unnecessary code in btt_freelist_init - [x86,arm64] libnvdimm/btt: Fix LBA masking during 'free list' population - [x86] thunderbolt: Drop duplicated get_switch_at_route() - cxgb4: free mac_hlist properly - cxgb4/cxgb4vf: Fix mac_hlist initialization and free - brcmfmac: abort and release host after error - Revert "gfs2: Don't demote a glock until its revokes are written" - misc: rtsx: Add short delay after exit from ASPM - [x86] mei: release me_cl object reference - rxrpc: Fix a memory leak in rxkad_verify_response() - rxrpc: Trace discarded ACKs - rxrpc: Fix ack discard https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.126 - ax25: fix setsockopt(SO_BINDTODEVICE) - __netif_receive_skb_core: pass skb by reference - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* - net: ipip: fix wrong address family in init error path - net/mlx5: Add command entry handling completion - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" - net sched: fix reporting the first-time use timestamp - r8152: support additional Microsoft Surface Ethernet Adapter variant - sctp: Don't add the shutdown timer if its already been added - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed - net/mlx5e: Update netdev txq on completions during closure - net/mlx5: Annotate mutex destroy for root ns - net: sun: fix missing release regions in cas_init_one(). - net/mlx4_core: fix a memory leak bug. - [armhf] dts: rockchip: fix phy nodename for rk3228-evb - [arm64] dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts - [arm64,armhf] gpio: tegra: mask GPIO IRQs during IRQ shutdown - ALSA: usb-audio: add mapping for ASRock TRX40 Creator - gfs2: move privileged user check to gfs2_quota_lock_check - cachefiles: Fix race between read_waiter and read_copier involving op->to_do - [arm64] usb: dwc3: pci: Enable extcon driver for Intel Merrifield - usb: gadget: legacy: fix redundant initialization warnings - IB/i40iw: Remove bogus call to netdev_master_upper_dev_get() - cifs: Fix null pointer check in cifs_read - Input: usbtouchscreen - add support for BonXeon TP - Input: evdev - call input_flush_device() on release(), not flush() - Input: xpad - add custom init packet for Xbox One S controllers - Input: i8042 - add ThinkPad S230u to i8042 reset list - Input: synaptics-rmi4 - really fix attn_data use-after-free - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() - [armel,armhf] 8970/1: decompressor: increase tag size - [arm*] 8843/1: use unified assembler in headers - gpio: exar: Fix bad handling for ida_simple_get error path - IB/qib: Call kobject_put() when kobject_init_and_add() fails - [armhf] dts/imx6q-bx50v3: Set display interface clock parents - [armel,armhf] dts: bcm2835-rpi-zero-w: Fix led polarity - mmc: block: Fix use-after-free issue for rpmb - ALSA: hwdep: fix a left shifting 1 by 31 UB bug - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC - exec: Always set cap_ambient in cap_bprm_set_creds - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio - ALSA: hda/realtek - Add new codec supported for ALC287 - libceph: ignore pool overlay and cache logic on redirects - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() - include/asm-generic/topology.h: guard cpumask_of_node() macro argument - iommu: Fix reference count leak in iommu_group_alloc. - mmc: core: Fix recursive locking issue in CQE recovery path - RDMA/core: Fix double destruction of uobject - mac80211: mesh: fix discovery timer re-arming issue / crash - [x86] dma: Fix max PFN arithmetic overflow on 32 bit systems - [x86] copy_xstate_to_kernel(): don't leave parts of destination uninitialized - xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input - xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output - xfrm interface: fix oops when deleting a x-netns interface - xfrm: fix a warning in xfrm_policy_insert_list - xfrm: fix a NULL-ptr deref in xfrm_local_error - xfrm: fix error in comment - vti4: eliminated some duplicate code. - ip_vti: receive ipip packet by calling ip_tunnel_rcv - netfilter: nft_reject_bridge: enable reject with bridge vlan - netfilter: ipset: Fix subcounter update skip - netfilter: nfnetlink_cthelper: unbreak userspace helper support - netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code - esp6: get the right proto for transport mode in esp6_gso_encap - bnxt_en: Fix accumulation of bp->net_stats_prev. - xsk: Add overflow check for u64 division, stored into u32 - qlcnic: fix missing release in qlcnic_83xx_interrupt_test. - bonding: Fix reference count leak in bond_sysfs_slave_add. - netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build - mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.127 - Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race window" - libnvdimm: Fix endian conversion issues - HID: sony: Fix for broken buttons on DS3 USB dongles - HID: i2c-hid: add Schneider SCL142ALM to descriptor override - p54usb: add AirVasT USB stick device-id - mmc: fix compilation of user API - scsi: ufs: Release clock if DMA map fails - airo: Fix read overflows sending packets - [x86] drm/i915: fix port checks for MST support on gen >= 11 - [arm64] scsi: hisi_sas: Check sas_port before using it - [powerpc*] powernv: Avoid re-registration of imc debugfs directory - [s390x] ftrace: save traced function caller - drm/edid: Add Oculus Rift S to non-desktop list - [s390x] mm: fix set_huge_pte_at() for empty ptes - null_blk: return error for invalid zone size - [arm64] net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x - [arm64,armhf] net: smsc911x: Fix runtime PM imbalance on error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.128 - devinet: fix memleak in inetdev_init() - l2tp: add sk_family checks to l2tp_validate_socket - l2tp: do not use inet_hash()/inet_unhash() - net: usb: qmi_wwan: add Telit LE910C1-EUX composition - vsock: fix timeout in vsock_accept() - net: check untrusted gso_size at kernel entry - USB: serial: qcserial: add DW5816e QDL support - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors - USB: serial: option: add Telit LE910C1-EUX compositions - [arm64,armhf] usb: musb: start session in resume for host port - [arm64,armhf] usb: musb: Fix runtime PM imbalance on error - vt: keyboard: avoid signed integer overflow in k_ascii (CVE-2020-13974) - tty: hvc_console, fix crashes on parallel open/close - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK - CDC-ACM: heed quirk also in error handling - [arm64] nvmem: qfprom: remove incorrect write support - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned - Revert "net/mlx5: Annotate mutex destroy for root ns" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.129 - ipv6: fix IPV6_ADDRFORM operation logic - net_failover: fixed rollback in net_failover_open() - bridge: Avoid infinite loop when suppressing NS messages with invalid options - vxlan: Avoid infinite loop when suppressing NS messages with invalid options - tun: correct header offsets in napi frags mode - make 'user_access_begin()' do 'access_ok()' (CVE-2018-20669) - [x86] uaccess: Inhibit speculation past access_ok() in user_access_begin() - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() - btrfs: merge btrfs_find_device and find_device (CVE-2019-18885) - btrfs: Detect unbalanced tree with empty leaf before crashing btree operations - [armel,armhf] 8977/1: ptrace: Fix mask for thumb breakpoint hook - sched/fair: Don't NUMA balance for kthreads - Input: synaptics - add a second working PNP_ID for Lenovo T470s - [powerpc*] xive: Clear the page tables for the ESB IO mapping - ath9k_htc: Silence undersized packet warnings - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated - [x86] cpu/amd: Make erratum #1054 a legacy erratum - perf probe: Accept the instance number of kretprobe event - mm: add kvfree_sensitive() for freeing sensitive data objects - aio: fix async fsync creds - btrfs: tree-checker: Check level for leaves and nodes - [x86] Fix jiffies ODR violation - [x86] PCI: Mark Intel C620 MROMs as having non-compliant BARs - [x86] speculation: Prevent rogue cross-process SSBD shutdown (CVE-2020-10766) - [x86] reboot/quirks: Add MacBook6,1 reboot quirk - efi/efivars: Add missing kobject_put() in sysfs entry creation error path - [i386] ALSA: es1688: Add the missed snd_card_free() - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines - ALSA: usb-audio: Fix inconsistent card PM state after resume - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock - [arm64,x86] ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() - [amd64,arm64] ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() - [arm64] ACPI: GED: add support for _Exx / _Lxx handler methods - [arm64,x86] ACPI: PM: Avoid using power resources if there are none for D0 - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() - [arm*] spi: bcm2835aux: Fix controller unregister order - PM: runtime: clk: Fix clk_pm_runtime_get() error path - [arm64] crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated - ALSA: pcm: disallow linking stream to itself - [x86] {mce,mm}: Unmap the entire page if the whole page is affected and poisoned - [x86] KVM: Fix APIC page invalidation race - [x86] kvm: Fix L1TF mitigation for shadow MMU - [x86] KVM: x86/mmu: Consolidate "is MMIO SPTE" code - [x86] KVM: only do L1TF workaround on affected processors - [x86] speculation: Change misspelled STIPB to STIBP - [x86] speculation: Add support for STIBP always-on preferred mode - [x86] speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (CVE-2020-10767) - [x86] speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. (CVE-2020-10768) - spi: No need to assign dummy value in spi_unregister_controller() - spi: Fix controller unregister order - [amd64] spi: pxa2xx: Fix controller unregister order - [arm*] spi: bcm2835: Fix controller unregister order - [amd64] spi: pxa2xx: Balance runtime PM enable/disable on error - [amd64] spi: pxa2xx: Fix runtime PM ref imbalance on probe error - crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() - ovl: initialize error in ovl_copy_xattr - proc: Use new_inode not new_inode_pseudo - [x86] KVM: nSVM: fix condition for filtering async PF - [x86] KVM: nSVM: leave ASID aside in copy_vmcb_control_area - [x86] KVM: nVMX: Consult only the "basic" exit reason when routing nested exit - [arm64] KVM: Make vcpu_cp1x() work on Big Endian hosts - scsi: megaraid_sas: TM command refire leads to controller firmware crash - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb - mm/slub: fix a memory leak in sysfs_slab_add() - fat: don't allow to mount if the FAT length == 0 - perf: Add cond_resched() to task_function_call() - [x86] agp/intel: Reinforce the barrier after GTT updates - [arm64] mmc: sdhci-msm: Clear tuning done flag while hs400 tuning - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() - xen/pvcalls-back: test for errors when calling backend_connect() - [arm64] KVM: Synchronize sysreg state on injecting an AArch42 exception - [arm64] ACPI: GED: use correct trigger type field in _Exx / _Lxx handling - [arm64] drm: bridge: adv7511: Extend list of audio sample rates - [x86] crypto: ccp -- don't "select" CONFIG_DMADEVICES - media: si2157: Better check for running tuner in init - [amd64] spi: pxa2xx: Apply CS clk quirk to BXT - [amd64] net: atlantic: make hw_get_regs optional - net: ena: fix error returning in ena_com_get_hash_function() - [arm64] insn: Fix two bugs in encoding 32-bit logical immediates - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K - Bluetooth: Add SCO fallback for invalid LMP parameters error - [armhf] clocksource: dw_apb_timer: Make CPU-affiliation being optional - [armhf] clocksource: dw_apb_timer_of: Fix missing clockevent timers - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums - batman-adv: Revert "disable ethtool link speed detection when auto negotiation off" - [armhf] mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error - [x86] kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit - [x86] net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() - brcmfmac: fix wrong location to get firmware feature - e1000: Distribute switch variables for initialization - dt-bindings: display: mediatek: control dpi pins mode to avoid leakage - audit: fix a net reference leak in audit_send_reply() - media: dvb: return -EREMOTEIO on i2c transfer failure. - [mips*] Make sparse_init() using top-down allocation - Bluetooth: btbcm: Add 2 missing models to subver tables - audit: fix a net reference leak in audit_list_rules_send() - netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported - exit: Move preemption fixup up, move blocking operations down - sched/core: Fix illegal RCU from offline CPUs - drivers/perf: hisi: Fix typo in events attribute array - [armhf] net: allwinner: Fix use correct return type for ndo_start_xmit() - xfs: clean up the error handling in xfs_swap_extents - Crypto/chcr: fix for ccm(aes) failed test - [mips*] cm: Fix an invalid error code of INTVN_*_ERR - xfs: reset buffer write failure state on successful completion - xfs: fix duplicate verification from xfs_qm_dqflush() - [x86] platform/x86: intel-vbtn: Use acpi_evaluate_integer() - [x86] platform/x86: intel-vbtn: Split keymap into buttons and switches parts - [x86] platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there - [x86] platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types - nvme: refine the Qemu Identify CNS quirk - ath40k: Remove msdu from idr when management pkt send fails - [arm64] wcn36xx: Fix error handling path in 'wcn36xx_probe()' - net: qed*: Reduce RX and TX default ring count when running inside kdump kernel - mt76: avoid rx reorder buffer overflow - md: don't flush workqueue unconditionally in md_open - veth: Adjust hard_start offset on redirect XDP frames - net/mlx5e: IPoIB, Drop multicast packets that this interface sent - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() - mwifiex: Fix memory corruption in dump_station - [x86] boot: Correct relocation destination on old linkers - [x86] mm: Stop printing BRK addresses - btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a new qgroup - macvlan: Skip loopback packets in RX handler - PCI: Don't disable decoding when mmio_always_on is set - [mips*] Fix IRQ tracing when call handle_fpe() and handle_msa_fpe() - bcache: fix refcount underflow in bcache_device_free() - [arm64] mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core - ixgbe: fix signed-integer-overflow warning - [armhf] mmc: sdhci-esdhc-imx: fix the mask for tuning start point - cpuidle: Fix three reference count leaks - [x86] platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() - [x86] platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) - [x86] platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type - btrfs: include non-missing as a qualifier for the latest_bdev - btrfs: send: emit file capabilities after chown - mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() - mm: initialize deferred pages with interrupts enabled - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max - ext4: fix error pointer dereference - ext4: fix race between ext4_sync_parent() and rename() - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 - PCI: Avoid FLR for AMD Starship USB 3.0 - PCI: Add ACS quirk for iProc PAXB - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints - PCI: Remove unused NFP32xx IDs - [x86] hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs - [x86] amd_nb: Add PCI device IDs for family 17h, model 30h - PCI: add USR vendor id and use it in r8169 and w6692 driver - PCI: Move Synopsys HAPS platform device IDs - PCI: Move Rohm Vendor ID to generic list - misc: pci_endpoint_test: Add the layerscape EP device support - misc: pci_endpoint_test: Add support to test PCI EP in AM654x - PCI: Add Synopsys endpoint EDDA Device ID - PCI: Add NVIDIA GPU multi-function power dependencies - PCI: Enable NVIDIA HDA controllers - [x86] amd_nb: Add PCI device IDs for family 17h, model 70h - ALSA: lx6464es - add support for LX6464ESe pci express variant - PCI: Add Genesys Logic, Inc. Vendor ID - PCI: Add Amazon's Annapurna Labs vendor ID - PCI: vmd: Add device id for VMD device 8086:9A0B - [x86] amd_nb: Add Family 19h PCI IDs - PCI: Add Loongson vendor ID - serial: 8250_pci: Move Pericom IDs to pci_ids.h - PCI: Make ACS quirk implementations more uniform - PCI: Unify ACS quirk desired vs provided checking - PCI: Generalize multi-function power dependency device links - btrfs: fix error handling when submitting direct I/O bio - btrfs: fix wrong file range cleanup after an error filling dealloc range - PCI: Program MPS for RCiEP devices - e1000e: Disable TSO for buffer overrun workaround - e1000e: Relax condition to trigger reset for ME workaround - carl9170: remove P2P_GO support - media: go7007: fix a miss of snd_card_free (CVE-2019-20810) - Bluetooth: hci_bcm: fix freeing not-requested IRQ - b43legacy: Fix case where channel status is corrupted - b43: Fix connection problem with WPA3 - b43_legacy: Fix connection problem with WPA3 - igb: Report speed and duplex as unknown when device is runtime suspended - [arm64,armhf] power: vexpress: add suppress_bind_attrs to true - [armhf] pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 - [armhf] pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs - gnss: sirf: fix error return code in sirf_probe() - dm crypt: avoid truncating the logical block size - kernel/cpu_pm: Fix uninitted local in cpu_pm - [armhf] tegra: Correct PL310 Auxiliary Control Register initialization - [powerpc*] 64s: Don't let DT CPU features set FSCR_DSCR - [powerpc*] 64s: Save FSCR to init_task.thread.fscr after feature init - sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations. - sunrpc: clean up properly in gss_mech_unregister() - [armhf] w1: omap-hdq: cleanup to add missing newline for some dev_dbg - perf probe: Do not show the skipped events - perf probe: Fix to check blacklist address correctly - perf probe: Check address correctness by map instead of _etext - perf symbols: Fix debuginfo search for Ubuntu https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.130 - [arm64,armhf] clk: sunxi: Fix incorrect usage of round_down() - [arm64,armhf] ASoC: tegra: tegra_wm8903: Support nvidia, headset property - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets - [x86] iio: pressure: bmp280: Tolerate IRQ before registering - [arm64] clk: qcom: msm8916: Fix the address location of pll->config_reg - [arm64] backlight: lp855x: Ensure regulators are disabled on probe failure - [armhf] ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type - [armel] integrator: Add some Kconfig selections - scsi: qedi: Check for buffer overflow in qedi_set_path() - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO - [i386] ALSA: isa/wavefront: prevent out of bounds write in ioctl - PCI: Allow pci_resize_resource() for devices on root bus - scsi: qla2xxx: Fix issue with adapter's stopping state - [x86] iio: bmp280: fix compensation of humidity - f2fs: report delalloc reserve as non-free in statfs for project quota - [x86] i2c: pxa: clear all master action bits in i2c_pxa_stop_message() - [armhf] clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical - usblp: poison URBs upon disconnect - serial: 8250: Fix max baud limit in generic 8250 port - dm mpath: switch paths in dm_blk_ioctl() code path - [arm64] PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register - vfio/pci: fix memory leaks in alloc_perm_bits() - RDMA/mlx5: Add init2init as a modify command - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event - [powerpc*] perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run - nfsd: Fix svc_xprt refcnt leak when setup callback client failed - [amd64] PCI: vmd: Filter resource type bits from shadow register - [powerpc*] crashkernel: Take "mem=" option into account - yam: fix possible memory leak in yam_init_driver - apparmor: fix introspection of of task mode for unconfined tasks - apparmor: check/put label on apparmor_sk_clone_security() - scsi: sr: Fix sr_probe() missing deallocate of device minor - [powerpc*] scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM - apparmor: fix nnp subset test for unconfined - [x86] purgatory: Disable various profiling and sanitizing options - scsi: qedi: Do not flush offload work if ARP not resolved - [armhf] dts: sun8i-h4-plus-bananapi-m2-zero: Fix led polarity - scsi: qedf: Fix crash when MFW calls for protocol stats while function is still probing - [arm64] firmware: qcom_scm: fix bogous abuse of dma-direct internals - ALSA: usb-audio: Improve frames size computation - ALSA: usb-audio: Fix racy list management in output queue - [s390x] qdio: put thinint indicator after early error - tty: hvc: Fix data abort due to race in hvc_open - [armhf] thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR - [arm64,armhf] usb: dwc3: gadget: Properly handle failed kick_transfer - [mips64el,mipsel] staging: sm750fb: add missing case while setting FB_VISUAL - [arm64,i386] i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output - [arm*] serial: amba-pl011: Make sure we initialize the port.lock spinlock - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges - scsi: qla2xxx: Fix warning after FC target reset - scsi: mpt3sas: Fix double free warnings - [arm64,armhf] pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map - [armhf] clk: ti: composite: fix memory leak - PCI: Fix pci_register_host_bridge() device_register() error handling - [powerpc*] Don't initialise init_task->thread.regs - tty: n_gsm: Fix SOF skipping - tty: n_gsm: Fix waking up upper tty layer when room available - HID: Add quirks for Trust Panora Graphic Tablet - ipmi: use vzalloc instead of kmalloc for user creation - [powerpc*] pseries/ras: Fix FWNMI_VALID off by one - vfio-pci: Mask cap zero - usb/ohci-platform: Fix a warning when hibernating - [arm64] drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet - [armhf] USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() - tty: n_gsm: Fix bogus i++ in gsm_data_kick - scsi: target: tcmu: Userspace must not complete queued commands - [powerpc*] 64s/pgtable: fix an undefined behaviour - dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port - [arm64,armhf] PCI: dwc: Fix inner MSI IRQ domain registration - IB/cma: Fix ports memory leak in cma_configfs - [arm*] usb: dwc2: gadget: move gadget resume after the core is in L0 state - usb: gadget: Fix issue with config_ep_by_speed function - RDMA/iw_cxgb4: cleanup device debugfs entries on ULD remove - [x86] apic: Make TSC deadline timer detection message visible - scsi: target: tcmu: Fix a use after free in tcmu_check_expired_queue_cmd() - [arm*] clk: bcm2835: Fix return type of bcm2835_register_gate - [ppc64el] KVM: Book3S HV: Ignore kmemleak false positives - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION - of: Fix a refcounting bug in __of_attach_node_sysfs() - rxrpc: Adjust /proc/net/rxrpc/calls to display call->debug_id not user_ID - gfs2: Allow lock_nolock mount to specify jid=X - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj - scsi: ufs: Don't update urgent bkops level when toggling auto bkops - [armhf] pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' - geneve: change from tx_error to tx_dropped on missing metadata - lib/zlib: remove outdated and incorrect pre-increment optimization - blktrace: use errno instead of bi_status - blktrace: fix endianness in get_pdu_int() - blktrace: fix endianness for blk_log_remap() - gfs2: fix use-after-free on transaction ail lists - drivers/perf: hisi: Fix wrong value for all counters enable - afs: Fix memory leak in afs_put_sysnames() - ASoC: core: only convert non DPCM link to DPCM link - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet - ASoC: rt5645: Add platform-data for Asus T101HA - [arm64,armhf] drm/sun4i: hdmi ddc clk: Fix size of m divider - [x86] idt: Keep spurious entries unset in system_vectors - net/filter: Permit reading NET in load_bytes_relative when MAC not set - xdp: Fix xsk_generic_xmit errno - [arm64,armhf] usb/xhci-plat: Set PM runtime as active on resume - usb: host: ehci-platform: add a quirk to avoid stuck - usb/ehci-platform: Set PM runtime as active on resume - perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events() - ext4: stop overwrite the errcode in ext4_setup_super - bcache: fix potential deadlock problem in btree_gc_coalesce (CVE-2020-12771) - afs: Fix non-setting of mtime when writing into mmap - afs: afs_write_end() should change i_size under the right lock - block: Fix use-after-free in blkdev_get() - [arm64] hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints - libata: Use per port sync for detach - drm: encoder_slave: fix refcouting error for modules - drm/dp_mst: Reformat drm_dp_check_act_status() a bit - drm/qxl: Use correct notify port address when creating cursor ring - selinux: fix double free - ext4: fix partial cluster initialization when splitting extent - ext4: avoid race conditions when remounting with options that change dax - drm/dp_mst: Increase ACT retry timeout to 3s - block: nr_sects_write(): Disable preemption on seqcount write - mtd: rawnand: Pass a nand_chip object to nand_scan() - mtd: rawnand: Pass a nand_chip object to nand_release() - mtd: rawnand: diskonchip: Fix the probe error path - [armel,armhf] mtd: rawnand: orion: Fix the probe error path - [s390x] fix syscall_get_error for compat processes - [x86] drm/i915: Whitelist context-local timestamp in the gen9 cmdparser - [x86] drm/i915/icl+: Fix hotplug interrupt disabling after storm detection - crypto: algif_skcipher - Cap recv SG list at ctx->used - crypto: algboss - don't wait during notifier callback - kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex - e1000e: Do not wake up the system via WOL if device wakeup is disabled - [mips*] net: octeon: mgmt: Repair filling of RX ring - kretprobe: Prevent triggering kretprobe from within kprobe_flush_task - sched/rt, net: Use CONFIG_PREEMPTION.patch - net: core: device_rename: Use rwsem instead of a seqcount - md: add feature flag MD_FEATURE_RAID0_LAYOUT - [x86] kvm: Move kvm_set_mmio_spte_mask() from x86.c to mmu.c - [x86] kvm: Fix reserved bits related calculation errors caused by MKTME - [x86] KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.131 - net: be more gentle about silly gso requests coming from user - block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed - fanotify: fix ignore mask logic for events on child and on dir - [armhf] mtd: rawnand: marvell: Fix the condition on a return code - net: sched: export __netdev_watchdog_up() - [x86] EDAC/amd64: Add Family 17h Model 30h PCI IDs - [arm64,armhf] i2c: tegra: Cleanup kerneldoc comments - [arm64,armhf] i2c: tegra: Add missing kerneldoc for some fields - [arm64,armhf] i2c: tegra: Fix Maximum transfer size - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 - ALSA: hda/realtek: Enable mute LED on an HP system - ALSA: hda/realtek - Enable micmute LED on and HP system - apparmor: don't try to replace stale label in ptraceme check (Closes: #963493) - [ppc64el] ibmveth: Fix max MTU limit - mld: fix memory leak in ipv6_mc_destroy_dev() - net: bridge: enfore alignment for ethernet address - net: fix memleak in register_netdevice() - net: place xmit recursion in softnet data - net: use correct this_cpu primitive in dev_recursion_level - net: increment xmit_recursion level in dev_direct_xmit() - net: usb: ax88179_178a: fix packet alignment padding - rxrpc: Fix notification call on completion of discarded calls - sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket - tcp: don't ignore ECN CWR on pure ACK - tcp: grow window for OOO packets only for SACK flows - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() - net: phy: Check harder for errors in get_phy_id() - ip_tunnel: fix use-after-free in ip_tunnel_lookup() - sch_cake: don't try to reallocate or unshare skb unconditionally - sch_cake: fix a few style nits - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT - sch_cake: don't call diffserv parsing code when it is not needed - net: Fix the arp error in some cases - net: Do not clear the sock TX queue in sk_set_socket() - net: core: reduce recursion limit value - [arm*] usb: dwc2: Postponed gadget registration to the udc class driver - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 - USB: ehci: reopen solution for Synopsys HC bug - xhci: Poll for U0 after disabling USB2 LPM - [armhf] usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() - ALSA: usb-audio: add quirk for Denon DCD-1500RE - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) - ALSA: usb-audio: Fix OOB access of mixer element list - [s390x] scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action - xhci: Fix incorrect EP_STATE_MASK - xhci: Fix enumeration issue when setting max packet size for FS devices. - xhci: Return if xHCI doesn't support LPM - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip - loop: replace kill_bdev with invalidate_bdev - IB/mad: Fix use after free when destroying MAD agent - cifs/smb3: Fix data inconsistent when punch hole - cifs/smb3: Fix data inconsistent when zero file range - xfrm: Fix double ESP trailer insertion in IPsec crypto offload. - efi/esrt: Fix reference count leak in esre_create_sysfs_entry. - [armhf] regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 - [armhf] ASoC: fsl_ssi: Fix bclk calculation for mono channel - [armhf] dts: Fix duovero smsc interrupt for suspend - regmap: Fix memory leak from regmap_register_patch - rxrpc: Fix handling of rwind from an ACK packet - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 - RDMA/cma: Protect bind_list and listen_list while finding matching cm id - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() - net: qed: fix left elements count calculation - net: qed: fix NVMe login fails over VFs - net: qed: fix excessive QM ILT lines consumption - cxgb4: move handling L2T ARP failures to caller - [armhf] imx5: add missing put_device() call in imx_suspend_alloc_ocram() - netfilter: ipset: fix unaligned atomic access - i2c: core: check returned size of emulated smbus block read - sched/deadline: Initialize ->dl_boosted - sched/core: Fix PI boosting between RT and DEADLINE tasks - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function - net: alx: fix race condition in alx_remove - [s390x] ptrace: fix setting syscall number - [s390x] vdso: fix vDSO clock_getres() - kbuild: improve cc-option to clean up all temporary files - blktrace: break out of blktrace setup on concurrent calls - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table - ALSA: hda/realtek - Add quirk for MSI GE63 laptop - [x86,arm64] ACPI: sysfs: Fix pm_profile_attr type - [x86] KVM: Fix MSR range of APIC registers in X2APIC mode - [x86] KVM: nVMX: Plumb L2 GPA through to PML emulation - [amd64] x86/asm/64: Align start of __clear_user() loop to 16-bytes - btrfs: fix data block group relocation failure due to concurrent scrub - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof - mm/slab: use memzero_explicit() in kzfree() - ocfs2: avoid inode removal while nfsd is accessing it - ocfs2: load global_inode_alloc - ocfs2: fix value of OCFS2_INVALID_SLOT - ocfs2: fix panic on nfs server over ocfs2 - [arm64] perf: Report the PC value in REGS_ABI_32 mode - tracing: Fix event trigger to accept redundant spaces - ring-buffer: Zero out time extend if it is nested and not absolute - drm/radeon: fix fb_div check in ni_init_smc_spll_table() - [x86,arm64] Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() - sunrpc: fixed rollback in rpc_gssd_dummy_populate() - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() - pNFS/flexfiles: Fix list corruption if the mirror count changes - NFSv4 fix CLOSE not waiting for direct IO compeletion - dm writecache: correct uncommitted_block when discarding uncommitted entry - dm writecache: add cond_resched to loop in persistent_memory_claim() - xfs: add agf freeblocks verify in xfs_agf_verify (CVE-2020-12655) - Revert "tty: hvc: Fix data abort due to race in hvc_open" . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Tom Zanussi * nfsd: apply umask on fs without ACL support (Closes: #962254) * [rt] Update to 4.19.120-rt52: - tasklet: Address a race resulting in double-enqueue - hrtimer: fix logic for when grabbing softirq_expiry_lock can be elided * [rt] Update to 4.19.124-rt53 * [rt] Update to 4.19.127-rt55: - fs/dcache: Include swait.h header - mm: slub: Always flush the delayed empty slubs in flush_all() - tasklet: Fix UP case for tasklet CHAINED state * usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect (CVE-2020-15393) . [ Ben Hutchings ] * [rt] Update "net: move xmit_recursion to per-task variable on -RT" to apply on top of "net: place xmit recursion in softnet data" * [rt] Drop "net: Add a mutex around devnet_rename_seq", redundant with "net: Introduce net_rwsem to protect net_namespace_list" * [rt] Drop idle task related parts of "sched: Move mmdrop to RCU on RT", redundant with "sched/core: Fix illegal RCU from offline CPUs" * Bump ABI to 10 . [ YunQiang Su ] * [mips*]: Do not enable MIPS_O32_FP64_SUPPORT, since golang hasn't been migrated to FPXX yet and this breaks the golang packages on Octeon hardware. In turns this disables MSA on 32-bit kernels. . [ Luca Boccassi ] * [cloud] Enable INFINIBAND configs for HyperV/Azure (Closes: #958300) Checksums-Sha1: e6e9e89c31074f6038cb6284ad99277aa3c289b9 191615 linux_4.19.131-1.dsc b768f52e9e299adfb06b2574347a7873342f2b14 107504396 linux_4.19.131.orig.tar.xz 8966171f154876ced4bee4607147762d939b833e 1416572 linux_4.19.131-1.debian.tar.xz 38c1a013fb3385df645440a25bf74ee57b13cd65 6570 linux_4.19.131-1_source.buildinfo Checksums-Sha256: 8a8a67de124ca221589df2351f9a7c68914a15b0a95a09a105a4bfa14c3f612c 191615 linux_4.19.131-1.dsc 2ee5633a829caae6f15ad39137c9ec253fe62f285159d1ad05b509eb68a5bf3e 107504396 linux_4.19.131.orig.tar.xz 87996f7674e0ec50f946590e252245fcca3ad36e3ccc369a3658fafbe0104aef 1416572 linux_4.19.131-1.debian.tar.xz 1a7bbd30da00ff31280ff99c233978d077dd54bcf62f57471fd211a6db86ae92 6570 linux_4.19.131-1_source.buildinfo Files: 6f7396f95c161c48c2352e7187f20e34 191615 kernel optional linux_4.19.131-1.dsc fba640947dc75306fc64e419857be432 107504396 kernel optional linux_4.19.131.orig.tar.xz d7c2fd38c586535374c22b3b08b37f25 1416572 kernel optional linux_4.19.131-1.debian.tar.xz f648fe02f31c10153f7f91524b6f8584 6570 kernel optional linux_4.19.131-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8GrLhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ELecP/RvflRA+i0RqVh/WDQ4WUzFPxFhtB9Cq ZPxPl7DXsJroAhePEQ3aEhypSoSVjjx4JT5tfbH5ckh4cfJkBJNNE83eczKjUmW9 YsETIUrS7cMdLmJyethpL+yhojBETPB+Zqc/W2NA8irTYQ41H2M02Siag7DYL23E Jw/KhYPNCOlZF8uKR5MpgPbOCFrvCDUr0OyHsxjzt8TO0irDTpeaWC8gZb1r5EqM 0iqvGkedl2GkN6+Z6HCkk0jFsuIMnl1s/KJjAgQpmsXxKVEdQP/B4i59BqsujATo 2wHq6vMoyztpS+hdHgB7vvvactHPXXezBVrLBB2ONeJUOeDHk98sL2PiDGKeWC+d 5jBK1PgbMiIbE70eKCn/VsNTXSbrVXZJ+vNz98bU3+NoGUh+6pYqmybkmG1hFtP7 jVWQfGtVx8+iPaWqkIh4cUKX/yKSHXKybVALv2J3+T3CxyRppPUBVJpjgSbTnR1m JjvyBNOdLfc34Efzo40IFCzit7O3oJCVNbSzpHIEOvy42fe5FB8jm7jEfOGLBTe2 vPVj66LO2ALldeB7SPkgpUv0UXSixPpThzE63C9RyYxujc+kdvDR+xaoORlRIytV AwXkBwMdUHxhy79g4Dr/9HpIDM27mH5gclxZ7i/eCRpRCW2uyRBVQJVXv48NOVWD Ud6DIIvNB6yQ =Ebyr -----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>
:
You have taken responsibility.
(Fri, 10 Jul 2020 20:12:14 GMT) (full text, mbox, link).
Notification sent
to John Goerzen <jgoerzen@complete.org>
:
Bug acknowledged by developer.
(Fri, 10 Jul 2020 20:12:14 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.