[PATCH 4.13 0/2] 4.13.7-stable review

[PATCH 4.13 0/2] 4.13.7-stable review

[Greg Kroah-Hartman]

This is the start of the stable review cycle for the 4.13.7 release.
There are 2 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Sat Oct 14 21:25:27 UTC 2017.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.13.7-rc1.gz
or in the git tree and branch at:
  git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.13.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 4.13.7-rc1

Kees Cook <keescook@chromium.org>
    waitid(): Add missing access_ok() checks

Wim Van Sebroeck <wim@iguana.be>
    watchdog: Revert "iTCO_wdt: all versions count down twice"


-------------

Diffstat:

 Documentation/watchdog/watchdog-parameters.txt |  2 +-
 Makefile                                       |  4 ++--
 drivers/watchdog/iTCO_wdt.c                    | 22 ++++++++++++----------
 kernel/exit.c                                  |  6 ++++++
 4 files changed, 21 insertions(+), 13 deletions(-)

[PATCH 4.13 1/2] watchdog: Revert "iTCO_wdt: all versions count down twice"

[Greg Kroah-Hartman]

4.13-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Wim Van Sebroeck <wim@iguana.be>

commit fc61e83a29308601e6e8a0759e24fc8fe2122692 upstream.

This reverts commit 1fccb73011ea8a5fa0c6d357c33fa29c695139ea.
Reported as Bug 196509 - iTCO_wdt regression reboot before timeout expire

Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Cc: Martin Wilck <mwilck@suse.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 Documentation/watchdog/watchdog-parameters.txt |    2 +-
 drivers/watchdog/iTCO_wdt.c                    |   22 ++++++++++++----------
 2 files changed, 13 insertions(+), 11 deletions(-)

--- a/Documentation/watchdog/watchdog-parameters.txt
+++ b/Documentation/watchdog/watchdog-parameters.txt
@@ -117,7 +117,7 @@ nowayout: Watchdog cannot be stopped onc
 -------------------------------------------------
 iTCO_wdt:
 heartbeat: Watchdog heartbeat in seconds.
-	(5<=heartbeat<=74 (TCO v1) or 1226 (TCO v2), default=30)
+	(2<heartbeat<39 (TCO v1) or 613 (TCO v2), default=30)
 nowayout: Watchdog cannot be stopped once started
 	(default=kernel config parameter)
 -------------------------------------------------
--- a/drivers/watchdog/iTCO_wdt.c
+++ b/drivers/watchdog/iTCO_wdt.c
@@ -306,15 +306,16 @@ static int iTCO_wdt_ping(struct watchdog
 
 	iTCO_vendor_pre_keepalive(p->smi_res, wd_dev->timeout);
 
-	/* Reset the timeout status bit so that the timer
-	 * needs to count down twice again before rebooting */
-	outw(0x0008, TCO1_STS(p));	/* write 1 to clear bit */
-
 	/* Reload the timer by writing to the TCO Timer Counter register */
-	if (p->iTCO_version >= 2)
+	if (p->iTCO_version >= 2) {
 		outw(0x01, TCO_RLD(p));
-	else if (p->iTCO_version == 1)
+	} else if (p->iTCO_version == 1) {
+		/* Reset the timeout status bit so that the timer
+		 * needs to count down twice again before rebooting */
+		outw(0x0008, TCO1_STS(p));	/* write 1 to clear bit */
+
 		outb(0x01, TCO_RLD(p));
+	}
 
 	spin_unlock(&p->io_lock);
 	return 0;
@@ -327,8 +328,11 @@ static int iTCO_wdt_set_timeout(struct w
 	unsigned char val8;
 	unsigned int tmrval;
 
-	/* The timer counts down twice before rebooting */
-	tmrval = seconds_to_ticks(p, t) / 2;
+	tmrval = seconds_to_ticks(p, t);
+
+	/* For TCO v1 the timer counts down twice before rebooting */
+	if (p->iTCO_version == 1)
+		tmrval /= 2;
 
 	/* from the specs: */
 	/* "Values of 0h-3h are ignored and should not be attempted" */
@@ -381,8 +385,6 @@ static unsigned int iTCO_wdt_get_timelef
 		spin_lock(&p->io_lock);
 		val16 = inw(TCO_RLD(p));
 		val16 &= 0x3ff;
-		if (!(inw(TCO1_STS(p)) & 0x0008))
-			val16 += (inw(TCOv2_TMR(p)) & 0x3ff);
 		spin_unlock(&p->io_lock);
 
 		time_left = ticks_to_seconds(p, val16);

[PATCH 4.13 2/2] waitid(): Add missing access_ok() checks

[Greg Kroah-Hartman]

4.13-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Kees Cook <keescook@chromium.org>

commit 96ca579a1ecc943b75beba58bebb0356f6cc4b51 upstream.

Adds missing access_ok() checks.

CVE-2017-5123

Reported-by: Chris Salls <chrissalls5@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Fixes: 4c48abe91be0 ("waitid(): switch copyout of siginfo to unsafe_put_user()")
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/exit.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1611,6 +1611,9 @@ SYSCALL_DEFINE5(waitid, int, which, pid_
 	if (!infop)
 		return err;
 
+	if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
+		goto Efault;
+
 	user_access_begin();
 	unsafe_put_user(signo, &infop->si_signo, Efault);
 	unsafe_put_user(0, &infop->si_errno, Efault);
@@ -1736,6 +1739,9 @@ COMPAT_SYSCALL_DEFINE5(waitid,
 	if (!infop)
 		return err;
 
+	if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
+		goto Efault;
+
 	user_access_begin();
 	unsafe_put_user(signo, &infop->si_signo, Efault);
 	unsafe_put_user(0, &infop->si_errno, Efault);

Re: [PATCH 4.13 0/2] 4.13.7-stable review

[Shuah Khan]

On 10/12/2017 03:26 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.13.7 release.
> There are 2 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sat Oct 14 21:25:27 UTC 2017.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.13.7-rc1.gz
> or in the git tree and branch at:
>   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.13.y
> and the diffstat can be found below.
> 

Compiled and booted on my test system. No dmesg regressions. 
kselftest run regression since 4.13.6

selftests: posix_timers

selftests: raw_skew
========================================
not ok 1..7 selftests:  raw_skew [FAIL]

No idea why yet. cc'ing John Stultz to see if he has any ideas.

thanks,
-- Shuah

Re: [PATCH 4.13 0/2] 4.13.7-stable review

[John Stultz]

On Thu, Oct 12, 2017 at 4:45 PM, Shuah Khan <shuahkh@osg.samsung.com> wrote:
> On 10/12/2017 03:26 PM, Greg Kroah-Hartman wrote:
>> This is the start of the stable review cycle for the 4.13.7 release.
>> There are 2 patches in this series, all will be posted as a response
>> to this one.  If anyone has any issues with these being applied, please
>> let me know.
>>
>> Responses should be made by Sat Oct 14 21:25:27 UTC 2017.
>> Anything received after that time might be too late.
>>
>> The whole patch series can be found in one patch at:
>>       kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.13.7-rc1.gz
>> or in the git tree and branch at:
>>   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.13.y
>> and the diffstat can be found below.
>>
>
> Compiled and booted on my test system. No dmesg regressions.
> kselftest run regression since 4.13.6
>
> selftests: posix_timers
>
> selftests: raw_skew
> ========================================
> not ok 1..7 selftests:  raw_skew [FAIL]

Hrm... Did raw_skew provide any other output?

Also, did you turn ntpd off before running?

-john

Re: [PATCH 4.13 0/2] 4.13.7-stable review

[Greg Kroah-Hartman]

On Thu, Oct 12, 2017 at 05:45:01PM -0600, Shuah Khan wrote:
> On 10/12/2017 03:26 PM, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 4.13.7 release.
> > There are 2 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Sat Oct 14 21:25:27 UTC 2017.
> > Anything received after that time might be too late.
> > 
> > The whole patch series can be found in one patch at:
> > 	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.13.7-rc1.gz
> > or in the git tree and branch at:
> >   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.13.y
> > and the diffstat can be found below.
> > 
> 
> Compiled and booted on my test system. No dmesg regressions. 
> kselftest run regression since 4.13.6
> 
> selftests: posix_timers
> 
> selftests: raw_skew
> ========================================
> not ok 1..7 selftests:  raw_skew [FAIL]
> 
> No idea why yet. cc'ing John Stultz to see if he has any ideas.

That's odd, given the small number of patches here...

thanks for testing.

greg k-h

Re: [PATCH 4.13 0/2] 4.13.7-stable review

[Guenter Roeck]

On 10/12/2017 02:26 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.13.7 release.
> There are 2 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sat Oct 14 21:25:27 UTC 2017.
> Anything received after that time might be too late.
> 

Build results:
	total: 145 pass: 145 fail: 0
Qemu test results:
	total: 123 pass: 123 fail: 0

Details are available at http://kerneltests.org/builders.

Guenter

Re: [PATCH 4.13 0/2] 4.13.7-stable review

[Greg Kroah-Hartman]

On Fri, Oct 13, 2017 at 05:41:02AM -0700, Guenter Roeck wrote:
> On 10/12/2017 02:26 PM, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 4.13.7 release.
> > There are 2 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Sat Oct 14 21:25:27 UTC 2017.
> > Anything received after that time might be too late.
> > 
> 
> Build results:
> 	total: 145 pass: 145 fail: 0
> Qemu test results:
> 	total: 123 pass: 123 fail: 0
> 
> Details are available at http://kerneltests.org/builders.

Wonderful, thanks for testing and letting me know.

greg k-h

Re: [PATCH 4.13 0/2] 4.13.7-stable review

[Shuah Khan]

On 10/12/2017 06:09 PM, John Stultz wrote:
> On Thu, Oct 12, 2017 at 4:45 PM, Shuah Khan <shuahkh@osg.samsung.com> wrote:
>> On 10/12/2017 03:26 PM, Greg Kroah-Hartman wrote:
>>> This is the start of the stable review cycle for the 4.13.7 release.
>>> There are 2 patches in this series, all will be posted as a response
>>> to this one.  If anyone has any issues with these being applied, please
>>> let me know.
>>>
>>> Responses should be made by Sat Oct 14 21:25:27 UTC 2017.
>>> Anything received after that time might be too late.
>>>
>>> The whole patch series can be found in one patch at:
>>>       kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.13.7-rc1.gz
>>> or in the git tree and branch at:
>>>   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.13.y
>>> and the diffstat can be found below.
>>>
>>
>> Compiled and booted on my test system. No dmesg regressions.
>> kselftest run regression since 4.13.6
>>
>> selftests: posix_timers
>>
>> selftests: raw_skew
>> ========================================
>> not ok 1..7 selftests:  raw_skew [FAIL]
> 
> Hrm... Did raw_skew provide any other output?
> 
> Also, did you turn ntpd off before running?
> 
> -john
> 

John/Greg,

Here is the detailed report fromn this test. I didn't disable ntpd.

WARNING: ADJ_OFFSET in progress, this will cause inaccurate results
Estimating clock drift: -16.319(est) -8.913(act)	[FAILED]
Bail out!
Pass 0 Fail 0 Xfail 0 Xpass 0 Skip 0 Error 0
1..0

I can keep on eye on this. Not a show stopper for releasing the rc.

thanks,
-- Shuah

Re: [PATCH 4.13 0/2] 4.13.7-stable review

[Shuah Khan]

On 10/13/2017 08:05 AM, Shuah Khan wrote:
> On 10/12/2017 06:09 PM, John Stultz wrote:
>> On Thu, Oct 12, 2017 at 4:45 PM, Shuah Khan <shuahkh@osg.samsung.com> wrote:
>>> On 10/12/2017 03:26 PM, Greg Kroah-Hartman wrote:
>>>> This is the start of the stable review cycle for the 4.13.7 release.
>>>> There are 2 patches in this series, all will be posted as a response
>>>> to this one.  If anyone has any issues with these being applied, please
>>>> let me know.
>>>>
>>>> Responses should be made by Sat Oct 14 21:25:27 UTC 2017.
>>>> Anything received after that time might be too late.
>>>>
>>>> The whole patch series can be found in one patch at:
>>>>       kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.13.7-rc1.gz
>>>> or in the git tree and branch at:
>>>>   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.13.y
>>>> and the diffstat can be found below.
>>>>
>>>
>>> Compiled and booted on my test system. No dmesg regressions.
>>> kselftest run regression since 4.13.6
>>>
>>> selftests: posix_timers
>>>
>>> selftests: raw_skew
>>> ========================================
>>> not ok 1..7 selftests:  raw_skew [FAIL]
>>
>> Hrm... Did raw_skew provide any other output?
>>
>> Also, did you turn ntpd off before running?
>>
>> -john
>>
> 
> John/Greg,
> 
> Here is the detailed report fromn this test. I didn't disable ntpd.
> 
> WARNING: ADJ_OFFSET in progress, this will cause inaccurate results
> Estimating clock drift: -16.319(est) -8.913(act)	[FAILED]
> Bail out!
> Pass 0 Fail 0 Xfail 0 Xpass 0 Skip 0 Error 0
> 1..0
> 
> I can keep on eye on this. Not a show stopper for releasing the rc.
> 

Odd. Doesn't fail on 4.14-rc4 and 4.13.6. I will try to isolate the
problem. Definitely follows 4.13-rc7

thanks,
-- Shuah

Re: [PATCH 4.13 0/2] 4.13.7-stable review

[John Stultz]

On Fri, Oct 13, 2017 at 7:05 AM, Shuah Khan <shuahkh@osg.samsung.com> wrote:
> On 10/12/2017 06:09 PM, John Stultz wrote:
>> On Thu, Oct 12, 2017 at 4:45 PM, Shuah Khan <shuahkh@osg.samsung.com> wrote:
>>> On 10/12/2017 03:26 PM, Greg Kroah-Hartman wrote:
>>>> This is the start of the stable review cycle for the 4.13.7 release.
>>>> There are 2 patches in this series, all will be posted as a response
>>>> to this one.  If anyone has any issues with these being applied, please
>>>> let me know.
>>>>
>>>> Responses should be made by Sat Oct 14 21:25:27 UTC 2017.
>>>> Anything received after that time might be too late.
>>>>
>>>> The whole patch series can be found in one patch at:
>>>>       kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.13.7-rc1.gz
>>>> or in the git tree and branch at:
>>>>   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.13.y
>>>> and the diffstat can be found below.
>>>>
>>>
>>> Compiled and booted on my test system. No dmesg regressions.
>>> kselftest run regression since 4.13.6
>>>
>>> selftests: posix_timers
>>>
>>> selftests: raw_skew
>>> ========================================
>>> not ok 1..7 selftests:  raw_skew [FAIL]
>>
>> Hrm... Did raw_skew provide any other output?
>>
>> Also, did you turn ntpd off before running?
>>
>> -john
>>
>
> John/Greg,
>
> Here is the detailed report fromn this test. I didn't disable ntpd.
>
> WARNING: ADJ_OFFSET in progress, this will cause inaccurate results

So this warning means someone is adjusting the clock while the test is running.
Can you insure you are running the test with ntpd/chrony(/whatever
systemd's time sync is) turned off?

thanks
-john

Re: [PATCH 4.13 2/2] waitid(): Add missing access_ok() checks

[David Daney]

On 10/12/2017 02:26 PM, Greg Kroah-Hartman wrote:
> 4.13-stable review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> From: Kees Cook <keescook@chromium.org>
> 
> commit 96ca579a1ecc943b75beba58bebb0356f6cc4b51 upstream.
> 
> Adds missing access_ok() checks.
> 
> CVE-2017-5123
> 
> Reported-by: Chris Salls <chrissalls5@gmail.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Acked-by: Al Viro <viro@zeniv.linux.org.uk>
> Fixes: 4c48abe91be0 ("waitid(): switch copyout of siginfo to unsafe_put_user()")
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> 
> ---
>   kernel/exit.c |    6 ++++++
>   1 file changed, 6 insertions(+)
> 
> --- a/kernel/exit.c
> +++ b/kernel/exit.c
> @@ -1611,6 +1611,9 @@ SYSCALL_DEFINE5(waitid, int, which, pid_
>   	if (!infop)
>   		return err;
>   
> +	if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
> +		goto Efault;

Not to be a pedant, but...

In the case that access_ok() fails, we invoke user_access_end() at the 
goto target without first invoking user_access_begin().  On x86 this 
imbalance is probably not a problem.

For other architectures that may want to implement 
user_access_{begin,end}() in the future, I think we should either 
specify that unbalanced calls to these two functions are expected and 
must work, or balance them here and specify that they must be balanced.


Thanks,
David Daney