lineage-22.0
5082 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
509ddbb2b8 |
Merge f976d964a6 ("Input: adp5589-keys - fix adp5589_gpio_get_value()") into android12-5.10-lts
Steps on the way to 5.10.227 Resolves merge conflicts in: fs/nfsd/nfs4xdr.c fs/nfsd/vfs.c Change-Id: I8ed4156759977aa5c53d577990f4b72e61530ebf Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
b48eba851f |
Merge 1ebfa66638 ("drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream") into android12-5.10-lts
Steps on the way to 5.10.227 Change-Id: I5e69192f2ecbbda523c18c2749bb1f181837e99c Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
6136b834d6 |
Merge cdd86fb75f ("net/mlx5: Added cond_resched() to crdump collection") into android12-5.10-lts
Steps on the way to 5.10.227 Change-Id: I780b041f7c72ac3204110981ba8c0ce36764d971 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
9e57ad4546 |
Merge 0ce9d89343 ("clk: ti: dra7-atl: Fix leak of of_nodes") into android12-5.10-lts
Steps on the way to 5.10.226 Resolves merge conflicts in: drivers/dma-buf/heaps/heap-helpers.c drivers/usb/dwc3/core.h fs/ext4/inline.c Change-Id: Id7ab496884e549fc85b6fff8254fb56d6785d78c Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Tetsuo Handa
|
68e579316c |
tomoyo: fallback to realpath if symlink's pathname does not exist
commit ada1986d07976d60bed5017aa38b7f7cf27883f7 upstream. Alfred Agrell found that TOMOYO cannot handle execveat(AT_EMPTY_PATH) inside chroot environment where /dev and /proc are not mounted, for commit |
||
Adrian Ratiu
|
47be40b698 |
proc: add config & param to block forcing mem writes
[ Upstream commit 41e8149c8892ed1962bd15350b3c3e6e90cba7f4 ] This adds a Kconfig option and boot param to allow removing the FOLL_FORCE flag from /proc/pid/mem write calls because it can be abused. The traditional forcing behavior is kept as default because it can break GDB and some other use cases. Previously we tried a more sophisticated approach allowing distributions to fine-tune /proc/pid/mem behavior, however that got NAK-ed by Linus [1], who prefers this simpler approach with semantics also easier to understand for users. Link: https://lore.kernel.org/lkml/CAHk-=wiGWLChxYmUA5HrT5aopZrB7_2VTa0NLZcxORgkUe5tEQ@mail.gmail.com/ [1] Cc: Doug Anderson <dianders@chromium.org> Cc: Jeff Xu <jeffxu@google.com> Cc: Jann Horn <jannh@google.com> Cc: Kees Cook <kees@kernel.org> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Christian Brauner <brauner@kernel.org> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com> Link: https://lore.kernel.org/r/20240802080225.89408-1-adrian.ratiu@collabora.com Signed-off-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Scott Mayhew
|
2dbc4b7bac |
selinux,smack: don't bypass permissions check in inode_setsecctx hook
commit 76a0e79bc84f466999fa501fce5bf7a07641b8a7 upstream. Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm() states: * This function requires the caller to lock the inode's i_mutex before it * is executed. It also assumes that the caller will make the appropriate * permission checks. nfsd_setattr() does do permissions checking via fh_verify() and nfsd_permission(), but those don't do all the same permissions checks that are done by security_inode_setxattr() and its related LSM hooks do. Since nfsd_setattr() is the only consumer of security_inode_setsecctx(), simplest solution appears to be to replace the call to __vfs_setxattr_noperm() with a call to __vfs_setxattr_locked(). This fixes the above issue and has the added benefit of causing nfsd to recall conflicting delegations on a file when a client tries to change its security label. Cc: stable@kernel.org Reported-by: Marek Gresko <marek.gresko@protonmail.com> Link: https://bugzilla.kernel.org/show_bug.cgi?id=218809 Signed-off-by: Scott Mayhew <smayhew@redhat.com> Tested-by: Stephen Smalley <stephen.smalley.work@gmail.com> Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com> Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com> [Shivani: Modified to apply on v5.10.y] Signed-off-by: Shivani Agarwal <shivani.agarwal@broadcom.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Jiawei Ye
|
c4227a38ab |
smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso
[ Upstream commit 2749749afa071f8a0e405605de9da615e771a7ce ]
In the `smk_set_cipso` function, the `skp->smk_netlabel.attr.mls.cat`
field is directly assigned to a new value without using the appropriate
RCU pointer assignment functions. According to RCU usage rules, this is
illegal and can lead to unpredictable behavior, including data
inconsistencies and impossible-to-diagnose memory corruption issues.
This possible bug was identified using a static analysis tool developed
by myself, specifically designed to detect RCU-related issues.
To address this, the assignment is now done using rcu_assign_pointer(),
which ensures that the pointer assignment is done safely, with the
necessary memory barriers and synchronization. This change prevents
potential RCU dereference issues by ensuring that the `cat` field is
safely updated while still adhering to RCU's requirements.
Fixes: 0817534ff9ea ("smackfs: Fix use-after-free in netlbl_catmap_walk()")
Signed-off-by: Jiawei Ye <jiawei.ye@foxmail.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
7d3ca1ed3f |
This is the 5.10.226 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmbiry8ACgkQONu9yGCS
aT6N3g//bWYo3l5q543ygloK7UBTkuyJFWb0ENBbu0J9qlnYaSeKDvqjmMUPBHKi
ZCAzL5nHmAfPMSbjRnltsl54Z7X69264BNLv62M86VnGVDrD7Y93Sn+Ts9jJoTYR
k97HrSojKsqrC2MZLaLuDnoeReoHpeAn4rwIs8mAaApxv48NfRh65KRkipkkRi0N
S7UXC82a8NyjF9wQaB2+Cdt2S0SD2706074X/0jXBAM3YR+5lF3NFgXylmUULTWi
kmCCauGhvfsR9vGIXBAYfX/thF3FSuffJjrWQ3i3/v75PyfoLZ4CruRGXIKM5UBN
TDEqx1Fx+fDXjgH07DYjFLBxQnv9wTgAtflXJj4qfaULO3NonBZHW3xIBe8foO2b
6858JdPcSA2LJ1wUxTc8BuYzgiwz5aCbGa0cLJCyJKYhJXGToweFyDM1nS2V66MD
TF43J/8zv9OAbj6TIT8WisfCgDMIIeMg/RsoaduGZViEN2Sg46XHN4ciZ7eakJOq
j3JFaAan+WPDlYpBLv1tCz+e6IDexugnbP43+E+eY8Xl6UDKUaXd3NiT728W84ll
0KULycqOteiFy7KN6NJx0oLA3YarQciatRm99zA8pnBBvqy0yJXYxWxmmaSQiGo+
VvNTrz6uc+ISP9TJfuPm8KH7NwQVhrjsndXaW2HWgoQ+fWgSZjU=
=abQi
-----END PGP SIGNATURE-----
Merge 5.10.226 into android12-5.10-lts
Changes in 5.10.226
drm: panel-orientation-quirks: Add quirk for OrangePi Neo
ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown
ALSA: hda/conexant: Mute speakers at suspend / shutdown
i2c: Fix conditional for substituting empty ACPI functions
dma-debug: avoid deadlock between dma debug vs printk and netconsole
net: usb: qmi_wwan: add MeiG Smart SRM825L
drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
drm/amdgpu: fix overflowed array index read warning
drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
drm/amd/pm: fix warning using uninitialized value of max_vid_step
drm/amd/pm: fix the Out-of-bounds read warning
drm/amdgpu: fix uninitialized scalar variable warning
drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
drm/amdgpu: avoid reading vf2pf info size from FB
drm/amd/display: Check gpio_id before used as array index
drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
drm/amd/display: Add array index check for hdcp ddc access
drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
drm/amd/display: Check msg_id before processing transcation
drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create
drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
drm/amdgpu: Fix out-of-bounds write warning
drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
drm/amdgpu: fix ucode out-of-bounds read warning
drm/amdgpu: fix mc_data out-of-bounds read warning
drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device
apparmor: fix possible NULL pointer dereference
drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs
drm/amdgpu: the warning dereferencing obj for nbio_v7_4
drm/amd/pm: check negtive return for table entries
wifi: iwlwifi: remove fw_running op
PCI: al: Check IORESOURCE_BUS existence during probe
hwspinlock: Introduce hwspin_lock_bust()
ionic: fix potential irq name truncation
usbip: Don't submit special requests twice
usb: typec: ucsi: Fix null pointer dereference in trace
fsnotify: clear PARENT_WATCHED flags lazily
smack: tcp: ipv4, fix incorrect labeling
drm/meson: plane: Add error handling
wifi: cfg80211: make hash table duplicates more survivable
block: remove the blk_flush_integrity call in blk_integrity_unregister
drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
media: uvcvideo: Enforce alignment of frame and interval
block: initialize integrity buffer to zero before writing it to media
drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode
net: set SOCK_RCU_FREE before inserting socket into hashtable
virtio_net: Fix napi_skb_cache_put warning
rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
udf: Limit file size to 4TB
ext4: handle redirtying in ext4_bio_write_page()
i2c: Use IS_REACHABLE() for substituting empty ACPI functions
bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt
sch/netem: fix use after free in netem_dequeue
ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices
ALSA: hda/realtek: add patch for internal mic in Lenovo V145
ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
ata: libata: Fix memory leak for error path in ata_host_alloc()
irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE"
Bluetooth: MGMT: Ignore keys being loaded with invalid type
mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
mmc: sdhci-of-aspeed: fix module autoloading
fuse: update stats for pages in dropped aux writeback list
fuse: use unsigned type for getxattr/listxattr size truncation
clk: qcom: clk-alpha-pll: Fix the pll post div mask
clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
tracing: Avoid possible softlockup in tracing_iter_reset()
ila: call nf_unregister_net_hooks() sooner
sched: sch_cake: fix bulk flow accounting logic for host fairness
nilfs2: fix missing cleanup on rollforward recovery error
nilfs2: fix state management in error path of log writing function
btrfs: fix use-after-free after failure to create a snapshot
mptcp: pr_debug: add missing \n at the end
mptcp: pm: avoid possible UaF when selecting endp
nfsd: move reply cache initialization into nfsd startup
nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net
NFSD: Refactor nfsd_reply_cache_free_locked()
NFSD: Rename nfsd_reply_cache_alloc()
NFSD: Replace nfsd_prune_bucket()
NFSD: Refactor the duplicate reply cache shrinker
NFSD: simplify error paths in nfsd_svc()
NFSD: Rewrite synopsis of nfsd_percpu_counters_init()
NFSD: Fix frame size warning in svc_export_parse()
sunrpc: don't change ->sv_stats if it doesn't exist
nfsd: stop setting ->pg_stats for unused stats
sunrpc: pass in the sv_stats struct through svc_create_pooled
sunrpc: remove ->pg_stats from svc_program
sunrpc: use the struct net as the svc proc private
nfsd: rename NFSD_NET_* to NFSD_STATS_*
nfsd: expose /proc/net/sunrpc/nfsd in net namespaces
nfsd: make all of the nfsd stats per-network namespace
nfsd: remove nfsd_stats, make th_cnt a global counter
nfsd: make svc_stat per-network namespace instead of global
ALSA: hda: Add input value sanity checks to HDMI channel map controls
smack: unix sockets: fix accept()ed socket label
irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
af_unix: Remove put_pid()/put_cred() in copy_peercred().
iommu: sun50i: clear bypass register
netfilter: nf_conncount: fix wrong variable type
udf: Avoid excessive partition lengths
media: vivid: fix wrong sizeimage value for mplane
leds: spi-byte: Call of_node_put() on error path
wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
usb: uas: set host status byte on data completion error
media: vivid: don't set HDMI TX controls if there are no HDMI outputs
PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
pcmcia: Use resource_size function on resource object
can: bcm: Remove proc entry when dev is unregistered.
igb: Fix not clearing TimeSync interrupts for 82580
svcrdma: Catch another Reply chunk overflow case
platform/x86: dell-smbios: Fix error path in dell_smbios_init()
tcp_bpf: fix return value of tcp_bpf_sendmsg()
igc: Unlock on error in igc_io_resume()
drivers/net/usb: Remove all strcpy() uses
net: usb: don't write directly to netdev->dev_addr
usbnet: modern method to get random MAC
bareudp: Fix device stats updates.
fou: remove sparse errors
gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers
gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers
fou: Fix null-ptr-deref in GRO.
net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
net: dsa: vsc73xx: fix possible subblocks range of CAPT block
ASoC: topology: Properly initialize soc_enum values
dm init: Handle minors larger than 255
iommu/vt-d: Handle volatile descriptor status read
cgroup: Protect css->cgroup write under css_set_lock
um: line: always fill *error_out in setup_one_line()
devres: Initialize an uninitialized struct member
pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
hwmon: (adc128d818) Fix underflows seen when writing limit attributes
hwmon: (lm95234) Fix underflows seen when writing limit attributes
hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
btrfs: replace BUG_ON with ASSERT in walk_down_proc()
btrfs: clean up our handling of refs == 0 in snapshot delete
PCI: Add missing bridge lock to pci_bus_lock()
net: dpaa: avoid on-stack arrays of NR_CPUS elements
kselftests: dmabuf-heaps: Ensure the driver name is null-terminated
btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry()
s390/vmlinux.lds.S: Move ro_after_init section behind rodata section
HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
Input: uinput - reject requests with unreasonable number of slots
usbnet: ipheth: race between ipheth_close and error handling
Squashfs: sanity check symbolic link size
of/irq: Prevent device address out-of-bounds read in interrupt map walk
lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
ata: pata_macio: Use WARN instead of BUG
NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations
staging: iio: frequency: ad9834: Validate frequency parameter value
iio: buffer-dmaengine: fix releasing dma channel on error
iio: fix scale application in iio_convert_raw_to_processed_unlocked
iio: adc: ad7124: fix chip ID mismatch
binder: fix UAF caused by offsets overwrite
nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX
clocksource/drivers/imx-tpm: Fix next event not taking effect sometime
clocksource/drivers/timer-of: Remove percpu irq related code
uprobes: Use kzalloc to allocate xol area
perf/aux: Fix AUX buffer serialization
nilfs2: replace snprintf in show functions with sysfs_emit
nilfs2: protect references to superblock parameters exposed in sysfs
ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add()
ACPI: processor: Fix memory leaks in error paths of processor_add()
arm64: acpi: Move get_cpu_for_acpi_id() to a header
arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
nvmet-tcp: fix kernel crash if commands allocation fails
drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
drm/i915/fence: Mark debug_fence_free() with __maybe_unused
mmc: cqhci: Fix checking of CQHCI_HALT state
rtmutex: Drop rt_mutex::wait_lock before scheduling
x86/mm: Fix PTI for i386 some more
net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
memcg: protect concurrent access to mem_cgroup_idr
Linux 5.10.226
Change-Id: I3c0afd32ba78775f67cde6d73b4dbf931bbc4770
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
b22678f8ef |
Merge ddee5b4b6a ("mptcp: pm: avoid possible UaF when selecting endp") into android12-5.10-lts
Steps on the way to 5.10.226 Change-Id: I4ee8b8e793b6ecb98c7078125d994b46b1165c2e Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Konstantin Andreev
|
500e4bf673 |
smack: unix sockets: fix accept()ed socket label
[ Upstream commit e86cac0acdb1a74f608bacefe702f2034133a047 ] When a process accept()s connection from a unix socket (either stream or seqpacket) it gets the socket with the label of the connecting process. For example, if a connecting process has a label 'foo', the accept()ed socket will also have 'in' and 'out' labels 'foo', regardless of the label of the listener process. This is because kernel creates unix child sockets in the context of the connecting process. I do not see any obvious way for the listener to abuse alien labels coming with the new socket, but, to be on the safe side, it's better fix new socket labels. Signed-off-by: Konstantin Andreev <andreev@swemel.ru> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Casey Schaufler
|
a948ec9935 |
smack: tcp: ipv4, fix incorrect labeling
[ Upstream commit 2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550 ]
Currently, Smack mirrors the label of incoming tcp/ipv4 connections:
when a label 'foo' connects to a label 'bar' with tcp/ipv4,
'foo' always gets 'foo' in returned ipv4 packets. So,
1) returned packets are incorrectly labeled ('foo' instead of 'bar')
2) 'bar' can write to 'foo' without being authorized to write.
Here is a scenario how to see this:
* Take two machines, let's call them C and S,
with active Smack in the default state
(no settings, no rules, no labeled hosts, only builtin labels)
* At S, add Smack rule 'foo bar w'
(labels 'foo' and 'bar' are instantiated at S at this moment)
* At S, at label 'bar', launch a program
that listens for incoming tcp/ipv4 connections
* From C, at label 'foo', connect to the listener at S.
(label 'foo' is instantiated at C at this moment)
Connection succeedes and works.
* Send some data in both directions.
* Collect network traffic of this connection.
All packets in both directions are labeled with the CIPSO
of the label 'foo'. Hence, label 'bar' writes to 'foo' without
being authorized, and even without ever being known at C.
If anybody cares: exactly the same happens with DCCP.
This behavior 1st manifested in release 2.6.29.4 (see Fixes below)
and it looks unintentional. At least, no explanation was provided.
I changed returned packes label into the 'bar',
to bring it into line with the Smack documentation claims.
Signed-off-by: Konstantin Andreev <andreev@swemel.ru>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Leesoo Ahn
|
52338a3aa7 |
apparmor: fix possible NULL pointer dereference
[ Upstream commit 3dd384108d53834002be5630132ad5c3f32166ad ] profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? find_vma+0x34/0x60 ? bad_area_nosemaphore+0x16/0x30 ? do_user_addr_fault+0x2a2/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 policy_update+0xe3/0x180 profile_load+0xbc/0x150 ? rw_verify_area+0x47/0x140 vfs_write+0x100/0x480 ? __x64_sys_openat+0x55/0xa0 ? syscall_exit_to_user_mode+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Signed-off-by: Leesoo Ahn <lsahn@ooseel.net> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
4951c68022 |
Merge 5.10.225 into android12-5.10-lts
Changes in 5.10.225 fuse: Initialize beyond-EOF page contents before setting uptodate ALSA: usb-audio: Support Yamaha P-125 quirk entry xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration thunderbolt: Mark XDomain as unplugged when router is removed s390/dasd: fix error recovery leading to data corruption on ESE devices arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE dm resume: don't return EINVAL when signalled dm persistent data: fix memory allocation failure vfs: Don't evict inode under the inode lru traversing context bitmap: introduce generic optimized bitmap_size() fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE selinux: fix potential counting error in avc_add_xperms_decision() btrfs: tree-checker: add dev extent item checks drm/amdgpu: Actually check flags for all context ops. memcg_write_event_control(): fix a user-triggerable oops drm/amdgpu/jpeg2: properly set atomics vmid field s390/cio: rename bitmap_size() -> idset_bitmap_size() btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() s390/uv: Panic for set and remove shared access UVC errors net/mlx5e: Correctly report errors for ethtool rx flows atm: idt77252: prevent use after free in dequeue_rx() net: axienet: Fix register defines comment description net: dsa: vsc73xx: pass value in phy_write operation net: dsa: vsc73xx: use read_poll_timeout instead delay loop net: dsa: vsc73xx: check busy flag in MDIO operations mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size netfilter: flowtable: initialise extack before use net: hns3: fix wrong use of semaphore up net: hns3: fix a deadlock problem when config TC during resetting ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 ssb: Fix division by zero issue in ssb_calc_clock_rate wifi: mac80211: fix BA session teardown race wifi: cw1200: Avoid processing an invalid TIM IE i2c: riic: avoid potential division by zero RDMA/rtrs: Fix the problem of variable not initialized fully s390/smp,mcck: fix early IPI handling media: radio-isa: use dev_name to fill in bus_info staging: iio: resolver: ad2s1210: fix use before initialization drm/amd/display: Validate hw_points_num before using it staging: ks7010: disable bh on tx_dev_lock binfmt_misc: cleanup on filesystem umount media: qcom: venus: fix incorrect return value scsi: spi: Fix sshdr use gfs2: setattr_chown: Add missing initialization wifi: iwlwifi: abort scan when rfkill on but device enabled IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu nvmet-trace: avoid dereferencing pointer too early ext4: do not trim the group with corrupted block bitmap quota: Remove BUG_ON from dqget() media: pci: cx23885: check cx23885_vdev_init() return fs: binfmt_elf_efpic: don't use missing interpreter's properties scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() net/sun3_82586: Avoid reading past buffer in debug output drm/lima: set gp bus_stop bit before hard reset virtiofs: forbid newlines in tags netlink: hold nlk->cb_mutex longer in __netlink_dump_start() md: clean up invalid BUG_ON in md_ioctl x86: Increase brk randomness entropy for 64-bit systems memory: stm32-fmc2-ebi: check regmap_read return value parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 powerpc/boot: Handle allocation failure in simple_realloc() powerpc/boot: Only free if realloc() succeeds btrfs: change BUG_ON to assertion when checking for delayed_node root btrfs: handle invalid root reference found in may_destroy_subvol() btrfs: send: handle unexpected data in header buffer in begin_cmd() btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() f2fs: fix to do sanity check in update_sit_entry usb: gadget: fsl: Increase size of name buffer for endpoints Bluetooth: bnep: Fix out-of-bound access net: hns3: add checking for vf id of mailbox nvmet-tcp: do not continue for invalid icreq NFS: avoid infinite loop in pnfs_update_layout. openrisc: Call setup_memory() earlier in the init sequence s390/iucv: fix receive buffer virtual vs physical address confusion usb: dwc3: core: Skip setting event buffers for host only controllers irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc ext4: set the type of max_zeroout to unsigned int to avoid overflow nvmet-rdma: fix possible bad dereference when freeing rsps hrtimer: Prevent queuing of hrtimer without a function callback gtp: pull network headers in gtp_dev_xmit() block: use "unsigned long" for blk_validate_block_size(). media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) dm suspend: return -ERESTARTSYS instead of -EINTR Bluetooth: hci_core: Fix LE quote calculation Bluetooth: SMP: Fix assumption of Central always being Initiator tc-testing: don't access non-existent variable on exception kcm: Serialise kcm_sendmsg() for the same socket. netfilter: nft_counter: Synchronize nft_counter_reset() against reader. ip6_tunnel: Fix broken GRO bonding: fix bond_ipsec_offload_ok return type bonding: fix null pointer deref in bond_ipsec_offload_ok bonding: fix xfrm real_dev null pointer dereference bonding: fix xfrm state handling when clearing active slave ice: fix ICE_LAST_OFFSET formula net: dsa: mv88e6xxx: read FID when handling ATU violations net: dsa: mv88e6xxx: replace ATU violation prints with trace points net: dsa: mv88e6xxx: Fix out-of-bound access netem: fix return value if duplicate enqueue fails ipv6: prevent UAF in ip6_send_skb() net: xilinx: axienet: Always disable promiscuous mode net: xilinx: axienet: Fix dangling multicast addresses drm/msm/dpu: don't play tricks with debug macros drm/msm/dp: reset the link phy params before link training mmc: mmc_test: Fix NULL dereference on allocation failure Bluetooth: MGMT: Add error handling to pair_device() binfmt_misc: pass binfmt_misc flags to the interpreter MIPS: Loongson64: Set timer mode in cpu-probe HID: wacom: Defer calculation of resolution until resolution_code is known HID: microsoft: Add rumble support to latest xbox controllers cxgb4: add forgotten u64 ivlan cast before shift KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 mmc: dw_mmc: allow biu and ciu clocks to defer Revert "drm/amd/display: Validate hw_points_num before using it" ALSA: timer: Relax start tick time check for slave timer elements nfsd: Don't call freezable_schedule_timeout() after each successful page allocation in svc_alloc_arg(). Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Input: MT - limit max slots tools: move alignment-related macros to new <linux/align.h> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc KVM: arm64: Don't use cbz/adr with external symbols pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins pinctrl: single: fix potential NULL dereference in pcs_get_function() wifi: mwifiex: duplicate static structs used in driver instances mptcp: sched: check both backup in retrans ipc: replace costly bailout check in sysvipc_find_ipc() drm/amdkfd: don't allow mapping the MMIO HDP page with large pages media: uvcvideo: Fix integer overflow calculating timestamp Revert "Input: ioc3kbd - convert to platform remove callback returning void" ata: libata-core: Fix null pointer dereference on error cgroup/cpuset: Prevent UAF in proc_cpuset_show() net:rds: Fix possible deadlock in rds_message_put ovl: do not fail because of O_NOATIME soundwire: stream: fix programming slave ports for non-continous port maps dmaengine: dw: Add peripheral bus width verification dmaengine: dw: Add memory bus width verification ethtool: check device is present when getting link settings gtp: fix a potential NULL pointer dereference net: busy-poll: use ktime_get_ns() instead of local_clock() nfc: pn533: Add poll mod list filling check soc: qcom: cmd-db: Map shared memory as WC, not WB cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller USB: serial: option: add MeiG Smart SRM825L usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: core: Prevent USB core invalid event buffer address access usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: st: add missing depopulate in probe error path usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() scsi: aacraid: Fix double-free on probe failure apparmor: fix policy_unpack_test on big endian systems Linux 5.10.225 Change-Id: I5028ef07db680262d45fba4096094fe8b19dd052 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Guenter Roeck
|
7e8bad2cf3 |
apparmor: fix policy_unpack_test on big endian systems
[ Upstream commit 98c0cc48e27e9d269a3e4db2acd72b486c88ec77 ]
policy_unpack_test fails on big endian systems because data byte order
is expected to be little endian but is generated in host byte order.
This results in test failures such as:
# policy_unpack_test_unpack_array_with_null_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:150
Expected array_size == (u16)16, but
array_size == 4096 (0x1000)
(u16)16 == 16 (0x10)
# policy_unpack_test_unpack_array_with_null_name: pass:0 fail:1 skip:0 total:1
not ok 3 policy_unpack_test_unpack_array_with_null_name
# policy_unpack_test_unpack_array_with_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:164
Expected array_size == (u16)16, but
array_size == 4096 (0x1000)
(u16)16 == 16 (0x10)
# policy_unpack_test_unpack_array_with_name: pass:0 fail:1 skip:0 total:1
Add the missing endianness conversions when generating test data.
Fixes:
|
||
Zhen Lei
|
bbcdda4b0d |
selinux: fix potential counting error in avc_add_xperms_decision()
commit 379d9af3f3da2da1bbfa67baf1820c72a080d1f1 upstream.
The count increases only when a node is successfully added to
the linked list.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
b84ad15be5 |
This is the 5.10.224 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmbCv24ACgkQONu9yGCS
aT7lNRAAzP2lSCUHROaMTldoQdahqoWqwFSiMI9p32HYLTerpg1GHVsi1IUvD+pv
zhmUG9w+ACbSbZ9337G61FeEDCIBzgqaIXLCtbK2Be9nWMa9I1ZtMSFUKoSmVJBw
YbrI/UOscJmAf44G6DeMp+N+/S2o7INK463u51SYjufo/zhFF8KsYElm23p06kgn
lTkkUAoo9mSVvEr64zbjwLrWyBWTlcvYH/xrkWeJWXl+hBv0K5Ig9IBm0sc0DSQR
fErADzDLFkmD9pduZbMwbzUUzC8ST41KKjTgClaHQhSMeoLoWT8CJM5Swwds4XVE
JkoClkqnj3+stYFpLFm9UUgZ12wu/9slzgRCN6fTraSNT8gE9F9BRJXFGL+3S5OO
oHKZYEEPTZDsD3PihgufJ4Ft27+KpMUzAgQUmVH/y47wrVJ2pf4fCK8LKT0MbjBi
pjZaDRCxwo1aORL3+jYJBVRecrNqQ0DhacYOKznhb2KKeaHojIwLaE6k/W/0Q8U5
1uMYv+NJ3LWDNzGcNUTCfNtuDELOpkp24Xc8RN0MK2iMMMyfjMpgKssjSBZtz0QW
NH0UVpfiWKECKH+m03NeFnYdMuK8/VyM8vatkcemz0FfgJP2UazeiVwSujfS2r2S
0TtsCMPP3kgKa9mAnni7lQs4wkG+OTNDNZqbuDqFZ1rHUS2Usrg=
=8i2e
-----END PGP SIGNATURE-----
Merge 5.10.224 into android12-5.10-lts
Changes in 5.10.224
EDAC/skx_common: Add new ADXL components for 2-level memory
EDAC, i10nm: make skx_common.o a separate module
platform/chrome: cros_ec_debugfs: fix wrong EC message version
hfsplus: fix to avoid false alarm of circular locking
x86/of: Return consistent error type from x86_of_pci_irq_enable()
x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling
x86/pci/xen: Fix PCIBIOS_* return code handling
x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos
hwmon: (adt7475) Fix default duty on fan is disabled
pwm: stm32: Always do lazy disabling
hwmon: (max6697) Fix underflow when writing limit attributes
hwmon: (max6697) Fix swapped temp{1,8} critical alarms
arm64: dts: qcom: sdm845: add power-domain to UFS PHY
soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers
arm64: dts: qcom: msm8996: specify UFS core_clk frequencies
soc: qcom: pdr: protect locator_addr with the main mutex
soc: qcom: pdr: fix parsing of domains lists
arm64: dts: rockchip: Increase VOP clk rate on RK3328
ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node
ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset
ARM: dts: imx6qdl-kontron-samx6i: fix board reset
ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects
ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity
arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property
arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux
arm64: dts: amlogic: gx: correct hdmi clocks
m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages
x86/xen: Convert comma to semicolon
m68k: cmpxchg: Fix return value for default case in __arch_xchg()
ARM: pxa: spitz: use gpio descriptors for audio
ARM: spitz: fix GPIO assignment for backlight
firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout()
firmware: turris-mox-rwtm: Initialize completion before mailbox
wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
selftests/bpf: Fix prog numbers in test_sockmap
net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP
net/smc: Allow SMC-D 1MB DMB allocations
net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined
selftests/bpf: Check length of recv in test_sockmap
lib: objagg: Fix general protection fault
mlxsw: spectrum_acl_erp: Fix object nesting warning
mlxsw: spectrum_acl_bloom_filter: Make mlxsw_sp_acl_bf_key_encode() more flexible
mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors
ath11k: dp: stop rx pktlog before suspend
wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
net: fec: Refactor: #define magic constants
net: fec: Fix FEC_ECR_EN1588 being cleared on link-down
ipvs: Avoid unnecessary calls to skb_is_gso_sctp
netfilter: nf_tables: rise cap on SELinux secmark context
perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation
perf: Fix perf_aux_size() for greater-than 32-bit size
perf: Prevent passing zero nr_pages to rb_alloc_aux()
qed: Improve the stack space of filter_config()
wifi: virt_wifi: avoid reporting connection success with wrong SSID
gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey
wifi: virt_wifi: don't use strlen() in const context
selftests/bpf: Close fd in error path in drop_on_reuseport
bpf: annotate BTF show functions with __printf
bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o
selftests: forwarding: devlink_lib: Wait for udev events after reloading
xdp: fix invalid wait context of page_pool_destroy()
drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators
drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare()
media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()
media: imon: Fix race getting ictx->lock
saa7134: Unchecked i2c_transfer function result fixed
media: uvcvideo: Allow entity-defined get_info and get_cur
media: uvcvideo: Override default flags
media: renesas: vsp1: Fix _irqsave and _irq mix
media: renesas: vsp1: Store RPF partition configuration per RPF instance
leds: trigger: Unregister sysfs attributes before calling deactivate()
perf report: Fix condition in sort__sym_cmp()
drm/etnaviv: fix DMA direction handling for cached RW buffers
drm/qxl: Add check for drm_cvt_mode
Revert "leds: led-core: Fix refcount leak in of_led_get()"
ext4: fix infinite loop when replaying fast_commit
media: venus: flush all buffers in output plane streamoff
mfd: omap-usb-tll: Use struct_size to allocate tll
xprtrdma: Rename frwr_release_mr()
xprtrdma: Fix rpcrdma_reqs_reset()
SUNRPC: avoid soft lockup when transmitting UDP to reachable server.
ext4: avoid writing unitialized memory to disk in EA inodes
sparc64: Fix incorrect function signature and add prototype for prom_cif_init
SUNRPC: Fixup gss_status tracepoint error output
PCI: Fix resource double counting on remove & rescan
coresight: Fix ref leak when of_coresight_parse_endpoint() fails
Input: qt1050 - handle CHIP_ID reading error
RDMA/mlx4: Fix truncated output warning in mad.c
RDMA/mlx4: Fix truncated output warning in alias_GUID.c
RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs
ASoC: max98088: Check for clk_prepare_enable() error
mtd: make mtd_test.c a separate module
RDMA/device: Return error earlier if port in not valid
Input: elan_i2c - do not leave interrupt disabled on suspend failure
MIPS: Octeron: remove source file executable bit
powerpc/xmon: Fix disassembly CPU feature checks
macintosh/therm_windtunnel: fix module unload.
RDMA/hns: Fix missing pagesize and alignment check in FRMR
bnxt_re: Fix imm_data endianness
netfilter: ctnetlink: use helper function to calculate expect ID
net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports
net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports
pinctrl: rockchip: update rk3308 iomux routes
pinctrl: core: fix possible memory leak when pinctrl_enable() fails
pinctrl: single: fix possible memory leak when pinctrl_enable() fails
pinctrl: ti: ti-iodelay: Drop if block with always false condition
pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails
pinctrl: freescale: mxs: Fix refcount of child
fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP
fs/nilfs2: remove some unused macros to tame gcc
nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
rtc: interface: Add RTC offset to alarm after fix-up
dt-bindings: thermal: correct thermal zone node name limit
tick/broadcast: Make takeover of broadcast hrtimer reliable
net: netconsole: Disable target before netpoll cleanup
af_packet: Handle outgoing VLAN packets without hardware offloading
ipv6: take care of scope when choosing the src addr
sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks
char: tpm: Fix possible memory leak in tpm_bios_measurements_open()
media: venus: fix use after free in vdec_close
hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
ext2: Verify bitmap and itable block numbers before using them
drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
scsi: qla2xxx: Fix optrom version displayed in FDMI
drm/amd/display: Check for NULL pointer
sched/fair: Use all little CPUs for CPU-bound workloads
apparmor: use kvfree_sensitive to free data->data
task_work: s/task_work_cancel()/task_work_cancel_func()/
task_work: Introduce task_work_cancel() again
udf: Avoid using corrupted block bitmap buffer
m68k: amiga: Turn off Warp1260 interrupts during boot
ext4: check dot and dotdot of dx_root before making dir indexed
ext4: make sure the first directory block is not a hole
wifi: mwifiex: Fix interface type change
leds: ss4200: Convert PCIBIOS_* return codes to errnos
jbd2: make jbd2_journal_get_max_txn_bufs() internal
KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked()
tools/memory-model: Fix bug in lock.cat
hwrng: amd - Convert PCIBIOS_* return codes to errnos
PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN
PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
binder: fix hang of unregistered readers
dev/parport: fix the array out-of-bounds risk
scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
f2fs: fix to don't dirty inode for readonly filesystem
clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use
ubi: eba: properly rollback inside self_check_eba
decompress_bunzip2: fix rare decompression failure
kbuild: Fix '-S -c' in x86 stack protector scripts
kobject_uevent: Fix OOB access within zap_modalias_env()
devres: Fix devm_krealloc() wasting memory
rtc: cmos: Fix return value of nvmem callbacks
scsi: qla2xxx: During vport delete send async logout explicitly
scsi: qla2xxx: Fix for possible memory corruption
scsi: qla2xxx: Fix flash read failure
scsi: qla2xxx: Complete command early within lock
scsi: qla2xxx: validate nvme_local_port correctly
perf/x86/intel/pt: Fix topa_entry base length
perf/x86/intel/pt: Fix a topa_entry base address calculation
rtc: isl1208: Fix return value of nvmem callbacks
watchdog/perf: properly initialize the turbo mode timestamp and rearm counter
platform: mips: cpu_hwmon: Disable driver on unsupported hardware
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
selftests/sigaltstack: Fix ppc64 GCC build
rbd: don't assume rbd_is_lock_owner() for exclusive mappings
MIPS: ip30: ip30-console: Add missing include
MIPS: Loongson64: env: Hook up Loongsson-2K
drm/panfrost: Mark simple_ondemand governor as softdep
rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait
rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings
Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables
Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
nilfs2: handle inconsistent state in nilfs_btnode_create_block()
io_uring/io-wq: limit retrying worker initialisation
kernel: rerun task_work while freezing in get_signal()
kdb: address -Wformat-security warnings
kdb: Use the passed prompt in kdb_position_cursor()
jfs: Fix array-index-out-of-bounds in diFree
um: time-travel: fix time-travel-start option
f2fs: fix start segno of large section
libbpf: Fix no-args func prototype BTF dumping syntax
dma: fix call order in dmam_free_coherent
MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later
ipv4: Fix incorrect source address in Record Route option
net: bonding: correctly annotate RCU in bond_should_notify_peers()
netfilter: nft_set_pipapo_avx2: disable softinterrupts
tipc: Return non-zero value from tipc_udp_addr2str() on error
net: stmmac: Correct byte order of perfect_match
net: nexthop: Initialize all fields in dumped nexthops
bpf: Fix a segment issue when downgrading gso_size
mISDN: Fix a use after free in hfcmulti_tx()
apparmor: Fix null pointer deref when receiving skb during sock creation
powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
lirc: rc_dev_get_from_fd(): fix file leak
ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable
ceph: fix incorrect kmalloc size of pagevec mempool
nvme: split command copy into a helper
nvme-pci: add missing condition check for existence of mapped data
fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC
fuse: name fs_context consistently
fuse: verify {g,u}id mount options correctly
sysctl: always initialize i_uid/i_gid
ext4: factor out a common helper to query extent map
ext4: check the extent status again before inserting delalloc block
soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver
drivers: soc: xilinx: check return status of get_api_version()
driver core: Cast to (void *) with __force for __percpu pointer
devres: Fix memory leakage caused by driver API devm_free_percpu()
genirq: Allow the PM device to originate from irq domain
irqchip/imx-irqsteer: Constify irq_chip struct
irqchip/imx-irqsteer: Add runtime PM support
irqchip/imx-irqsteer: Handle runtime power management correctly
remoteproc: imx_rproc: ignore mapping vdev regions
remoteproc: imx_rproc: Fix ignoring mapping vdev regions
remoteproc: imx_rproc: Skip over memory region when node value is NULL
drm/nouveau: prime: fix refcount underflow
drm/vmwgfx: Fix overlay when using Screen Targets
sched: act_ct: take care of padding in struct zones_ht_key
net/iucv: fix use after free in iucv_sock_close()
net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys
ipv6: fix ndisc_is_useropt() handling for PIO
riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()
platform/chrome: cros_ec_proto: Lock device when updating MKBP version
HID: wacom: Modify pen IDs
protect the fetch of ->fd[fd] in do_dup2() from mispredictions
ALSA: usb-audio: Correct surround channels in UAC1 channel map
ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G
net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY
mptcp: fix duplicate data handling
netfilter: ipset: Add list flush to cancel_gc
genirq: Allow irq_chip registration functions to take a const irq_chip
irqchip/mbigen: Fix mbigen node address layout
x86/mm: Fix pti_clone_pgtable() alignment assumption
x86/mm: Fix pti_clone_entry_text() for i386
sctp: move hlist_node and hashent out of sctp_ep_common
sctp: Fix null-ptr-deref in reuseport_add_sock().
net: usb: qmi_wwan: fix memory leak for not ip packets
net: linkwatch: use system_unbound_wq
Bluetooth: l2cap: always unlock channel in l2cap_conless_channel()
net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()
l2tp: fix lockdep splat
net: fec: Stop PPS on driver remove
rcutorture: Fix rcu_torture_fwd_cb_cr() data race
md: do not delete safemode_timer in mddev_suspend
md/raid5: avoid BUG_ON() while continue reshape after reassembling
clocksource/drivers/sh_cmt: Address race condition for clock events
ACPI: battery: create alarm sysfs attribute atomically
ACPI: SBS: manage alarm sysfs attribute through psy core
selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT
PCI: Add Edimax Vendor ID to pci_ids.h
udf: prevent integer overflow in udf_bitmap_free_blocks()
wifi: nl80211: don't give key data to userspace
btrfs: fix bitmap leak when loading free space cache on duplicate entry
drm/amdgpu: Fix the null pointer dereference to ras_manager
drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules
media: uvcvideo: Ignore empty TS packets
media: uvcvideo: Fix the bandwdith quirk on USB 3.x
jbd2: avoid memleak in jbd2_journal_write_metadata_buffer
s390/sclp: Prevent release of buffer in I/O
SUNRPC: Fix a race to wake a sync task
sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime
ext4: fix wrong unit use in ext4_mb_find_by_goal
arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space
arm64: Add Neoverse-V2 part
arm64: cputype: Add Cortex-X4 definitions
arm64: cputype: Add Neoverse-V3 definitions
arm64: errata: Add workaround for Arm errata 3194386 and 3312417
arm64: cputype: Add Cortex-X3 definitions
arm64: cputype: Add Cortex-A720 definitions
arm64: cputype: Add Cortex-X925 definitions
arm64: errata: Unify speculative SSBS errata logic
arm64: errata: Expand speculative SSBS workaround
arm64: cputype: Add Cortex-X1C definitions
arm64: cputype: Add Cortex-A725 definitions
arm64: errata: Expand speculative SSBS workaround (again)
i2c: smbus: Improve handling of stuck alerts
ASoC: codecs: wsa881x: Correct Soundwire ports mask
i2c: smbus: Send alert notifications to all devices if source not found
bpf: kprobe: remove unused declaring of bpf_kprobe_override
kprobes: Fix to check symbol prefixes correctly
spi: spi-fsl-lpspi: Fix scldiv calculation
ALSA: usb-audio: Re-add ScratchAmp quirk entries
drm/client: fix null pointer dereference in drm_client_modeset_probe
ALSA: line6: Fix racy access to midibuf
ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
usb: vhci-hcd: Do not drop references before new references are gained
USB: serial: debug: do not echo input by default
usb: gadget: core: Check for unset descriptor
usb: gadget: u_serial: Set start_delayed during suspend
scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic
tick/broadcast: Move per CPU pointer access into the atomic section
ntp: Clamp maxerror and esterror to operating range
driver core: Fix uevent_show() vs driver detach race
ntp: Safeguard against time_constant overflow
scsi: mpt3sas: Remove scsi_dma_map() error messages
scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES
irqchip/meson-gpio: support more than 8 channels gpio irq
irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t'
serial: core: check uartclk for zero to avoid divide by zero
irqchip/xilinx: Fix shift out of bounds
genirq/irqdesc: Honor caller provided affinity in alloc_desc()
power: supply: axp288_charger: Fix constant_charge_voltage writes
power: supply: axp288_charger: Round constant_charge_voltage writes down
tracing: Fix overflow in get_free_elt()
padata: Fix possible divide-by-0 panic in padata_mt_helper()
x86/mtrr: Check if fixed MTRRs exist before saving them
drm/bridge: analogix_dp: properly handle zero sized AUX transactions
drm/mgag200: Set DDC timeout in milliseconds
mptcp: sched: check both directions for backup
mptcp: distinguish rcv vs sent backup flag in requests
mptcp: fix NL PM announced address accounting
mptcp: mib: count MPJ with backup flag
mptcp: export local_address
mptcp: pm: fix backup support in signal endpoints
samples: Add fs error monitoring example
samples: Make fs-monitor depend on libc and headers
Add gitignore file for samples/fanotify/ subdirectory
Fix gcc 4.9 build issue in 5.10.y
PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
netfilter: nf_tables: set element extended ACK reporting support
netfilter: nf_tables: use timestamp to check for set element timeout
netfilter: nf_tables: allow clone callbacks to sleep
netfilter: nf_tables: prefer nft_chain_validate
drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
arm64: cpufeature: Fix the visibility of compat hwcaps
media: uvcvideo: Use entity get_cur in uvc_ctrl_set
exec: Fix ToCToU between perm check and set-uid/gid usage
nvme/pci: Add APST quirk for Lenovo N60z laptop
vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro
vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler
wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode
media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()"
Linux 5.10.224
Change-Id: I7cd19d506c4c86df918a280598946060a494a161
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Xiao Liang
|
347dcb84a4 |
apparmor: Fix null pointer deref when receiving skb during sock creation
[ Upstream commit fce09ea314505a52f2436397608fa0a5d0934fb1 ]
The panic below is observed when receiving ICMP packets with secmark set
while an ICMP raw socket is being created. SK_CTX(sk)->label is updated
in apparmor_socket_post_create(), but the packet is delivered to the
socket before that, causing the null pointer dereference.
Drop the packet if label context is not set.
BUG: kernel NULL pointer dereference, address: 000000000000004c
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020
RIP: 0010:aa_label_next_confined+0xb/0x40
Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2
RSP: 0018:ffffa92940003b08 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e
RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002
R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400
R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0
PKRU: 55555554
Call Trace:
<IRQ>
? __die+0x23/0x70
? page_fault_oops+0x171/0x4e0
? exc_page_fault+0x7f/0x180
? asm_exc_page_fault+0x26/0x30
? aa_label_next_confined+0xb/0x40
apparmor_secmark_check+0xec/0x330
security_sock_rcv_skb+0x35/0x50
sk_filter_trim_cap+0x47/0x250
sock_queue_rcv_skb_reason+0x20/0x60
raw_rcv+0x13c/0x210
raw_local_deliver+0x1f3/0x250
ip_protocol_deliver_rcu+0x4f/0x2f0
ip_local_deliver_finish+0x76/0xa0
__netif_receive_skb_one_core+0x89/0xa0
netif_receive_skb+0x119/0x170
? __netdev_alloc_skb+0x3d/0x140
vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]
vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a]
__napi_poll+0x28/0x1b0
net_rx_action+0x2a4/0x380
__do_softirq+0xd1/0x2c8
__irq_exit_rcu+0xbb/0xf0
common_interrupt+0x86/0xa0
</IRQ>
<TASK>
asm_common_interrupt+0x26/0x40
RIP: 0010:apparmor_socket_post_create+0xb/0x200
Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48
RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286
RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003
R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748
? __pfx_apparmor_socket_post_create+0x10/0x10
security_socket_post_create+0x4b/0x80
__sock_create+0x176/0x1f0
__sys_socket+0x89/0x100
__x64_sys_socket+0x17/0x20
do_syscall_64+0x5d/0x90
? do_syscall_64+0x6c/0x90
? do_syscall_64+0x6c/0x90
? do_syscall_64+0x6c/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
Fixes:
|
||
Frederic Weisbecker
|
1fd27cc6f0 |
task_work: s/task_work_cancel()/task_work_cancel_func()/
commit 68cbd415dd4b9c5b9df69f0f091879e56bf5907a upstream. A proper task_work_cancel() API that actually cancels a callback and not *any* callback pointing to a given function is going to be needed for perf events event freeing. Do the appropriate rename to prepare for that. Signed-off-by: Frederic Weisbecker <frederic@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20240621091601.18227-2-frederic@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Fedor Pchelkin
|
973155ca67 |
apparmor: use kvfree_sensitive to free data->data
commit 2bc73505a5cd2a18a7a542022722f136c19e3b87 upstream.
Inside unpack_profile() data->data is allocated using kvmemdup() so it
should be freed with the corresponding kvfree_sensitive().
Also add missing data->data release for rhashtable insertion failure path
in unpack_profile().
Found by Linux Verification Center (linuxtesting.org).
Fixes:
|
||
|
Greg Kroah-Hartman
|
875057880e |
This is the 5.10.222 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmaY9zYACgkQONu9yGCS aT6v5g//WMifSZz85CUFaqgs65rwVfhTMpYtUeL5LiDuy+SMou6ViV3A93FpTkmj FJBvrr2y0bn8Y5Dp/fwYj10XUz+THZte/yEVnPh/NkV107FZD3fKa6GTnJY7H/XY 4SoOGfPB4yfx+MpN6ZpLsu4cAt6FW8P+QfKOxBEboGkJSGpjEbGYFMtyZAMjknia QE8cKQ3LnMrQzHIizil5dZVlYaiMgJtlKTtUeVI1ixmaGDb3rCsnCVvMRvZnW95V aSgyJNrNix7a5tRgYwZHZp4t3p9iT2lyIFM3/y7TKcglVCMPw4nbsDdLNNq11qrk RdTdScR+9eKyJsEGVYOhXZFUFzOgHW22xyx0CCZmDMeu08WPNl4vhGewnndQy3yd 6jdTRYDrU6SQNQ0AjRZXcdmfopIQxetHE7ZEKvbgBW6+u9oySYU8phPCNkma2JWr O2eY5AOF8zgPAdAzvF9Bt/qTlwLNjP0zczoIRX7HSvV03Nh9cQvgzKdSCfuPDU4a FX7mlokgweYa7WoWGPkzOlgMaJZksqstDnhbuwONoMPrNFTUjgm429K87iPdwzqC Yv4uDrpFXgkhfD4Aoks4wDpE2LgBKWz5Wnpo+WW4fjcrXtcIV2tTD9FkMjBv3ECv A8TTWsXxQtm3V54R4h7fAXg9KnZBuIYYDnB2u1317ZdaDkZRuPQ= =X2/A -----END PGP SIGNATURE----- Merge 5.10.222 into android12-5.10-lts Changes in 5.10.222 Compiler Attributes: Add __uninitialized macro drm/lima: fix shared irq handling on driver remove media: dvb: as102-fe: Fix as10x_register_addr packing media: dvb-usb: dib0700_devices: Add missing release_firmware() IB/core: Implement a limit on UMAD receive List scsi: qedf: Make qedf_execute_tmf() non-preemptible crypto: aead,cipher - zeroize key buffer after use drm/amdgpu: Initialize timestamp for some legacy SOCs drm/amd/display: Check index msg_id before read or write drm/amd/display: Check pipe offset before setting vblank drm/amd/display: Skip finding free audio for unknown engine_id media: dw2102: Don't translate i2c read into write sctp: prefer struct_size over open coded arithmetic firmware: dmi: Stop decoding on broken entry Input: ff-core - prefer struct_size over open coded arithmetic net: dsa: mv88e6xxx: Correct check for empty list media: dvb-frontends: tda18271c2dd: Remove casting during div media: s2255: Use refcount_t instead of atomic_t for num_channels media: dvb-frontends: tda10048: Fix integer overflow i2c: i801: Annotate apanel_addr as __ro_after_init powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n orangefs: fix out-of-bounds fsid access kunit: Fix timeout message powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD jffs2: Fix potential illegal address access in jffs2_free_inode s390/pkey: Wipe sensitive data on failure UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() tcp_metrics: validate source addr length wifi: wilc1000: fix ies_len type in connect path bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() selftests: fix OOM in msg_zerocopy selftest selftests: make order checking verbose in msg_zerocopy selftest inet_diag: Initialize pad field in struct inet_diag_req_v2 nilfs2: fix inode number range checks nilfs2: add missing check for inode numbers on directory entries mm: optimize the redundant loop of mm_update_owner_next() mm: avoid overflows in dirty throttling logic Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct fsnotify: Do not generate events for O_PATH file descriptors Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes drm/amdgpu/atomfirmware: silence UBSAN warning mtd: rawnand: Bypass a couple of sanity checks during NAND identification bnx2x: Fix multiple UBSAN array-index-out-of-bounds bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues ima: Avoid blocking in RCU read-side critical section media: dw2102: fix a potential buffer overflow i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 nvme-multipath: find NUMA path only for online numa-node nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro nvmet: fix a possible leak when destroy a ctrl during qp establishment kbuild: fix short log for AS in link-vmlinux.sh nilfs2: fix incorrect inode allocation from reserved inodes mm: prevent derefencing NULL ptr in pfn_section_valid() filelock: fix potential use-after-free in posix_lock_inode fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading vfs: don't mod negative dentry count when on shrinker list tcp: fix incorrect undo caused by DSACK of TLP retransmit octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() net: lantiq_etop: add blank line after declaration net: ethernet: lantiq_etop: fix double free in detach ppp: reject claimed-as-LCP but actually malformed packets ethtool: netlink: do not return SQI value if link is down udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). net/sched: Fix UAF when resolving a clash s390: Mark psw in __load_psw_mask() as __unitialized ARM: davinci: Convert comma to semicolon octeontx2-af: fix detection of IP layer tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() tcp: avoid too many retransmit packets net: ks8851: Fix potential TX stall after interface reopen USB: serial: option: add Telit generic core-dump composition USB: serial: option: add Telit FN912 rmnet compositions USB: serial: option: add Fibocom FM350-GL USB: serial: option: add support for Foxconn T99W651 USB: serial: option: add Netprisma LCUK54 series modules USB: serial: option: add Rolling RW350-GL variants USB: serial: mos7840: fix crash on resume USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor hpet: Support 32-bit userspace nvmem: meson-efuse: Fix return value of nvmem callbacks ALSA: hda/realtek: Enable Mute LED on HP 250 G7 ALSA: hda/realtek: Limit mic boost on VAIO PRO PX libceph: fix race between delayed_work() and ceph_monc_stop() wireguard: allowedips: avoid unaligned 64-bit memory accesses wireguard: queueing: annotate intentional data race in cpu round robin wireguard: send: annotate intentional data race in checking empty queue x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk efi: ia64: move IA64-only declarations to new asm/efi.h header ipv6: annotate data-races around cnf.disable_ipv6 ipv6: prevent NULL dereference in ip6_output() bpf: Allow reads from uninit stack nilfs2: fix kernel bug on rename operation of broken directory i2c: rcar: bring hardware to known state when probing i2c: mark HostNotify target address as used i2c: rcar: Add R-Car Gen4 support i2c: rcar: reset controller is mandatory for Gen3+ i2c: rcar: introduce Gen4 devices i2c: rcar: ensure Gen3+ reset does not disturb local targets i2c: rcar: clear NO_RXDMA flag after resetting i2c: rcar: fix error code in probe() Linux 5.10.222 Change-Id: I39dedaef039a49c1b8b53dd83b83d481593ffb95 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
GUO Zihua
|
a6176a802c |
ima: Avoid blocking in RCU read-side critical section
commit 9a95c5bfbf02a0a7f5983280fe284a0ff0836c34 upstream.
A panic happens in ima_match_policy:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
PGD 42f873067 P4D 0
Oops: 0000 [#1] SMP NOPTI
CPU: 5 PID:
|
||
|
Greg Kroah-Hartman
|
3a2d2273f6 |
Merge 5.10.218 into android12-5.10-lts
Changes in 5.10.218 pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() x86/xen: Drop USERGS_SYSRET64 paravirt call Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize UMAC_CMD access ima: fix deadlock when traversing "ima_default_rules". netlink: annotate lockless accesses to nlk->max_recvmsg_len KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection firmware: arm_scmi: Harden accesses to the reset domains mptcp: ensure snd_nxt is properly initialized on connect btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() usb: typec: ucsi: displayport: Fix potential deadlock serial: kgdboc: Fix NMI-safety problems from keyboard reset code docs: kernel_include.py: Cope with docutils 0.21 Linux 5.10.218 Change-Id: Ic5eed7370c42b3d8637a72edd4f82f5efa706e09 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
dde5ece421 |
Merge 5.10.217 into android12-5.10-lts
Changes in 5.10.217
dmaengine: pl330: issue_pending waits until WFP state
dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
wifi: nl80211: don't free NULL coalescing rule
eeprom: at24: Use dev_err_probe for nvmem register failure
eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
eeprom: at24: fix memory corruption race condition
pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T
pinctrl/meson: fix typo in PDM's pin name
pinctrl: core: delete incorrect free in pinctrl_enable()
pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic
pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback
pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE
sunrpc: add a struct rpc_stats arg to rpc_create_args
nfs: expose /proc/net/sunrpc/nfs in net namespaces
nfs: make the rpc_stat per net namespace
nfs: Handle error of rpc_proc_register() in nfs_net_init().
power: rt9455: hide unused rt9455_boost_voltage_values
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
regulator: mt6360: De-capitalize devicetree regulator subnodes
s390/mm: Fix storage key clearing for guest huge pages
s390/mm: Fix clearing storage keys for huge pages
bna: ensure the copied buf is NUL terminated
octeontx2-af: avoid off-by-one read from userspace
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
net l2tp: drop flow hash on forward
s390/vdso: Add CFI for RA register to asm macro vdso_func
net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
net: qede: use return from qede_parse_flow_attr() for flower
net: qede: use return from qede_parse_flow_attr() for flow_spec
net: qede: use return from qede_parse_actions()
ASoC: Fix 7/8 spaces indentation in Kconfig
ASoC: meson: cards: select SND_DYNAMIC_MINORS
cxgb4: Properly lock TX queue for the selftest.
net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341
net: bridge: fix multicast-to-unicast with fraglist GSO
net: core: reject skb_copy(_expand) for fraglist GSO skbs
tipc: fix a possible memleak in tipc_buf_append
net: gro: add flush check in udp_gro_receive_segment
clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
gfs2: Fix invalid metadata access in punch_hole
wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
wifi: cfg80211: fix rdev_dump_mpp() arguments order
net: mark racy access on sk->sk_rcvbuf
scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
btrfs: return accurate error code on open failure in open_fs_devices()
ALSA: line6: Zero-initialize message buffers
net: bcmgenet: Reset RBUF on first open
ata: sata_gemini: Check clk_enable() result
firewire: ohci: mask bus reset interrupts between ISR and bottom half
tools/power turbostat: Fix added raw MSR output
tools/power turbostat: Fix Bzy_MHz documentation typo
btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
btrfs: always clear PERTRANS metadata during commit
scsi: target: Fix SELinux error when systemd-modules loads the target module
blk-iocost: avoid out of bounds shift
gpu: host1x: Do not setup DMA for virtual devices
MIPS: scall: Save thread_info.syscall unconditionally on entry
selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior
fs/9p: only translate RWX permissions for plain 9P2000
fs/9p: translate O_TRUNC into OTRUNC
9p: explicitly deny setlease attempts
gpio: wcove: Use -ENOTSUPP consistently
gpio: crystalcove: Use -ENOTSUPP consistently
clk: Don't hold prepare_lock when calling kref_put()
fs/9p: drop inodes immediately on non-.L too
drm/nouveau/dp: Don't probe eDP ports twice harder
net:usb:qmi_wwan: support Rolling modules
xfrm: Preserve vlan tags for transport mode software GRO
tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
hwmon: (corsair-cpro) Use a separate buffer for sending commands
hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event()
hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock
phonet: fix rtm_phonet_notify() skb allocation
kcov: Remove kcov include from sched.h and move it to its users.
net: bridge: fix corrupted ethernet header on multicast-to-unicast
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
net: hns3: use appropriate barrier function after setting a bit value
btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send()
firewire: nosy: ensure user_length is taken into account when fetching packet contents
arm64: dts: qcom: Fix 'interrupt-map' parent address cells
usb: typec: ucsi: Check for notifications after init
usb: typec: ucsi: Fix connector check on init
usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device
usb: ohci: Prevent missed ohci interrupts
usb: gadget: composite: fix OS descriptors w_value logic
usb: gadget: f_fs: Fix a race condition when processing setup packets.
usb: xhci-plat: Don't include xhci.h
usb: dwc3: core: Prevent phy suspend during init
ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
iio:imu: adis16475: Fix sync mode setting
iio: accel: mxc4005: Interrupt handling fixes
tipc: fix UAF in error path
net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()
ASoC: tegra: Fix DSPK 16-bit playback
dyndbg: fix old BUG_ON in >control parser
mei: me: add lunar lake point M DID
drm/vmwgfx: Fix invalid reads in fence signaled events
net: fix out-of-bounds access in ops_init
hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
regulator: core: fix debugfs creation regression
keys: Fix overwrite of key expiration on instantiation
md: fix kmemleak of rdev->serial
Linux 5.10.217
Change-Id: I63eef00187948953d29febc26cc4c2c30166f7aa
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
9100d24dfd |
This is the 5.10.215 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmYaZdgACgkQONu9yGCS
aT4oMxAA0pATFAq8RN5f9CmYlMg5HqHgzZ8lJv8P0/reOINhUa+F5sJb1n+x+Ch4
WQbmiFeZRzfsKZ2qKhIdNR0Lg+9JOr/DtYXdSBZ6InfSWrTAIrQ9fjl5Warkmcgg
O4WbgF5BVgU3vGFATgxLvnUZwhR1D7WK93oMDunzrT7+OqyncU3f1Uj53ZAu9030
z18UNqnTxDLYH/CMGwAeRkaZqBev9gZ1HdgQWA27SVLqWQwZq0al81Cmlo+ECVmk
5dF6V2pid4qfKGJjDDfx1NS0PVnoP68iK4By1SXyoFV9VBiSwp77nUUyDr7YsHsT
u8GpZHr9jZvSO5/xtKv20NPLejTPCRKc06CbkwpikDRtGOocBL8em0GuVqlf8hMs
KwDb6ZEzYhXZGPJHbJM+aRD1tq/KHw9X7TrldOszMQPr6lubBtscPbg1FCg3OlcC
HUrtub0i275x7TH0dJeRTD8TRE9jRmF+tl7KQytEJM3JRrquFjLyhDj+/VJnZkiB
lzj3FRf4zshzgz4+CAeqXO/8Lu8b3fGYmcW1acCmk7emjDcXUKojPj/Aig6T4l7P
oCWDY3+w1E6eiyE8BazxY1KUa/41ld0VJnlW5JWGRaDFTJwrk0h6/rvf9qImSckw
IGx24UezRyp6NS1op3Qm2iwHLr41pFRfKxNm9ppgH9iBPzOhe38=
=pkLL
-----END PGP SIGNATURE-----
Merge 5.10.215 into android12-5.10-lts
Changes in 5.10.215
amdkfd: use calloc instead of kzalloc to avoid integer overflow
Documentation/hw-vuln: Update spectre doc
x86/cpu: Support AMD Automatic IBRS
x86/bugs: Use sysfs_emit()
timers: Update kernel-doc for various functions
timers: Use del_timer_sync() even on UP
timers: Rename del_timer_sync() to timer_delete_sync()
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
drm/vmwgfx: stop using ttm_bo_create v2
drm/vmwgfx: switch over to the new pin interface v2
drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret'
drm/vmwgfx: Fix some static checker warnings
drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
serial: max310x: fix NULL pointer dereference in I2C instantiation
media: xc4000: Fix atomicity violation in xc4000_get_frequency
KVM: Always flush async #PF workqueue when vCPU is being destroyed
sparc64: NMI watchdog: fix return value of __setup handler
sparc: vDSO: fix return value of __setup handler
crypto: qat - fix double free during reset
crypto: qat - resolve race condition during AER recovery
selftests/mqueue: Set timeout to 180 seconds
ext4: correct best extent lstart adjustment logic
block: introduce zone_write_granularity limit
block: Clear zone limits for a non-zoned stacked queue
bounds: support non-power-of-two CONFIG_NR_CPUS
fat: fix uninitialized field in nostale filehandles
ubifs: Set page uptodate in the correct place
ubi: Check for too small LEB size in VTBL code
ubi: correct the calculation of fastmap size
mtd: rawnand: meson: fix scrambling mode value in command macro
parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros
parisc: Fix ip_fast_csum
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
PM: suspend: Set mem_sleep_current during kernel command line setup
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
powerpc/fsl: Fix mfpmr build errors with newer binutils
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
USB: serial: add device ID for VeriFone adapter
USB: serial: cp210x: add ID for MGP Instruments PDS100
USB: serial: option: add MeiG Smart SLM320 product
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
PM: sleep: wakeirq: fix wake irq warning in system suspend
mmc: tmio: avoid concurrent runs of mmc_request_done()
fuse: fix root lookup with nonzero generation
fuse: don't unhash root
usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
printk/console: Split out code that enables default console
serial: Lock console when calling into driver before registration
btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
PCI: Drop pci_device_remove() test of pci_dev->driver
PCI/PM: Drain runtime-idle callbacks before driver removal
PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities()
PCI: Cache PCIe Device Capabilities register
PCI: Work around Intel I210 ROM BAR overlap defect
PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
PCI/DPC: Quirk PIO log size for certain Intel Root Ports
PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
dm-raid: fix lockdep waring in "pers->hot_add_disk"
mac802154: fix llsec key resources release in mac802154_llsec_key_del
mm: swap: fix race between free_swap_and_cache() and swapoff()
mmc: core: Fix switch on gp3 partition
drm/etnaviv: Restore some id values
hwmon: (amc6821) add of_match table
ext4: fix corruption during on-line resize
nvmem: meson-efuse: fix function pointer type mismatch
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
phy: tegra: xusb: Add API to retrieve the port number of phy
usb: gadget: tegra-xudc: Use dev_err_probe()
usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
speakup: Fix 8bit characters from direct synth
PCI/ERR: Clear AER status only when we control AER
PCI/AER: Block runtime suspend when handling errors
nfs: fix UAF in direct writes
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
PCI: dwc: endpoint: Fix advertised resizable BAR size
vfio/platform: Disable virqfds on cleanup
ring-buffer: Fix waking up ring buffer readers
ring-buffer: Do not set shortest_full when full target is hit
ring-buffer: Fix resetting of shortest_full
ring-buffer: Fix full_waiters_pending in poll
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Use raw spinlock for cgr_lock
s390/zcrypt: fix reference counting on zcrypt card objects
drm/panel: do not return negative error codes from drm_panel_get_modes()
drm/exynos: do not return negative values from .get_modes()
drm/imx/ipuv3: do not return negative values from .get_modes()
drm/vc4: hdmi: do not return negative values from .get_modes()
memtest: use {READ,WRITE}_ONCE in memory scanning
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
nilfs2: prevent kernel bug at submit_bh_wbc()
cpufreq: dt: always allocate zeroed cpumask
x86/CPU/AMD: Update the Zenbleed microcode revisions
net: hns3: tracing: fix hclgevf trace event strings
wireguard: netlink: check for dangling peer via is_dead instead of empty list
wireguard: netlink: access device through ctx instead of peer
ahci: asm1064: correct count of reported ports
ahci: asm1064: asm1166: don't limit reported ports
drm/amd/display: Return the correct HDCP error code
drm/amd/display: Fix noise issue on HDMI AV mute
dm snapshot: fix lockup in dm_exception_table_exit
vxge: remove unnecessary cast in kfree()
x86/stackprotector/32: Make the canary into a regular percpu variable
x86/pm: Work around false positive kmemleak report in msr_build_context()
scripts: kernel-doc: Fix syntax error due to undeclared args variable
comedi: comedi_test: Prevent timers rescheduling during deletion
cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value"
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
netfilter: nf_tables: disallow anonymous set with timeout flag
netfilter: nf_tables: reject constant set with timeout
Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
usb: gadget: ncm: Fix handling of zero block length packets
usb: port: Don't try to peer unused USB ports based on location
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
mei: me: add arrow lake point S DID
mei: me: add arrow lake point H DID
vt: fix unicode buffer corruption when deleting characters
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
tee: optee: Fix kernel panic caused by incorrect error handling
xen/events: close evtchn after mapping cleanup
printk: Update @console_may_schedule in console_trylock_spinning()
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix
x86/bugs: Add asm helpers for executing VERW
x86/entry_64: Add VERW just before userspace transition
x86/entry_32: Add VERW just before userspace transition
x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
KVM/VMX: Move VERW closer to VMentry for MDS mitigation
x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
Documentation/hw-vuln: Add documentation for RFDS
x86/rfds: Mitigate Register File Data Sampling (RFDS)
KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
perf/core: Fix reentry problem in perf_output_read_group()
efivarfs: Request at most 512 bytes for variable names
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
mm/memory-failure: fix an incorrect use of tail pages
mm/migrate: set swap entry values of THP tail pages properly.
init: open /initrd.image with O_LARGEFILE
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
hexagon: vmlinux.lds.S: handle attributes section
mmc: core: Initialize mmc_blk_ioc_data
mmc: core: Avoid negative index with array access
net: ll_temac: platform_get_resource replaced by wrong function
usb: cdc-wdm: close race between read and workqueue
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
scsi: core: Fix unremoved procfs host directory regression
staging: vc04_services: changen strncpy() to strscpy_pad()
staging: vc04_services: fix information leak in create_component()
USB: core: Add hub_get() and hub_put() routines
usb: dwc2: host: Fix remote wakeup from hibernation
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: gadget: LPM flow fix
usb: udc: remove warning when queue disabled ep
usb: typec: ucsi: Ack unsupported commands
usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
scsi: qla2xxx: Split FCE|EFT trace control
scsi: qla2xxx: Fix command flush on cable pull
scsi: qla2xxx: Delay I/O Abort on PCI error
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
scsi: lpfc: Correct size for wqe for memset()
USB: core: Fix deadlock in usb_deauthorize_interface()
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
tcp: properly terminate timers for kernel sockets
ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields()
bpf: Protect against int overflow for stack access size
Octeontx2-af: fix pause frame configuration in GMP mode
dm integrity: fix out-of-range warning
r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
x86/cpufeatures: Add new word for scattered features
Bluetooth: hci_event: set the conn encrypted before conn establishes
Bluetooth: Fix TOCTOU in HCI debugfs implementation
netfilter: nf_tables: disallow timeout for anonymous sets
net/rds: fix possible cp null dereference
vfio/pci: Disable auto-enable of exclusive INTx IRQ
vfio/pci: Lock external INTx masking ops
vfio: Introduce interface to flush virqfd inject workqueue
vfio/pci: Create persistent INTx handler
vfio/platform: Create persistent IRQ handlers
vfio/fsl-mc: Block calling interrupt handler without trigger
io_uring: ensure '0' is returned on file registration success
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
x86/srso: Add SRSO mitigation for Hygon processors
block: add check that partition length needs to be aligned with block size
netfilter: nf_tables: reject new basechain after table flag update
netfilter: nf_tables: flush pending destroy work before exit_net release
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
netfilter: validate user input for expected length
vboxsf: Avoid an spurious warning if load_nls_xxx() fails
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
net/sched: act_skbmod: prevent kernel-infoleak
net: stmmac: fix rx queue priority assignment
erspan: make sure erspan_base_hdr is present in skb->head
selftests: reuseaddr_conflict: add missing new line at the end of the output
ipv6: Fix infinite recursion in fib6_dump_done().
udp: do not transition UDP GRO fraglist partial checksums to unnecessary
octeontx2-pf: check negative error code in otx2_open()
i40e: fix i40e_count_filters() to count only active/new filters
i40e: fix vf may be used uninitialized in this function warning
scsi: qla2xxx: Update manufacturer details
scsi: qla2xxx: Update manufacturer detail
Revert "usb: phy: generic: Get the vbus supply"
udp: do not accept non-tunnel GSO skbs landing in a tunnel
net: ravb: Always process TX descriptor ring
arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor
arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
scsi: mylex: Fix sysfs buffer lengths
ata: sata_mv: Fix PCI device ID table declaration compilation warning
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
driver core: Introduce device_link_wait_removal()
of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
s390/entry: align system call table on 8 bytes
riscv: Fix spurious errors from __get/put_kernel_nofault
x86/bugs: Fix the SRSO mitigation on Zen3/4
x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO
mptcp: don't account accept() of non-MPC client as fallback to TCP
x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
objtool: Add asm version of STACK_FRAME_NON_STANDARD
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
panic: Flush kernel log buffer at the end
arm64: dts: rockchip: fix rk3328 hdmi ports node
arm64: dts: rockchip: fix rk3399 hdmi ports node
ionic: set adminq irq affinity
pstore/zone: Add a null pointer check to the psz_kmsg_read
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
sysv: don't call sb_bread() with pointers_lock held
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
isofs: handle CDs with bad root inode but good Joliet root directory
media: sta2x11: fix irq handler cast
ext4: add a hint for block bitmap corrupt state in mb_groups
ext4: forbid commit inconsistent quota data when errors=remount-ro
drm/amd/display: Fix nanosec stat overflow
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
libperf evlist: Avoid out-of-bounds access
block: prevent division by zero in blk_rq_stat_sum()
RDMA/cm: add timeout to cm_destroy_id wait
Input: allocate keycode for Display refresh rate toggle
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
ktest: force $buildonly = 1 for 'make_warnings_file' test type
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
tools: iio: replace seekdir() in iio_generic_buffer
usb: typec: tcpci: add generic tcpci fallback compatible
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
drivers/nvme: Add quirks for device 126f:2262
fbmon: prevent division by zero in fb_videomode_from_videomode()
netfilter: nf_tables: release batch on table validation from abort path
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
netfilter: nf_tables: discard table flag update with pending basechain deletion
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
virtio: reenable config if freezing device failed
x86/mm/pat: fix VM_PAT handling in COW mappings
drm/i915/gt: Reset queue_priority_hint on parking
Bluetooth: btintel: Fixe build regression
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
kbuild: dummy-tools: adjust to stricter stackprotector check
scsi: sd: Fix wrong zone_write_granularity value during revalidate
x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
x86/head/64: Re-enable stack protection
Linux 5.10.215
Change-Id: I45a0a9c4a0683ff5ef97315690f1f884f666e1b5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
liqiong
|
eb15243bc9 |
ima: fix deadlock when traversing "ima_default_rules".
commit eb0782bbdfd0d7c4786216659277c3fd585afc0e upstream.
The current IMA ruleset is identified by the variable "ima_rules"
that default to "&ima_default_rules". When loading a custom policy
for the first time, the variable is updated to "&ima_policy_rules"
instead. That update isn't RCU-safe, and deadlocks are possible.
Indeed, some functions like ima_match_policy() may loop indefinitely
when traversing "ima_default_rules" with list_for_each_entry_rcu().
When iterating over the default ruleset back to head, if the list
head is "ima_default_rules", and "ima_rules" have been updated to
"&ima_policy_rules", the loop condition (&entry->list != ima_rules)
stays always true, traversing won't terminate, causing a soft lockup
and RCU stalls.
Introduce a temporary value for "ima_rules" when iterating over
the ruleset to avoid the deadlocks.
Signed-off-by: liqiong <liqiong@nfschina.com>
Reviewed-by: THOBY Simon <Simon.THOBY@viveris.fr>
Fixes:
|
||
Silvio Gissi
|
ad2011ea78 |
keys: Fix overwrite of key expiration on instantiation
commit 9da27fb65a14c18efd4473e2e82b76b53ba60252 upstream.
The expiry time of a key is unconditionally overwritten during
instantiation, defaulting to turn it permanent. This causes a problem
for DNS resolution as the expiration set by user-space is overwritten to
TIME64_MAX, disabling further DNS updates. Fix this by restoring the
condition that key_set_expiry is only called when the pre-parser sets a
specific expiry.
Fixes: 39299bdd2546 ("keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry")
Signed-off-by: Silvio Gissi <sifonsec@amazon.com>
cc: David Howells <dhowells@redhat.com>
cc: Hazem Mohamed Abuelfotoh <abuehaze@amazon.com>
cc: linux-afs@lists.infradead.org
cc: linux-cifs@vger.kernel.org
cc: keyrings@vger.kernel.org
cc: netdev@vger.kernel.org
cc: stable@vger.kernel.org
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
578a3af78b |
Merge 5.10.213 into android12-5.10-lts
Changes in 5.10.213
mmc: mmci: stm32: use a buffer for unaligned DMA requests
mmc: mmci: stm32: fix DMA API overlapping mappings warning
lan78xx: Fix white space and style issues
lan78xx: Add missing return code checks
lan78xx: Fix partial packet errors on suspend/resume
lan78xx: Fix race conditions in suspend/resume handling
net: lan78xx: fix runtime PM count underflow on link stop
ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
i40e: disable NAPI right after disabling irqs when handling xsk_pool
tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
geneve: make sure to pull inner header in geneve_rx()
net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
net/rds: fix WARNING in rds_conn_connect_if_down
netfilter: nft_ct: fix l3num expectations with inet pseudo family
netfilter: nf_conntrack_h323: Add protection for bmp length out of range
netrom: Fix a data-race around sysctl_netrom_default_path_quality
netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser
netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
netrom: Fix a data-race around sysctl_netrom_transport_timeout
netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size
netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
netrom: Fix a data-race around sysctl_netrom_routing_control
netrom: Fix a data-race around sysctl_netrom_link_fails_count
netrom: Fix data-races around sysctl_net_busy_read
selftests/mm: switch to bash from sh
selftests: mm: fix map_hugetlb failure on 64K page size systems
um: allow not setting extra rpaths in the linux binary
xhci: remove extra loop in interrupt context
xhci: prevent double-fetch of transfer and transfer event TRBs
xhci: process isoc TD properly when there was a transaction error mid TD.
xhci: handle isoc Babble and Buffer Overrun events properly
serial: max310x: Use devm_clk_get_optional() to get the input clock
serial: max310x: Try to get crystal clock rate from property
serial: max310x: fail probe if clock crystal is unstable
serial: max310x: Make use of device properties
serial: max310x: use regmap methods for SPI batch operations
serial: max310x: use a separate regmap for each port
serial: max310x: prevent infinite while() loop in port startup
net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr
bpf: net: Change sk_getsockopt() to take the sockptr_t argument
lsm: make security_socket_getpeersec_stream() sockptr_t safe
lsm: fix default return value of the socket_getpeersec_*() hooks
ext4: make ext4_es_insert_extent() return void
ext4: refactor ext4_da_map_blocks()
ext4: convert to exclusive lock while inserting delalloc extents
Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening
hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening
hv_netvsc: Wait for completion on request SWITCH_DATA_PATH
hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove
hv_netvsc: Make netvsc/VF binding check both MAC and serial number
hv_netvsc: use netif_is_bond_master() instead of open code
hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
mm/hugetlb: change hugetlb_reserve_pages() to type bool
mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
getrusage: add the "signal_struct *sig" local variable
getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()
getrusage: use __for_each_thread()
getrusage: use sig->stats_lock rather than lock_task_sighand()
serial: max310x: Unprepare and disable clock in error path
Drivers: hv: vmbus: Drop error message when 'No request id available'
regmap: allow to define reg_update_bits for no bus configuration
regmap: Add bulk read/write callbacks into regmap_config
serial: max310x: make accessing revision id interface-agnostic
serial: max310x: implement I2C support
serial: max310x: fix IO data corruption in batched operations
Linux 5.10.213
Change-Id: I3450b2b1b545eeb2e3eb862f39d1846a31d17a0a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
52795b4903 |
Merge 5.10.212 into android12-5.10-lts
Changes in 5.10.212 platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names crypto: virtio/akcipher - Fix stack overflow on memcpy mtd: spinand: gigadevice: Support GD5F1GQ5UExxG mtd: spinand: gigadevice: Fix the get ecc status issue netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter net: ip_tunnel: prevent perpetual headroom growth tun: Fix xdp_rxq_info's queue_index when detaching ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected net: usb: dm9601: fix wrong return value in dm9601_mdio_read Bluetooth: Avoid potential use-after-free in hci_error_reset Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Bluetooth: Enforce validation on max value of connection interval netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back efi/capsule-loader: fix incorrect allocation size power: supply: bq27xxx-i2c: Do not free non existing IRQ ALSA: Drop leftover snd-rtctimer stuff from Makefile afs: Fix endless loop in directory parsing riscv: Sparse-Memory/vmemmap out-of-bounds fix tomoyo: fix UAF write bug in tomoyo_write_control() gtp: fix use-after-free and null-ptr-deref in gtp_newlink() wifi: nl80211: reject iftype change with mesh ID change btrfs: dev-replace: properly validate device names dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read dmaengine: fsl-qdma: init irq after reg initialization mmc: core: Fix eMMC initialization with 1-bit bus connection mmc: sdhci-xenon: add timeout for PHY init complete mmc: sdhci-xenon: fix PHY init clock stability pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers mptcp: fix possible deadlock in subflow diag ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() cachefiles: fix memory leak in cachefiles_add_cache() fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super gpio: 74x164: Enable output pins after registers are reset gpiolib: Fix the error path order in gpiochip_add_data_with_key() gpio: fix resource unwinding order in error path mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG mptcp: fix double-free on socket dismantle Linux 5.10.212 Change-Id: I680869be06e0ddfdbd9f63255616ba316f655cb1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Roberto Sassu
|
fbda83d03f |
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
[ Upstream commit ac02f007d64eb2769d0bde742aac4d7a5fc6e8a5 ]
If the SMACK64TRANSMUTE xattr is provided, and the inode is a directory,
update the in-memory inode flags by setting SMK_INODE_TRANSMUTE.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Roberto Sassu
|
a354d9e3b6 |
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
[ Upstream commit 9c82169208dde516510aaba6bbd8b13976690c5d ]
Since the SMACK64TRANSMUTE xattr makes sense only for directories, enforce
this restriction in smack_inode_setxattr().
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
66e91da883 |
This is the 5.10.210 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmXYTLkACgkQONu9yGCS
aT4+fhAAqqR/Cvx53ZKMQ8GZTCudAZnr/Dz6kWYwxhhhIbQjDpCaf9mgsrEDaQS2
ancSZjzYaOUIXq/IsthXxQIUhiZbuM3iuSEi7+odWgSYdkFyzuUt8MWLBGSaB5Er
ojn+APtq7vPXTSnp7uMwqMC3/BHCKkeYIjRVevhhHBKG5d3lzkV1xU8NcvMkLaly
CIRxpWXD3w2b7K0GEbb/zN1GQEHDCQcxjuaJoe/5FKGJkqd3T31eyiJTRumCCMcz
j8vkGkYmcMJpWf04iLgVA1p13I5/HGrXdEBI/GutN8IABIC3Cp42jW8phHYKW5ZM
a4R25LZG5buND1Ubpq+EDrYn3EaPek5XRki0w8ZAXfNa3rYc+N6mQjkzNSOzhJ/5
VNsn3EAE1Dwtar5Z3ASe9ugDbh+0bgx85PbfaADK88V+qWb3DVr1TBWmDNu2vfVP
rv4I0EKu9r3vOE8aNMEBuhAVkIK3mEQUxwab6RKNrMby/5Uwa+ugrrUtQd8V+T1S
j6r6v7u7aZ8mhYO7d6WSvAKL85lCWGbs3WRIKCJZmDRyqWrWW9tVWRN9wrZ2QnRr
iaCQKk8P474P7/j1zwnmih8l4wS1oszveNziWwd0fi1Nn/WQYM+JKYQvpuQijmQ+
J9jLyWo7a59zffIE6mzJdNwFy9hlw9X+VnJmExk/Q88Z7Bt5wPQ=
=laYd
-----END PGP SIGNATURE-----
Merge 5.10.210 into android12-5.10-lts
Changes in 5.10.210
usb: cdns3: Fixes for sparse warnings
usb: cdns3: fix uvc failure work since sg support enabled
usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config
usb: cdns3: fix iso transfer error when mult is not zero
usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled
PCI: mediatek: Clear interrupt status before dispatching handler
units: change from 'L' to 'UL'
units: add the HZ macros
serial: sc16is7xx: set safe default SPI clock frequency
spi: introduce SPI_MODE_X_MASK macro
serial: sc16is7xx: add check for unsupported SPI modes during probe
iio: adc: ad7091r: Set alert bit in config register
iio: adc: ad7091r: Allow users to configure device events
iio: adc: ad7091r: Enable internal vref if external vref is not supplied
dmaengine: fix NULL pointer in channel unregistration function
iio:adc:ad7091r: Move exports into IIO_AD7091R namespace.
ext4: allow for the last group to be marked as trimmed
crypto: api - Disallow identical driver names
PM: hibernate: Enforce ordering during image compression/decompression
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
crypto: s390/aes - Fix buffer overread in CTR mode
rpmsg: virtio: Free driver_override when rpmsg_remove()
bus: mhi: host: Drop chan lock before queuing buffers
parisc/firmware: Fix F-extend for PDC addresses
async: Split async_schedule_node_domain()
async: Introduce async_schedule_dev_nocall()
arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts
lsm: new security_file_ioctl_compat() hook
scripts/get_abi: fix source path leak
mmc: core: Use mrq.sbc in close-ended ffu
mmc: mmc_spi: remove custom DMA mapped buffers
rtc: Adjust failure return code for cmos_set_alarm()
nouveau/vmm: don't set addr on the fail path to avoid warning
ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
rename(): fix the locking of subdirectories
block: Remove special-casing of compound pages
stddef: Introduce DECLARE_FLEX_ARRAY() helper
smb3: Replace smb2pdu 1-element arrays with flex-arrays
mm: vmalloc: introduce array allocation functions
KVM: use __vcalloc for very large allocations
net/smc: fix illegal rmb_desc access in SMC-D connection dump
tcp: make sure init the accept_queue's spinlocks once
bnxt_en: Wait for FLR to complete during probe
vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
llc: make llc_ui_sendmsg() more robust against bonding changes
llc: Drop support for ETH_P_TR_802_2.
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
tracing: Ensure visibility when inserting an element into tracing_map
afs: Hide silly-rename files from userspace
tcp: Add memory barrier to tcp_push()
netlink: fix potential sleeping issue in mqueue_flush_file
ipv6: init the accept_queue's spinlocks in inet6_create
net/mlx5: DR, Use the right GVMI number for drop action
net/mlx5e: fix a double-free in arfs_create_groups
netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
netfilter: nf_tables: validate NFPROTO_* family
net: mvpp2: clear BM pool before initialization
selftests: netdevsim: fix the udp_tunnel_nic test
fjes: fix memleaks in fjes_hw_setup
net: fec: fix the unhandled context fault from smmu
btrfs: ref-verify: free ref cache before clearing mount opt
btrfs: tree-checker: fix inline ref size in error messages
btrfs: don't warn if discard range is not aligned to sector
btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
rbd: don't move requests to the running list on errors
exec: Fix error handling in begin_new_exec()
wifi: iwlwifi: fix a memory corruption
netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
drm: Don't unref the same fb many times by mistake due to deadlock handling
drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
drm/tidss: Fix atomic_flush check
drm/bridge: nxp-ptn3460: simplify some error checking
PM: sleep: Use dev_printk() when possible
PM: sleep: Avoid calling put_device() under dpm_list_mtx
PM: core: Remove unnecessary (void *) conversions
PM: sleep: Fix possible deadlocks in core system-wide PM code
fs/pipe: move check to pipe_has_watch_queue()
pipe: wakeup wr_wait after setting max_usage
ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12
arm64: dts: qcom: sc7180: Use pdc interrupts for USB instead of GIC interrupts
arm64: dts: qcom: sc7180: fix USB wakeup interrupt types
media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run
mm: use __pfn_to_section() instead of open coding it
mm/sparsemem: fix race in accessing memory_section->usage
btrfs: remove err variable from btrfs_delete_subvolume
btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted
drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33]
drm/exynos: fix accidental on-stack copy of exynos_drm_plane
drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume
gpio: eic-sprd: Clear interrupt after set the interrupt type
spi: bcm-qspi: fix SFDP BFPT read by usig mspi read
mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
tick/sched: Preserve number of idle sleeps across CPU hotplug events
x86/entry/ia32: Ensure s32 is sign extended to s64
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
powerpc: Fix build error due to is_valid_bugaddr()
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
x86/boot: Ignore NMIs during very early boot
powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE
powerpc/lib: Validate size for vector operations
x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file
debugobjects: Stop accessing objects after releasing hash bucket lock
regulator: core: Only increment use_count when enable_count changes
audit: Send netlink ACK before setting connection in auditd_set
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
PNP: ACPI: fix fortify warning
ACPI: extlog: fix NULL pointer dereference check
PM / devfreq: Synchronize devfreq_monitor_[start/stop]
ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
UBSAN: array-index-out-of-bounds in dtSplitRoot
jfs: fix slab-out-of-bounds Read in dtSearch
jfs: fix array-index-out-of-bounds in dbAdjTree
jfs: fix uaf in jfs_evict_inode
pstore/ram: Fix crash when setting number of cpus to an odd number
crypto: stm32/crc32 - fix parsing list of devices
afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
jfs: fix array-index-out-of-bounds in diNewExt
s390/ptrace: handle setting of fpc register correctly
KVM: s390: fix setting of fpc register
SUNRPC: Fix a suspicious RCU usage warning
ecryptfs: Reject casefold directory inodes
ext4: fix inconsistent between segment fstrim and full fstrim
ext4: unify the type of flexbg_size to unsigned int
ext4: remove unnecessary check from alloc_flex_gd()
ext4: avoid online resizing failures due to oversized flex bg
wifi: rt2x00: restart beacon queue when hardware reset
selftests/bpf: satisfy compiler by having explicit return in btf test
selftests/bpf: Fix pyperf180 compilation failure with clang18
scsi: lpfc: Fix possible file string name overflow when updating firmware
PCI: Add no PM reset quirk for NVIDIA Spectrum devices
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
scsi: arcmsr: Support new PCI device IDs 1883 and 1886
ARM: dts: imx7d: Fix coresight funnel ports
ARM: dts: imx7s: Fix lcdif compatible
ARM: dts: imx7s: Fix nand-controller #size-cells
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
scsi: libfc: Don't schedule abort twice
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
bpf: Set uattr->batch.count as zero before batched update or deletion
ARM: dts: rockchip: fix rk3036 hdmi ports node
ARM: dts: imx25/27-eukrea: Fix RTC node name
ARM: dts: imx: Use flash@0,0 pattern
ARM: dts: imx27: Fix sram node
ARM: dts: imx1: Fix sram node
ionic: pass opcode to devcmd_wait
block/rnbd-srv: Check for unlikely string overflow
ARM: dts: imx25: Fix the iim compatible string
ARM: dts: imx25/27: Pass timing0
ARM: dts: imx27-apf27dev: Fix LED name
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
ARM: dts: imx23/28: Fix the DMA controller node name
net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path
block: prevent an integer overflow in bvec_try_merge_hw_page
md: Whenassemble the array, consult the superblock of the freshest device
arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property
arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
wifi: cfg80211: free beacon_ies when overridden from hidden BSS
Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
Bluetooth: L2CAP: Fix possible multiple reject send
i40e: Fix VF disable behavior to block all traffic
f2fs: fix to check return value of f2fs_reserve_new_block()
ALSA: hda: Refer to correct stream index at loops
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
fast_dput(): handle underflows gracefully
RDMA/IPoIB: Fix error code return in ipoib_mcast_join
drm/amd/display: Fix tiled display misalignment
f2fs: fix write pointers on zoned device after roll forward
drm/drm_file: fix use of uninitialized variable
drm/framebuffer: Fix use of uninitialized variable
drm/mipi-dsi: Fix detach call without attach
media: stk1160: Fixed high volume of stk1160_dbg messages
media: rockchip: rga: fix swizzling for RGB formats
PCI: add INTEL_HDA_ARL to pci_ids.h
ALSA: hda: Intel: add HDA_ARL PCI ID support
ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
IB/ipoib: Fix mcast list locking
media: ddbridge: fix an error code problem in ddb_probe
drm/msm/dpu: Ratelimit framedone timeout msgs
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
drm/amdgpu: Let KFD sync with VM fences
drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
um: Fix naming clash between UML and scheduler
um: Don't use vfprintf() for os_info()
um: net: Fix return type of uml_net_start_xmit()
i3c: master: cdns: Update maximum prescaler value for i2c clock
xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
PCI: Only override AMD USB controller if required
PCI: switchtec: Fix stdev_release() crash after surprise hot remove
usb: hub: Replace hardcoded quirk value with BIT() macro
tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
fs/kernfs/dir: obey S_ISGID
PCI/AER: Decode Requester ID when no error info found
libsubcmd: Fix memory leak in uniq()
virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings
blk-mq: fix IO hang from sbitmap wakeup race
ceph: fix deadlock or deadcode of misusing dget()
drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()'
drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()'
perf: Fix the nr_addr_filters fix
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
drm: using mul_u32_u32() requires linux/math64.h
scsi: isci: Fix an error code problem in isci_io_request_build()
scsi: core: Introduce enum scsi_disposition
scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
ip6_tunnel: use dev_sw_netstats_rx_add()
ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
net-zerocopy: Refactor frag-is-remappable test.
tcp: add sanity checks to rx zerocopy
ixgbe: Remove non-inclusive language
ixgbe: Refactor returning internal error codes
ixgbe: Refactor overtemp event handling
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
llc: call sock_orphan() at release time
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
net: ipv4: fix a memleak in ip_setup_cork
af_unix: fix lockdep positive in sk_diag_dump_icons()
net: sysfs: Fix /sys/class/net/<iface> path
HID: apple: Add support for the 2021 Magic Keyboard
HID: apple: Add 2021 magic keyboard FN key mapping
bonding: remove print in bond_verify_device_path
uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++
PM: sleep: Fix error handling in dpm_prepare()
dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
dmaengine: ti: k3-udma: Report short packet errors
dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA
dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case
net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
selftests: net: avoid just another constant wait
tunnels: fix out of bounds access when building IPv6 PMTU error
atm: idt77252: fix a memleak in open_card_ubr0
hwmon: (aspeed-pwm-tacho) mutex for tach reading
hwmon: (coretemp) Fix out-of-bounds memory access
hwmon: (coretemp) Fix bogus core_id to attr name mapping
inet: read sk->sk_family once in inet_recv_error()
rxrpc: Fix response to PING RESPONSE ACKs to a dead call
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
ppp_async: limit MRU to 64K
netfilter: nft_compat: reject unused compat flag
netfilter: nft_compat: restrict match/target protocol to u16
netfilter: nft_ct: reject direction for ct id
netfilter: nft_set_pipapo: store index in scratch maps
netfilter: nft_set_pipapo: add helper to release pcpu scratch area
netfilter: nft_set_pipapo: remove scratch_aligned pointer
scsi: core: Move scsi_host_busy() out of host lock if it is for per-command
blk-iocost: Fix an UBSAN shift-out-of-bounds warning
net/af_iucv: clean up a try_then_request_module()
USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
USB: serial: option: add Fibocom FM101-GL variant
USB: serial: cp210x: add ID for IMST iM871A-USB
usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK
hrtimer: Report offline hrtimer enqueue
Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
vhost: use kzalloc() instead of kmalloc() followed by memset()
clocksource: Skip watchdog check for large watchdog intervals
net: stmmac: xgmac: use #define for string constants
net: stmmac: xgmac: fix a typo of register name in DPP safety handling
netfilter: nft_set_rbtree: skip end interval element from gc
btrfs: forbid creating subvol qgroups
btrfs: do not ASSERT() if the newly created subvolume already got read
btrfs: forbid deleting live subvol qgroup
btrfs: send: return EOPNOTSUPP on unknown flags
of: unittest: Fix compile in the non-dynamic case
net: openvswitch: limit the number of recursions from action sets
spi: ppc4xx: Drop write-only variable
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
net: sysfs: Fix /sys/class/net/<iface> path for statistics
MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
i40e: Fix waiting for queues of all VSIs to be disabled
tracing/trigger: Fix to return error if failed to alloc snapshot
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32
ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
HID: wacom: generic: Avoid reporting a serial of '0' to userspace
HID: wacom: Do not register input devices until after hid_hw_start
usb: ucsi_acpi: Fix command completion handling
USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
usb: f_mass_storage: forbid async queue when shutdown happen
media: ir_toy: fix a memleak in irtoy_tx
powerpc/kasan: Fix addr error caused by page alignment
i2c: i801: Remove i801_set_block_buffer_mode
i2c: i801: Fix block process call transactions
modpost: trim leading spaces when processing source files list
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
lsm: fix the logic in security_inode_getsecctx()
firewire: core: correct documentation of fw_csr_string() kernel API
kbuild: Fix changing ELF file type for output of gen_btf for big endian
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
xen-netback: properly sync TX responses
ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
binder: signal epoll threads of self-work
misc: fastrpc: Mark all sessions as invalid in cb_remove
ext4: fix double-free of blocks due to wrong extents moved_len
tracing: Fix wasted memory in saved_cmdlines logic
staging: iio: ad5933: fix type mismatch regression
iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
iio: accel: bma400: Fix a compilation problem
media: rc: bpf attach/detach requires write permission
hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
ring-buffer: Clean ring_buffer_poll_wait() error return
serial: max310x: set default value when reading clock ready bit
serial: max310x: improve crystal stable clock detection
x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
mmc: slot-gpio: Allow non-sleeping GPIO ro
ALSA: hda/conexant: Add quirk for SWS JS201D
nilfs2: fix data corruption in dsync block recovery for small block sizes
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
nfp: use correct macro for LengthSelect in BAR config
nfp: flower: prevent re-adding mac index for bonded port
wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
irqchip/irq-brcmstb-l2: Add write memory barrier before exit
irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
s390/qeth: Fix potential loss of L3-IP@ in case of network issues
ceph: prevent use-after-free in encode_cap_msg()
of: property: fix typo in io-channels
can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
pmdomain: core: Move the unused cleanup to a _sync initcall
tracing: Inform kmemleak of saved_cmdlines allocation
Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
bus: moxtet: Add spi device table
PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support
mips: Fix max_mapnr being uninitialized on early stages
crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
serial: Add rs485_supported to uart_port
serial: 8250_exar: Fill in rs485_supported
serial: 8250_exar: Set missing rs485_supported flag
scripts/decode_stacktrace.sh: silence stderr messages from addr2line/nm
scripts/decode_stacktrace.sh: support old bash version
scripts: decode_stacktrace: demangle Rust symbols
scripts/decode_stacktrace.sh: optionally use LLVM utilities
netfilter: ipset: fix performance regression in swap operation
netfilter: ipset: Missing gc cancellations fixed
hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
Revert "arm64: Stash shadow stack pointer in the task struct on interrupt"
net: prevent mss overflow in skb_segment()
sched/membarrier: reduce the ability to hammer on sys_membarrier
nilfs2: fix potential bug in end_buffer_async_write
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
dm: limit the number of targets and parameter size area
PM: runtime: add devm_pm_runtime_enable helper
PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend()
drm/msm/dsi: Enable runtime PM
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
net: bcmgenet: Fix EEE implementation
PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()
Linux 5.10.210
Change-Id: I5e7327f58dd6abd26ac2b1e328a81c1010d1147c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Ondrej Mosnacek
|
c09ffff246 |
lsm: fix default return value of the socket_getpeersec_*() hooks
[ Upstream commit 5a287d3d2b9de2b3e747132c615599907ba5c3c1 ]
For these hooks the true "neutral" value is -EOPNOTSUPP, which is
currently what is returned when no LSM provides this hook and what LSMs
return when there is no security context set on the socket. Correct the
value in <linux/lsm_hooks.h> and adjust the dispatch functions in
security/security.c to avoid issues when the BPF LSM is enabled.
Cc: stable@vger.kernel.org
Fixes:
|
||
Paul Moore
|
ea6e87db90 |
lsm: make security_socket_getpeersec_stream() sockptr_t safe
[ Upstream commit b10b9c342f7571f287fd422be5d5c0beb26ba974 ]
Commit 4ff09db1b79b ("bpf: net: Change sk_getsockopt() to take the
sockptr_t argument") made it possible to call sk_getsockopt()
with both user and kernel address space buffers through the use of
the sockptr_t type. Unfortunately at the time of conversion the
security_socket_getpeersec_stream() LSM hook was written to only
accept userspace buffers, and in a desire to avoid having to change
the LSM hook the commit author simply passed the sockptr_t's
userspace buffer pointer. Since the only sk_getsockopt() callers
at the time of conversion which used kernel sockptr_t buffers did
not allow SO_PEERSEC, and hence the
security_socket_getpeersec_stream() hook, this was acceptable but
also very fragile as future changes presented the possibility of
silently passing kernel space pointers to the LSM hook.
There are several ways to protect against this, including careful
code review of future commits, but since relying on code review to
catch bugs is a recipe for disaster and the upstream eBPF maintainer
is "strongly against defensive programming", this patch updates the
LSM hook, and all of the implementations to support sockptr_t and
safely handle both user and kernel space buffers.
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Stable-dep-of: 5a287d3d2b9d ("lsm: fix default return value of the socket_getpeersec_*() hooks")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Tetsuo Handa
|
a23ac1788e |
tomoyo: fix UAF write bug in tomoyo_write_control()
commit 2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815 upstream.
Since tomoyo_write_control() updates head->write_buf when write()
of long lines is requested, we need to fetch head->write_buf after
head->io_sem is held. Otherwise, concurrent write() requests can
cause use-after-free-write and double-free problems.
Reported-by: Sam Sun <samsun1006219@gmail.com>
Closes: https://lkml.kernel.org/r/CAEkJfYNDspuGxYx5kym8Lvp--D36CMDUErg4rxfWFJuPbbji8g@mail.gmail.com
Fixes:
|
||
|
Ondrej Mosnacek
|
2dc1d93b2c |
lsm: fix the logic in security_inode_getsecctx()
commit 99b817c173cd213671daecd25ca27f56b0c7c4ec upstream. The inode_getsecctx LSM hook has previously been corrected to have -EOPNOTSUPP instead of 0 as the default return value to fix BPF LSM behavior. However, the call_int_hook()-generated loop in security_inode_getsecctx() was left treating 0 as the neutral value, so after an LSM returns 0, the loop continues to try other LSMs, and if one of them returns a non-zero value, the function immediately returns with said value. So in a situation where SELinux and the BPF LSMs registered this hook, -EOPNOTSUPP would be incorrectly returned whenever SELinux returned 0. Fix this by open-coding the call_int_hook() loop and making it use the correct LSM_RET_DEFAULT() value as the neutral one, similar to what other hooks do. Cc: stable@vger.kernel.org Reported-by: Stephen Smalley <stephen.smalley.work@gmail.com> Link: https://lore.kernel.org/selinux/CAEjxPJ4ev-pasUwGx48fDhnmjBnq_Wh90jYPwRQRAqXxmOKD4Q@mail.gmail.com/ Link: https://bugzilla.redhat.com/show_bug.cgi?id=2257983 Fixes: b36995b8609a ("lsm: fix default return value for inode_getsecctx") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> [PM: subject line tweak] Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Alfred Piccioni
|
311dc5afad |
lsm: new security_file_ioctl_compat() hook
commit f1bb47a31dff6d4b34fb14e99850860ee74bb003 upstream.
Some ioctl commands do not require ioctl permission, but are routed to
other permissions such as FILE_GETATTR or FILE_SETATTR. This routing is
done by comparing the ioctl cmd to a set of 64-bit flags (FS_IOC_*).
However, if a 32-bit process is running on a 64-bit kernel, it emits
32-bit flags (FS_IOC32_*) for certain ioctl operations. These flags are
being checked erroneously, which leads to these ioctl operations being
routed to the ioctl permission, rather than the correct file
permissions.
This was also noted in a RED-PEN finding from a while back -
"/* RED-PEN how should LSM module know it's handling 32bit? */".
This patch introduces a new hook, security_file_ioctl_compat(), that is
called from the compat ioctl syscall. All current LSMs have been changed
to support this hook.
Reviewing the three places where we are currently using
security_file_ioctl(), it appears that only SELinux needs a dedicated
compat change; TOMOYO and SMACK appear to be functional without any
change.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
7e6944b050 |
This is the 5.10.209 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmWy4soACgkQONu9yGCS
aT5VxA/8DwcU5ST4AJ4EOaaWHUU/HHMV2/bSOLDhVTEl4gEnaj3LeOz2bIrfzNgb
9bHBYCtl3PFl+hZxY3wvC55o80SeIjskpU9rHvzQ36y8dd+uIfXjhLHPBHV7AO4m
Yu6+dEoaJqFpVgyBKn+YFg6x0w8m1sWX5tcrQRkcMt/REak91bqdf8l0JDz1Jd2d
uiCh3ssy9yNl7UTdPovzgK9IZ4zv0Kk13F9lXcsMEmjmB3awyaQlglBlCG0NEUKj
wRWzT4uKHHcW4sHg/UyEfVUnKQGZvf7/eOAXK2kEsBFSzcl+QLwZxWSmRDL81dzl
1jjivPCQKtEPZqIZnDQuNvtijw5NNT/yJ5yRlJ7qmuCuBA/2VYqecEAVERhd6dYj
le6oMu3340G5Dyq43XhOtPf+Fm1HkuMtQ49oyK8k/nEZSFGDWlrJ//cuOWYjUbpo
d/fgCaLCxAm60KPiCnGdC7GQcIDJBbgjC3XDvxYGLA0ee+31XqhHDTlOkeHv+7oP
3PwSssT/M4Ppwzb0Imna/qaCO7lKUbS4oQSLahbfGg+fyAKfM7N3No7raF+L4VIE
RACbvKrSfv2WuTncQBdd/kQ2kvhuGMD4L1WjXNFi2VQzI2JbEcYZcJWYXF5tvCNj
aotDJumjF0WtGWcEdKg8Cr2AArMm6dHmRS5VVIG+taWpiWIl5lc=
=iU8L
-----END PGP SIGNATURE-----
Merge 5.10.209 into android12-5.10-lts
Changes in 5.10.209
f2fs: explicitly null-terminate the xattr list
pinctrl: lochnagar: Don't build on MIPS
ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro
mptcp: fix uninit-value in mptcp_incoming_options
debugfs: fix automount d_fsdata usage
drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer
nvme-core: check for too small lba shift
ASoC: wm8974: Correct boost mixer inputs
ASoC: Intel: Skylake: Fix mem leak in few functions
ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16
ASoC: Intel: Skylake: mem leak in skl register function
ASoC: cs43130: Fix the position of const qualifier
ASoC: cs43130: Fix incorrect frame delay configuration
ASoC: rt5650: add mutex to avoid the jack detection failure
nouveau/tu102: flush all pdbs on vmm flush
net/tg3: fix race condition in tg3_reset_task()
ASoC: da7219: Support low DC impedance headset
nvme: introduce helper function to get ctrl state
drm/exynos: fix a potential error pointer dereference
drm/exynos: fix a wrong error checking
clk: rockchip: rk3128: Fix HCLK_OTG gate register
jbd2: correct the printing of write_flags in jbd2_write_superblock()
drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
neighbour: Don't let neigh_forced_gc() disable preemption for long
jbd2: fix soft lockup in journal_finish_inode_data_buffers()
tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
tracing: Add size check when printing trace_marker output
ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI
reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
Input: atkbd - skip ATKBD_CMD_GETID in translated mode
Input: i8042 - add nomux quirk for Acer P459-G2-M
s390/scm: fix virtual vs physical address confusion
ARC: fix spare error
Input: xpad - add Razer Wolverine V2 support
i2c: rk3x: fix potential spinlock recursion on poll
ida: Fix crash in ida_free when the bitmap is empty
net: qrtr: ns: Return 0 if server port is not present
ARM: sun9i: smp: fix return code check of of_property_match_string
drm/crtc: fix uninitialized variable use
ACPI: resource: Add another DMI match for the TongFang GMxXGxx
binder: use EPOLLERR from eventpoll.h
binder: fix trivial typo of binder_free_buf_locked()
binder: fix comment on binder_alloc_new_buf() return value
uio: Fix use-after-free in uio_open
parport: parport_serial: Add Brainboxes BAR details
parport: parport_serial: Add Brainboxes device IDs and geometry
PCI: Add ACS quirk for more Zhaoxin Root Ports
coresight: etm4x: Fix width of CCITMIN field
x86/lib: Fix overflow when counting digits
EDAC/thunderx: Fix possible out-of-bounds string access
powerpc: add crtsavres.o to always-y instead of extra-y
powerpc: Remove in_kernel_text()
powerpc/44x: select I2C for CURRITUCK
powerpc/pseries/memhotplug: Quieten some DLPAR operations
powerpc/pseries/memhp: Fix access beyond end of drmem array
selftests/powerpc: Fix error handling in FPU/VMX preemption tests
powerpc/powernv: Add a null pointer check to scom_debug_init_one()
powerpc/powernv: Add a null pointer check in opal_event_init()
powerpc/powernv: Add a null pointer check in opal_powercap_init()
powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
spi: spi-zynqmp-gqspi: fix driver kconfig dependencies
mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response
ACPI: video: check for error while searching for backlight device parent
ACPI: LPIT: Avoid u32 multiplication overflow
of: property: define of_property_read_u{8,16,32,64}_array() unconditionally
of: Add of_property_present() helper
cpufreq: Use of_property_present() for testing DT property presence
cpufreq: scmi: process the result of devm_of_clk_add_hw_provider()
net: netlabel: Fix kerneldoc warnings
netlabel: remove unused parameter in netlbl_netlink_auditinfo()
calipso: fix memory leak in netlbl_calipso_add_pass()
efivarfs: force RO when remounting if SetVariable is not supported
spi: sh-msiof: Enforce fixed DTDL for R-Car H3
ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error
mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket
virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC
virtio-crypto: introduce akcipher service
virtio-crypto: implement RSA algorithm
virtio-crypto: change code style
virtio-crypto: use private buffer for control request
virtio-crypto: wait ctrl queue instead of busy polling
crypto: virtio - Handle dataq logic with tasklet
crypto: sa2ul - Return crypto_aead_setkey to transfer the error
crypto: ccp - fix memleak in ccp_init_dm_workarea
crypto: af_alg - Disallow multiple in-flight AIO requests
crypto: sahara - remove FLAGS_NEW_KEY logic
crypto: sahara - fix cbc selftest failure
crypto: sahara - fix ahash selftest failure
crypto: sahara - fix processing requests with cryptlen < sg->length
crypto: sahara - fix error handling in sahara_hw_descriptor_create()
pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()
fs: indicate request originates from old mount API
Revert "gfs2: Don't reject a supposedly full bitmap if we have blocks reserved"
gfs2: Also reflect single-block allocations in rgd->rd_extfail_pt
gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
crypto: virtio - Wait for tasklet to complete on device remove
crypto: sahara - avoid skcipher fallback code duplication
crypto: sahara - handle zero-length aes requests
crypto: sahara - fix ahash reqsize
crypto: sahara - fix wait_for_completion_timeout() error handling
crypto: sahara - improve error handling in sahara_sha_process()
crypto: sahara - fix processing hash requests with req->nbytes < sg->length
crypto: sahara - do not resize req->src when doing hash operations
crypto: scomp - fix req->dst buffer overflow
blocklayoutdriver: Fix reference leak of pnfs_device_node
NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT
wifi: rtw88: fix RX filter in FIF_ALLMULTI flag
bpf, lpm: Fix check prefixlen before walking trie
bpf: Add crosstask check to __bpf_get_stack
wifi: ath11k: Defer on rproc_get failure
wifi: libertas: stop selecting wext
ARM: dts: qcom: apq8064: correct XOADC register address
ncsi: internal.h: Fix a spello
net/ncsi: Fix netlink major/minor version numbers
firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()
firmware: meson_sm: populate platform devices from sm device tree data
wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior
arm64: dts: ti: k3-am65-main: Fix DSS irq trigger type
bpf: fix check for attempt to corrupt spilled pointer
scsi: fnic: Return error if vmalloc() failed
arm64: dts: qcom: qrb5165-rb5: correct LED panic indicator
arm64: dts: qcom: sdm845-db845c: correct LED panic indicator
bpf: Fix verification of indirect var-off stack access
scsi: hisi_sas: Replace with standard error code return value
selftests/net: fix grep checking for fib_nexthop_multiprefix
virtio/vsock: fix logic which reduces credit update messages
dma-mapping: Add dma_release_coherent_memory to DMA API
dma-mapping: clear dev->dma_mem to NULL after freeing it
wifi: rtlwifi: add calculate_bit_shift()
wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()
wifi: rtlwifi: rtl8192c: using calculate_bit_shift()
wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()
wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()
rtlwifi: rtl8192de: make arrays static const, makes object smaller
wifi: rtlwifi: rtl8192de: using calculate_bit_shift()
wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()
wifi: rtlwifi: rtl8192se: using calculate_bit_shift()
netfilter: nf_tables: mark newset as dead on transaction abort
Bluetooth: Fix bogus check for re-auth no supported with non-ssp
Bluetooth: btmtkuart: fix recv_buf() return value
ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
ARM: davinci: always select CONFIG_CPU_ARM926T
RDMA/usnic: Silence uninitialized symbol smatch warnings
drm/panel-elida-kd35t133: hold panel in reset for unprepare
rcu: Create an unrcu_pointer() to remove __rcu from a pointer
drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer
drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function
media: pvrusb2: fix use after free on context disconnection
drm/bridge: Fix typo in post_disable() description
f2fs: fix to avoid dirent corruption
drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()
drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()
drm/radeon: check return value of radeon_ring_lock()
ASoC: cs35l33: Fix GPIO name and drop legacy include
ASoC: cs35l34: Fix GPIO name and drop legacy include
drm/msm/mdp4: flush vblank event on disable
drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks
drm/drv: propagate errors from drm_modeset_register_all()
drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
drm/radeon/dpm: fix a memleak in sumo_parse_power_table
drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table
drm/bridge: tc358767: Fix return value on error case
media: cx231xx: fix a memleak in cx231xx_init_isoc
clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config
media: rkisp1: Disable runtime PM in probe error path
f2fs: fix to check compress file in f2fs_move_file_range()
f2fs: fix to update iostat correctly in f2fs_filemap_fault()
media: dvbdev: drop refcount on error path in dvb_device_open()
media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe()
drm/amdgpu/debugfs: fix error code when smc register accessors are NULL
drm/amd/pm: fix a double-free in si_dpm_init
drivers/amd/pm: fix a use-after-free in kv_parse_power_table
gpu/drm/radeon: fix two memleaks in radeon_vm_init
dt-bindings: clock: Update the videocc resets for sm8150
clk: qcom: videocc-sm8150: Update the videocc resets
clk: qcom: videocc-sm8150: Add missing PLL config property
drivers: clk: zynqmp: calculate closest mux rate
clk: zynqmp: make bestdiv unsigned
clk: zynqmp: Add a check for NULL pointer
drivers: clk: zynqmp: update divider round rate logic
watchdog: set cdev owner before adding
watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO
watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling
watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused
clk: si5341: fix an error code problem in si5341_output_clk_set_rate
clk: fixed-rate: add devm_clk_hw_register_fixed_rate
clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw
pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable
pwm: stm32: Use hweight32 in stm32_pwm_detect_channels
pwm: stm32: Fix enable count for clk in .probe()
mmc: sdhci_am654: Fix TI SoC dependencies
mmc: sdhci_omap: Fix TI SoC dependencies
IB/iser: Prevent invalidating wrong MR
of: Fix double free in of_parse_phandle_with_args_map
of: unittest: Fix of_count_phandle_with_args() expected value message
keys, dns: Fix size check of V1 server-list header
binder: fix async space check for 0-sized buffers
binder: fix unused alloc->free_async_space
binder: fix use-after-free in shinker's callback
Input: atkbd - use ab83 as id when skipping the getid command
dma-mapping: Fix build error unused-value
virtio-crypto: fix memory-leak
virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()
Revert "ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek"
kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list
net: ethernet: mtk_eth_soc: remove duplicate if statements
xen-netback: don't produce zero-size SKB frags
binder: fix race between mmput() and do_exit()
tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug
usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()
usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart
Revert "usb: dwc3: Soft reset phy on probe for host"
Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only"
usb: chipidea: wait controller resume finished for wakeup irq
Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs"
usb: typec: class: fix typec_altmode_put_partner to put plugs
usb: mon: Fix atomicity violation in mon_bin_vma_fault
serial: imx: Ensure that imx_uart_rs485_config() is called with enabled clock
ALSA: oxygen: Fix right channel of capture volume mixer
ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx
fbdev: flush deferred work in fb_deferred_io_fsync()
pwm: jz4740: Don't use dev_err_probe() in .request()
io_uring/rw: ensure io->bytes_done is always initialized
rootfs: Fix support for rootfstype= when root= is given
Bluetooth: Fix atomicity violation in {min,max}_key_size_set
iommu/arm-smmu-qcom: Add missing GMU entry to match table
wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code
wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors
wifi: mwifiex: configure BSSID consistently when starting AP
x86/kvm: Do not try to disable kvmclock if it was not enabled
KVM: arm64: vgic-v4: Restore pending state on host userspace write
KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
iio: adc: ad7091r: Pass iio_dev to event handler
HID: wacom: Correct behavior when processing some confidence == false touches
mfd: syscon: Fix null pointer dereference in of_syscon_register()
leds: aw2013: Select missing dependency REGMAP_I2C
mips: dmi: Fix early remap on MIPS32
mips: Fix incorrect max_low_pfn adjustment
MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup()
MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup()
power: supply: cw2015: correct time_to_empty units in sysfs
serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed
libapi: Add missing linux/types.h header to get the __u64 type on io.h
acpi: property: Let args be NULL in __acpi_node_get_property_reference
software node: Let args be NULL in software_node_get_reference_args
serial: imx: fix tx statemachine deadlock
iio: adc: ad9467: Benefit from devm_clk_get_enabled() to simplify
iio: adc: ad9467: fix reset gpio handling
iio: adc: ad9467: don't ignore error codes
iio: adc: ad9467: fix scale setting
perf genelf: Set ELF program header addresses properly
tty: change tty_write_lock()'s ndelay parameter to bool
tty: early return from send_break() on TTY_DRIVER_HARDWARE_BREAK
tty: don't check for signal_pending() in send_break()
tty: use 'if' in send_break() instead of 'goto'
usb: cdc-acm: return correct error code on unsupported break
nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
nvmet-tcp: fix a crash in nvmet_req_complete()
perf env: Avoid recursively taking env->bpf_progs.lock
apparmor: avoid crash when parsed profile name is empty
serial: imx: Correct clock error message in function probe()
nvmet-tcp: Fix the H2C expected PDU len calculation
PCI: keystone: Fix race condition when initializing PHYs
s390/pci: fix max size calculation in zpci_memcpy_toio()
net: qualcomm: rmnet: fix global oob in rmnet_policy
net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet frames
net: phy: micrel: populate .soft_reset for KSZ9131
net: ravb: Fix dma_addr_t truncation in error case
net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe
netfilter: nf_tables: do not allow mismatch field size and set key length
netfilter: nf_tables: skip dead set elements in netlink dump
netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description
ipvs: avoid stat macros calls from preemptible context
kdb: Fix a potential buffer overflow in kdb_local()
ethtool: netlink: Add missing ethnl_ops_begin/complete
mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure
mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable
mlxsw: spectrum_acl_tcam: Add missing mutex_destroy()
mlxsw: spectrum_acl_tcam: Make fini symmetric to init
mlxsw: spectrum_acl_tcam: Reorder functions to avoid forward declarations
mlxsw: spectrum_acl_tcam: Fix stack corruption
selftests: mlxsw: qos_pfc: Convert to iproute2 dcb
selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes
i2c: s3c24xx: fix read transfers in polling mode
i2c: s3c24xx: fix transferring more than one message in polling mode
arm64: dts: armada-3720-turris-mox: set irq type for RTC
Linux 5.10.209
Change-Id: I86438e299a811ccb08c5a27b2259c33cd482ff00
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Fedor Pchelkin
|
5ff00408e5 |
apparmor: avoid crash when parsed profile name is empty
[ Upstream commit 55a8210c9e7d21ff2644809699765796d4bfb200 ]
When processing a packed profile in unpack_profile() described like
"profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}"
a string ":samba-dcerpcd" is unpacked as a fully-qualified name and then
passed to aa_splitn_fqname().
aa_splitn_fqname() treats ":samba-dcerpcd" as only containing a namespace.
Thus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later
aa_alloc_profile() crashes as the new profile name is NULL now.
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
RIP: 0010:strlen+0x1e/0xa0
Call Trace:
<TASK>
? strlen+0x1e/0xa0
aa_policy_init+0x1bb/0x230
aa_alloc_profile+0xb1/0x480
unpack_profile+0x3bc/0x4960
aa_unpack+0x309/0x15e0
aa_replace_profiles+0x213/0x33c0
policy_update+0x261/0x370
profile_replace+0x20e/0x2a0
vfs_write+0x2af/0xe00
ksys_write+0x126/0x250
do_syscall_64+0x46/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0x76
</TASK>
---[ end trace 0000000000000000 ]---
RIP: 0010:strlen+0x1e/0xa0
It seems such behaviour of aa_splitn_fqname() is expected and checked in
other places where it is called (e.g. aa_remove_profiles). Well, there
is an explicit comment "a ns name without a following profile is allowed"
inside.
AFAICS, nothing can prevent unpacked "name" to be in form like
":samba-dcerpcd" - it is passed from userspace.
Deny the whole profile set replacement in such case and inform user with
EPROTO and an explaining message.
Found by Linux Verification Center (linuxtesting.org).
Fixes:
|
||
Mickaël Salaün
|
1bc7a682ed |
selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket
[ Upstream commit bbf5a1d0e5d0fb3bdf90205aa872636122692a50 ]
The IPv6 network stack first checks the sockaddr length (-EINVAL error)
before checking the family (-EAFNOSUPPORT error).
This was discovered thanks to commit a549d055a22e ("selftests/landlock:
Add network tests").
Cc: Eric Paris <eparis@parisplace.org>
Cc: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
Reported-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Closes: https://lore.kernel.org/r/0584f91c-537c-4188-9e4f-04f192565667@collabora.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
8a9d593fd6 |
This is the 5.10.206 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmWYDlYACgkQONu9yGCS aT5i8A//V/cQxM4ABg2SGkOLg9TFEmUC/TsrvbmSjwTTpOgi1XuncuxBxoLz6eb4 G8nCmFjuh2E8YL2WMXn5Gs891J6enlc+Pg8Iz54NVXKff4RJZy2zP2KEVmHwYS5R Bm2uUsfqQFXZ4V6tRUBiUTtk/aLyNKbiJEV/eg/1NL27xoNTfWFICnq8Jr7liCxt kedPiN6MAVzHCJ00IPRSFFuVHgofI1lPhCg6qbU0KEmfU/3sXZ3hP4ewBI/QbAIF MO3XLXTpWU8QnKqr50cnW30pxhm+Lc/n/TokgRC0Ng1YtDms6zFyLxCX5CDH1FHf Y3QhS5HVZmR2x7Ga5wd8gLwoXun/HU7y+GCVD1ToiWch/zF/vUgYK80Hkxsc/0Wf UUs8erxkGKpidpOrqNOgHxeTtpLbTVYGi/F8XMoohUW7qmlLvyiezU/wHapJ6EZA T93QS/WhY993b2Hz7apu3o7Jm9ZpiVIpoRiniWRkcoLltZM7RdZTqnIHr/0PAZbD qtOzQrCDCT5EMZz9rjI45K9K5pOA8cVhjehnQaG93DSiVp0wu+uP/Ib15oZiVA/q k+uW5YgT03HZQ8QTcW4d87mLqkl5PqzpWRRBQZw9aN22YQ9wyUEPpjliZgDpjjXE lKtr4S2Sudfpt5kiH72MYZbMqsgn8TT56lumL6ZplEvlPH/J76Y= =Xj2r -----END PGP SIGNATURE----- Merge 5.10.206 into android12-5.10-lts Changes in 5.10.206 ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE smb: client: fix OOB in smb2_query_reparse_point() ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init reset: Fix crash when freeing non-existent optional resets s390/vx: fix save/restore of fpu kernel context wifi: mac80211: mesh_plink: fix matches_local logic Revert "net/mlx5e: fix double free of encap_header" net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() net/mlx5: Fix fw tracer first block check net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors net: sched: ife: fix potential use-after-free ethernet: atheros: fix a memleak in atl1e_setup_ring_resources net/rose: fix races in rose_kill_by_device() net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() afs: Fix the dynamic root's d_delete to always delete unused dentries afs: Fix dynamic root lookup DNS check net: warn if gso_type isn't set for a GSO SKB net: check dev->gso_max_size in gso_features_check() keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry afs: Fix overwriting of result of DNS query i2c: aspeed: Handle the coalesced stop conditions with the start conditions. pinctrl: at91-pio4: use dedicated lock class for IRQ ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB smb: client: fix NULL deref in asn1_ber_decoder() btrfs: do not allow non subvolume root targets for snapshot interconnect: Treat xlate() returning NULL node as an error iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Input: ipaq-micro-keys - add error handling for devm_kmemdup scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() wifi: cfg80211: Add my certificate wifi: cfg80211: fix certs build to not depend on file order USB: serial: ftdi_sio: update Actisense PIDs constant names USB: serial: option: add Quectel EG912Y module support USB: serial: option: add Foxconn T99W265 with new baseline USB: serial: option: add Quectel RM500Q R13 firmware support Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Bluetooth: L2CAP: Send reject on command corrupted request Input: soc_button_array - add mapping for airplane mode button net: 9p: avoid freeing uninit memory in p9pdu_vreadf net: rfkill: gpio: set GPIO direction net: ks8851: Fix TX stall caused by TX buffer overrun dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp tracing / synthetic: Disable events after testing in synth_event_gen_test_init() bus: ti-sysc: Flush posted write only after srst_udelay lib/vsprintf: Fix %pfwf when current node refcount == 0 x86/alternatives: Sync core before enabling interrupts 9p/net: fix possible memory leak in p9_check_errors() ARM: dts: Fix occasional boot hang for am3 usb Bluetooth: SMP: Convert BT_ERR/BT_DBG to bt_dev_err/bt_dev_dbg Bluetooth: use inclusive language in SMP Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE usb: fotg210-hcd: delete an incorrect bounds test smb: client: fix OOB in SMB2_query_info_init() smb: client: fix OOB in smbCalcSize() Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg spi: atmel: Switch to transfer_one transfer method spi: atmel: Fix CS and initialization bug scsi: core: Add scsi_prot_ref_tag() helper scsi: core: Introduce scsi_get_sector() scsi: core: Make scsi_get_lba() return the LBA scsi: core: Use scsi_cmd_to_rq() instead of scsi_cmnd.request scsi: core: Use a structure member to track the SCSI command submitter scsi: core: Always send batch on reset or error handling command ring-buffer: Fix wake ups when buffer_percent is set to 100 tracing: Fix blocked reader of snapshot buffer netfilter: nf_tables: skip set commit for deleted/destroyed sets dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() Revert "MIPS: Loongson64: Enable DMA noncoherent support" Bluetooth: SMP: Fix crash when receiving new connection when debug is enabled spi: atmel: Fix PDC transfer setup bug Linux 5.10.206 Change-Id: Ifc248e166849f9102cb1d3e32c33080236de2332 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
David Howells
|
97be1e865e |
keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry
[ Upstream commit 39299bdd2546688d92ed9db4948f6219ca1b9542 ]
If a key has an expiration time, then when that time passes, the key is
left around for a certain amount of time before being collected (5 mins by
default) so that EKEYEXPIRED can be returned instead of ENOKEY. This is a
problem for DNS keys because we want to redo the DNS lookup immediately at
that point.
Fix this by allowing key types to be marked such that keys of that type
don't have this extra period, but are reclaimed as soon as they expire and
turn this on for dns_resolver-type keys. To make this easier to handle,
key->expiry is changed to be permanent if TIME64_MAX rather than 0.
Furthermore, give such new-style negative DNS results a 1s default expiry
if no other expiry time is set rather than allowing it to stick around
indefinitely. This shouldn't be zero as ls will follow a failing stat call
immediately with a second with AT_SYMLINK_NOFOLLOW added.
Fixes:
|
||
|
Greg Kroah-Hartman
|
bdd8d64f36 |
Merge 5.10.203 into android12-5.10-lts
Changes in 5.10.203
RDMA/irdma: Prevent zero-length STAG registration
PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}()
afs: Fix afs_server_list to be cleaned up with RCU
afs: Make error on cell lookup failure consistent with OpenAFS
drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence
drm/panel: auo,b101uan08.3: Fine tune the panel power sequence
drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
drm/panel: simple: Fix Innolux G101ICE-L01 timings
wireguard: use DEV_STATS_INC()
ata: pata_isapnp: Add missing error check for devm_ioport_map()
drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full
HID: core: store the unique system identifier in hid_device
HID: fix HID device resource race between HID core and debugging support
ipv4: Correct/silence an endian warning in __ip_do_redirect
net: usb: ax88179_178a: fix failed operations during ax88179_reset
net/smc: avoid data corruption caused by decline
arm/xen: fix xen_vcpu_info allocation alignment
amd-xgbe: handle corner-case during sfp hotplug
amd-xgbe: handle the corner-case during tx completion
amd-xgbe: propagate the correct speed and duplex status
net: axienet: Fix check for partial TX checksum
afs: Return ENOENT if no cell DNS record can be found
afs: Fix file locking on R/O volumes to operate in local mode
nvmet: remove unnecessary ctrl parameter
nvmet: nul-terminate the NQNs passed in the connect command
USB: dwc3: qcom: fix resource leaks on probe deferral
USB: dwc3: qcom: fix ACPI platform device leak
lockdep: Fix block chain corruption
media: ccs: Correctly initialise try compose rectangle
MIPS: KVM: Fix a build warning about variable set but not used
ext4: add a new helper to check if es must be kept
ext4: factor out __es_alloc_extent() and __es_free_extent()
ext4: use pre-allocated es in __es_insert_extent()
ext4: use pre-allocated es in __es_remove_extent()
ext4: using nofail preallocation in ext4_es_remove_extent()
ext4: using nofail preallocation in ext4_es_insert_delayed_block()
ext4: using nofail preallocation in ext4_es_insert_extent()
ext4: fix slab-use-after-free in ext4_es_insert_extent()
ext4: make sure allocate pending entry not fail
nfsd: lock_rename() needs both directories to live on the same fs
ASoC: simple-card: fixup asoc_simple_probe() error handling
ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
swiotlb-xen: provide the "max_mapping_size" method
bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce()
bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race
s390/dasd: protect device queue against concurrent access
USB: serial: option: add Luat Air72*U series products
hv_netvsc: Fix race of register_netdevice_notifier and VF register
hv_netvsc: Mark VF as slave before exposing it to user-mode
dm-delay: fix a race between delay_presuspend and delay_bio
bcache: check return value from btree_node_alloc_replacement()
bcache: prevent potential division by zero error
bcache: fixup init dirty data errors
bcache: fixup lock c->root error
USB: serial: option: add Fibocom L7xx modules
USB: serial: option: fix FM101R-GL defines
USB: serial: option: don't claim interface 4 for ZTE MF290
USB: dwc2: write HCINT with INTMASK applied
usb: dwc3: Fix default mode initialization
usb: dwc3: set the dma max_seg_size
USB: dwc3: qcom: fix wakeup after probe deferral
io_uring: fix off-by one bvec index
pinctrl: avoid reload of p state in list iteration
firewire: core: fix possible memory leak in create_units()
mmc: block: Do not lose cache flush during CQE error recovery
ALSA: hda: Disable power-save on KONTRON SinglePC
ALSA: hda/realtek: Headset Mic VREF to 100%
ALSA: hda/realtek: Add supported ALC257 for ChromeOS
dm-verity: align struct dm_verity_fec_io properly
dm verity: don't perform FEC for failed readahead IO
bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
iommu/vt-d: Add MTL to quirk list to skip TE disabling
powerpc: Don't clobber f0/vs0 during fp|altivec register save
parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes
btrfs: add dmesg output for first mount and last unmount of a filesystem
btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()
btrfs: fix off-by-one when checking chunk map includes logical address
btrfs: send: ensure send_fd is writable
btrfs: make error messages more clear when getting a chunk map
Input: xpad - add HyperX Clutch Gladiate Support
hv_netvsc: fix race of netvsc and VF register_netdevice
USB: core: Change configuration warnings to notices
usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
dpaa2-eth: increase the needed headroom to account for alignment
selftests/net: ipsec: fix constant out of range
selftests/net: mptcp: fix uninitialized variable warnings
net: stmmac: xgmac: Disable FPE MMC interrupts
octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 64
Revert "workqueue: remove unused cancel_work()"
r8169: prevent potential deadlock in rtl8169_close
ravb: Fix races between ravb_tx_timeout_work() and net related ops
net: ravb: Use pm_runtime_resume_and_get()
net: ravb: Start TX queues after HW initialization succeeded
smb3: fix touch -h of symlink
ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header
ASoC: SOF: sof-pci-dev: use community key on all Up boards
ASoC: SOF: sof-pci-dev: add parameter to override topology filename
ASoC: SOF: sof-pci-dev: don't use the community key on APL Chromebooks
ASoC: SOF: sof-pci-dev: Fix community key quirk detection
s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family
s390/cmma: fix detection of DAT pages
misc: pci_endpoint_test: Add deviceID for AM64 and J7200
misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP device support
fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
ima: annotate iint mutex to avoid lockdep false positive warnings
driver core: Move the "removable" attribute from USB to core
drm/amdgpu: don't use ATRM for external devices
fs: add ctime accessors infrastructure
smb3: fix caching of ctime on setxattr
scsi: core: Introduce the scsi_cmd_to_rq() function
scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
scsi: qla2xxx: Fix system crash due to bad pointer access
cpufreq: imx6q: don't warn for disabling a non-existing frequency
cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
mmc: cqhci: Increase recovery halt timeout
mmc: cqhci: Warn of halt or task clear failure
mmc: cqhci: Fix task clearing in CQE error recovery
mmc: core: convert comma to semicolon
mmc: block: Retry commands in CQE error recovery
mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled
r8169: disable ASPM in case of tx timeout
r8169: fix deadlock on RTL8125 in jumbo mtu mode
driver core: Release all resources during unbind before updating device links
Linux 5.10.203
Change-Id: I7feccd8526f0286020be24411be0e6113129ff65
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
7999a9a70d |
This is the 5.10.202 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVmG20ACgkQONu9yGCS aT6dzg/7BnCP2SpVmgEaD7FdPvGO/A6O5VrC9zu3sQE6g2gAwirZhdgE8NRn+ggm WSQ1kIA+HEcY23FKpq46pBED4P1irudiW7DkLw8nyOGp+XLb4wGkF5lBBP5z+B2P ga2RgwqKvYWeDaUW4n1Uy7m2Cz+wqCg/EvnITo40glSWPh20gM532/CSnA5akoje 9mjZYZ0rKHKTZGu65aNScNR7XnXHIivJU6C1jF6L9N1+Xn679nUHKQP4KM/RcjpX g1WQMWFC3mGIn5IX28W1wvKS320D5HLmTLnLqJvFpJN9+13DUnUoXcX469zvQoxJ GL3S94goWN/0BPOgr5KcKvTj00b4O+EWhQuQt+x8NLdydzRQuyFu2UpLNhIKKSou sT+BcxzeuqJhEh1tZItcZkZBptpLEkb0ezT11u5McnU5FjPzzzP8CtEetKKmEaBU AUoEP/lQQlVyk1I6xAeuzu53smncNQt6CqnXJxYXOBGgJ2txAM5kroMKXPin5C8k BCpUIqghhKmBd1hwuKyaOBKF99eLKKZsuvXppoPD0Yz7/Nq5TgdBw0qbNt2iLr05 XSM7WIIeCBROaV+ZiVxgtcXDR51FpMr7CLTbkBQ6IgLwircHeHSK7rQn7kFO3fCg OezhWAuh72qDZ2PCJ84fj21IhZ49a5oCLbUdBew+KzZervVpSo0= =eW67 -----END PGP SIGNATURE----- Merge 5.10.202 into android12-5.10-lts Changes in 5.10.202 locking/ww_mutex/test: Fix potential workqueue corruption perf/core: Bail out early if the request AUX area is out of bound clocksource/drivers/timer-imx-gpt: Fix potential memory leak clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size wifi: mac80211_hwsim: fix clang-specific fortify warning wifi: mac80211: don't return unset power in ieee80211_get_tx_power() bpf: Detect IP == ksym.end as part of BPF program wifi: ath9k: fix clang-specific fortify warnings wifi: ath10k: fix clang-specific fortify warning net: annotate data-races around sk->sk_tx_queue_mapping net: annotate data-races around sk->sk_dst_pending_confirm wifi: ath10k: Don't touch the CE interrupt registers after power up Bluetooth: btusb: Add date->evt_skb is NULL check Bluetooth: Fix double free in hci_conn_cleanup platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e drm/komeda: drop all currently held locks if deadlock happens drm/msm/dp: skip validity check for DP CTS EDID checksum drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga drm/amdgpu: Fix potential null pointer derefernce drm/panel: fix a possible null pointer dereference drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference drm/panel: st7703: Pick different reset sequence drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL selftests/efivarfs: create-read: fix a resource leak ASoC: soc-card: Add storage for PCI SSID crypto: pcrypt - Fix hungtask for PADATA_RESET RDMA/hfi1: Use FIELD_GET() to extract Link Width fs/jfs: Add check for negative db_l2nbperpage fs/jfs: Add validity check for db_maxag and db_agpref jfs: fix array-index-out-of-bounds in dbFindLeaf jfs: fix array-index-out-of-bounds in diAlloc HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround ARM: 9320/1: fix stack depot IRQ stack filter ALSA: hda: Fix possible null-ptr-deref when assigning a stream PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields atm: iphase: Do PCI error checks on own line scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W exfat: support handle zero-size directory tty: vcc: Add check for kstrdup() in vcc_probe() usb: gadget: f_ncm: Always set current gadget in ncm_bind() 9p/trans_fd: Annotate data-racy writes to file::f_flags i2c: sun6i-p2wi: Prevent potential division by zero media: gspca: cpia1: shift-out-of-bounds in set_flicker media: vivid: avoid integer overflow gfs2: ignore negated quota changes gfs2: fix an oops in gfs2_permission media: cobalt: Use FIELD_GET() to extract Link Width media: imon: fix access to invalid resource for the second interface drm/amd/display: Avoid NULL dereference of timing generator kgdb: Flush console before entering kgdb on panic ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings drm/amdgpu: fix software pci_unplug on some chips pwm: Fix double shift bug wifi: iwlwifi: Use FW rate for non-data frames xhci: turn cancelled td cleanup to its own function SUNRPC: ECONNRESET might require a rebind SUNRPC: Add an IS_ERR() check back to where it was NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO SUNRPC: Fix RPC client cleaned up the freed pipefs dentries gfs2: Silence "suspicious RCU usage in gfs2_permission" warning ipvlan: add ipvlan_route_v6_outbound() helper tty: Fix uninit-value access in ppp_sync_receive() net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() net: hns3: fix VF reset fail issue tipc: Fix kernel-infoleak due to uninitialized TLV value ppp: limit MRU to 64K xen/events: fix delayed eoi list handling ptp: annotate data-race around q->head and q->tail bonding: stop the device in bond_setup_by_slave() net: ethernet: cortina: Fix max RX frame define net: ethernet: cortina: Handle large frames net: ethernet: cortina: Fix MTU max setting netfilter: nf_conntrack_bridge: initialize err to 0 net: stmmac: fix rx budget limit check net/mlx5e: fix double free of encap_header net/mlx5_core: Clean driver version and name net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors macvlan: Don't propagate promisc change to lower dev in passthru tools/power/turbostat: Fix a knl bug cifs: spnego: add ';' in HOST_KEY_LEN cifs: fix check of rc in function generate_smb3signingkey media: venus: hfi: add checks to perform sanity on queue pointers powerpc/perf: Fix disabling BHRB and instruction sampling randstruct: Fix gcc-plugin performance mode to stay in group bpf: Fix check_stack_write_fixed_off() to correctly spill imm bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END scsi: mpt3sas: Fix loop logic scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers x86/cpu/hygon: Fix the CPU topology evaluation for real KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space KVM: x86: Ignore MSR_AMD64_TW_CFG access audit: don't take task_lock() in audit_exe_compare() code path audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() tty/sysrq: replace smp_processor_id() with get_cpu() hvc/xen: fix console unplug hvc/xen: fix error path in xen_hvc_init() to always register frontend driver PCI/sysfs: Protect driver's D3cold preference from user space watchdog: move softlockup_panic back to early_param ACPI: resource: Do IRQ override on TongFang GMxXGxx arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer parisc/pdc: Add width field to struct pdc_model clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks mmc: vub300: fix an error code mmc: sdhci_am654: fix start loop index for TAP value parsing PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM PM: hibernate: Use __get_safe_page() rather than touching the list PM: hibernate: Clean up sync_read handling in snapshot_write_next() rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects btrfs: don't arbitrarily slow down delalloc if we're committing firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit ima: detect changes to the backing overlay file wifi: ath11k: fix temperature event locking wifi: ath11k: fix dfs radar event locking wifi: ath11k: fix htt pktlog locking mmc: meson-gx: Remove setting of CMD_CFG_ERROR genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware PCI: keystone: Don't discard .remove() callback PCI: keystone: Don't discard .probe() callback jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev quota: explicitly forbid quota files from being encrypted kernel/reboot: emergency_restart: Set correct system_state i2c: core: Run atomic i2c xfer when !preemptible mcb: fix error handling for different scenarios when parsing dmaengine: stm32-mdma: correct desc prep when channel running mm/cma: use nth_page() in place of direct struct page manipulation mm/memory_hotplug: use pfn math in place of direct struct page manipulation mtd: cfi_cmdset_0001: Byte swap OTP info i3c: master: cdns: Fix reading status register parisc: Prevent booting 64-bit kernels on PA1.x machines parisc/pgtable: Do not drop upper 5 address bits of physical address xhci: Enable RPM on controllers that support low-power states ALSA: info: Fix potential deadlock at disconnection ALSA: hda/realtek - Add Dell ALC295 to pin fall back table ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC serial: meson: remove redundant initialization of variable id tty: serial: meson: retrieve port FIFO size from DT serial: meson: Use platform_get_irq() to get the interrupt tty: serial: meson: fix hard LOCKUP on crtscts mode cpufreq: stats: Fix buffer overflow detection in trans_stats() Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 bluetooth: Add device 0bda:887b to device tables bluetooth: Add device 13d3:3571 to device tables Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE PCI: exynos: Don't discard .remove() callback arm64: dts: qcom: ipq6018: switch TCSR mutex to MMIO arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size Revert ncsi: Propagate carrier gain/loss events to the NCSI controller lsm: fix default return value for vm_enough_memory lsm: fix default return value for inode_getsecctx i2c: designware: Disable TX_EMPTY irq while waiting for block length byte net: dsa: lan9303: consequently nested-lock physical MDIO net: phylink: initialize carrier state at creation i2c: i801: fix potential race in i801_block_transaction_byte_by_byte f2fs: avoid format-overflow warning media: lirc: drop trailing space from scancode transmit media: sharp: fix sharp encoding media: venus: hfi_parser: Add check to keep the number of codecs within range media: venus: hfi: fix the check to handle session buffer requirement media: venus: hfi: add checks to handle capabilities from firmware nfsd: fix file memleak on client_opens_release mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors media: qcom: camss: Fix vfe_get() error jump Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" ext4: apply umask if ACL support is disabled ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: correct return value of ext4_convert_meta_bg ext4: correct the start block of counting reserved clusters ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks drm/amd/pm: Handle non-terminated overdrive commands. drm/amdgpu: fix error handling in amdgpu_bo_list_get() drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid tracing: Have trace_event_file have ref counters netfilter: nftables: update table flags from the commit phase netfilter: nf_tables: fix table flag updates netfilter: nf_tables: disable toggling dormant table state more than once interconnect: qcom: Add support for mask-based BCMs Linux 5.10.202 Change-Id: I762bcd4848d9b87cbb4efe4104fe1685999dc0f7 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Amir Goldstein
|
01fbfcd810 |
ima: annotate iint mutex to avoid lockdep false positive warnings
[ Upstream commit e044374a8a0a99e46f4e6d6751d3042b6d9cc12e ] It is not clear that IMA should be nested at all, but as long is it measures files both on overlayfs and on underlying fs, we need to annotate the iint mutex to avoid lockdep false positives related to IMA + overlayfs, same as overlayfs annotates the inode mutex. Reported-and-tested-by: syzbot+b42fe626038981fb7bfa@syzkaller.appspotmail.com Signed-off-by: Amir Goldstein <amir73il@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Mimi Zohar
|
cd5a262a07 |
ima: detect changes to the backing overlay file
commit b836c4d29f2744200b2af41e14bf50758dddc818 upstream.
Commit 18b44bc5a672 ("ovl: Always reevaluate the file signature for
IMA") forced signature re-evaulation on every file access.
Instead of always re-evaluating the file's integrity, detect a change
to the backing file, by comparing the cached file metadata with the
backing file's metadata. Verifying just the i_version has not changed
is insufficient. In addition save and compare the i_ino and s_dev
as well.
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Tested-by: Eric Snowberg <eric.snowberg@oracle.com>
Tested-by: Raul E Rangel <rrangel@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
3e7bedcc0e |
This is the 5.10.198 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmUlq8kACgkQONu9yGCS
aT5GiA//fiURwpUcawIhvgYewMVp+ovJ+mpX5IT+bMbW9Ur0sBhtiiU+WDNYxMru
34xbSQ/+o2a6N2tmK1JF7o76e2sHw/aRgaoDHkN5oEG+lbRH7TdCv6O0QRFAthcd
sJL+SX/GclcKW0ZHDjJX9Wt5Lq3gqVYlqJlCsw6gI/1JrQTxStrSQh7yRbrYSqpY
wGWEq19IrE/ToZFTBuPEEvlBswszGrI88lVtjvRzIdczQVyFLAoEQ2GNPWl3XNBh
ygGnwiHjk3a+QhZ30evIv2LX+tlGmpLy7gdLDsdZF7RfEkNHQ92IgaHvFDs8JqDg
QnRE8KCrC2V45OIQRRnA5NVtD3LBYM0bUhbqqLiNvTMiSIBWge4efJwxyYcTTfkX
MTmbo9z/bIVFdpgCQtneRw3eUyfbRKQ1cUvtmkuXIVLzvZUQaVMpXVZ6pz864E54
3nJrl2HJtIdJsRX5M4unL+AXNLRoJUbfb4hbzAD0Tg8Wbdgrn7vL/z6JmIzA2ssQ
+R/52ghimOThGTUbCi2pJx/cpKhegkJEJ7+JwUhS9L9ybA93g/bD0n9zy6JXpd/H
Cct0JWbiukbDp1CTLQ6Qm9TK5HANW2fXMHoR3H5ltPojNZwN7/pgYqN6ppjtBKVe
gA3k8KYkZoXjbF6VS1B5Y83wJ+H+39Luk/DSmm1ZNvYPHxmz+q0=
=2MQy
-----END PGP SIGNATURE-----
Merge 5.10.198 into android12-5.10-lts
Changes in 5.10.198
NFS: Use the correct commit info in nfs_join_page_group()
NFS/pNFS: Report EINVAL errors from connect() to the server
SUNRPC: Mark the cred for revalidation if the server rejects it
tracing: Increase trace array ref count on enable and filter files
ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones
ata: libahci: clear pending interrupt status
ext4: remove the 'group' parameter of ext4_trim_extent
ext4: add new helper interface ext4_try_to_trim_range()
ext4: scope ret locally in ext4_try_to_trim_range()
ext4: change s_last_trim_minblks type to unsigned long
ext4: mark group as trimmed only if it was fully scanned
ext4: replace the traditional ternary conditional operator with with max()/min()
ext4: move setting of trimmed bit into ext4_try_to_trim_range()
ext4: do not let fstrim block system suspend
tracing: Have event inject files inc the trace array ref count
netfilter: nf_tables: integrate pipapo into commit protocol
netfilter: nf_tables: don't skip expired elements during walk
netfilter: nf_tables: GC transaction API to avoid race with control plane
netfilter: nf_tables: adapt set backend to use GC transaction API
netfilter: nft_set_hash: mark set element as dead when deleting from packet path
netfilter: nf_tables: remove busy mark and gc batch API
netfilter: nf_tables: don't fail inserts if duplicate has expired
netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
netfilter: nf_tables: GC transaction race with netns dismantle
netfilter: nf_tables: GC transaction race with abort path
netfilter: nf_tables: use correct lock to protect gc_list
netfilter: nf_tables: defer gc run if previous batch is still pending
netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails
netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
netfilter: nf_tables: fix memleak when more than 255 elements expired
ASoC: meson: spdifin: start hw on dai probe
netfilter: nf_tables: disallow element removal on anonymous sets
bpf: Avoid deadlock when using queue and stack maps from NMI
selftests/tls: Add {} to avoid static checker warning
selftests: tls: swap the TX and RX sockets in some tests
ASoC: imx-audmix: Fix return error with devm_clk_get()
i40e: Fix VF VLAN offloading when port VLAN is configured
ipv4: fix null-deref in ipv4_link_failure
powerpc/perf/hv-24x7: Update domain value check
dccp: fix dccp_v4_err()/dccp_v6_err() again
platform/x86: intel_scu_ipc: Check status after timeout in busy_loop()
platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt()
platform/x86: intel_scu_ipc: Don't override scu in intel_scu_ipc_dev_simple_command()
platform/x86: intel_scu_ipc: Fail IPC send if still busy
x86/srso: Fix srso_show_state() side effect
x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
net: hns3: only enable unicast promisc when mac table full
net: hns3: add 5ms delay before clear firmware reset irq source
net: bridge: use DEV_STATS_INC()
team: fix null-ptr-deref when team device type is changed
netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
seqlock: avoid -Wshadow warnings
seqlock: Rename __seqprop() users
seqlock: Prefix internal seqcount_t-only macros with a "do_"
locking/seqlock: Do the lockdep annotation before locking in do_write_seqcount_begin_nested()
bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI
net: rds: Fix possible NULL-pointer dereference
gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
i2c: mux: demux-pinctrl: check the return value of devm_kstrdup()
netfilter: nf_tables: unregister flowtable hooks on netns exit
netfilter: nf_tables: double hook unregistration in netns path
Input: i8042 - rename i8042-x86ia64io.h to i8042-acpipnpio.h
Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN
mmc: renesas_sdhi: probe into TMIO after SCC parameters have been setup
mmc: renesas_sdhi: populate SCC pointer at the proper place
mmc: tmio: support custom irq masks
mmc: renesas_sdhi: register irqs before registering controller
media: venus: core: Add io base variables for each block
media: venus: hfi,pm,firmware: Convert to block relative addressing
media: venus: hfi: Define additional 6xx registers
media: venus: core: Add differentiator IS_V6(core)
media: venus: hfi: Add a 6xx boot logic
media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts
netfilter: use actual socket sk for REJECT action
netfilter: nft_exthdr: Support SCTP chunks
netfilter: nf_tables: add and use nft_sk helper
netfilter: nf_tables: add and use nft_thoff helper
netfilter: nft_exthdr: break evaluation if setting TCP option fails
netfilter: exthdr: add support for tcp option removal
netfilter: nft_exthdr: Fix non-linear header modification
ata: libata: Rename link flag ATA_LFLAG_NO_DB_DELAY
ata: ahci: Add support for AMD A85 FCH (Hudson D4)
ata: ahci: Rename board_ahci_mobile
ata: ahci: Add Elkhart Lake AHCI controller
btrfs: reset destination buffer when read_extent_buffer() gets invalid range
MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled
bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset()
bus: ti-sysc: Fix missing AM35xx SoC matching
clk: tegra: fix error return case for recalc_rate
ARM: dts: omap: correct indentation
ARM: dts: ti: omap: Fix bandgap thermal cells addressing for omap3/4
ARM: dts: motorola-mapphone: Configure lower temperature passive cooling
ARM: dts: motorola-mapphone: Add 1.2GHz OPP
ARM: dts: motorola-mapphone: Drop second ti,wlcore compatible value
ARM: dts: am335x: Guardian: Update beeper label
ARM: dts: Unify pwm-omap-dmtimer node names
ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot
bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up
power: supply: ucs1002: fix error code in ucs1002_get_property()
xtensa: add default definition for XCHAL_HAVE_DIV32
xtensa: iss/network: make functions static
xtensa: boot: don't add include-dirs
xtensa: boot/lib: fix function prototypes
gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip
i2c: npcm7xx: Fix callback completion ordering
dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock
parisc: sba: Fix compile warning wrt list of SBA devices
parisc: iosapic.c: Fix sparse warnings
parisc: drivers: Fix sparse warning
parisc: irq: Make irq_stack_union static to avoid sparse warning
scsi: qedf: Add synchronization between I/O completions and abort
selftests/ftrace: Correctly enable event in instance-event.tc
ring-buffer: Avoid softlockup in ring_buffer_resize()
selftests: fix dependency checker script
ring-buffer: Do not attempt to read past "commit"
platform/mellanox: mlxbf-bootctl: add NET dependency into Kconfig
scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command
scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command
ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset()
spi: nxp-fspi: reset the FLSHxCR1 registers
bpf: Clarify error expectations from bpf_clone_redirect
media: vb2: frame_vector.c: replace WARN_ONCE with a comment
powerpc/watchpoints: Disable preemption in thread_change_pc()
ncsi: Propagate carrier gain/loss events to the NCSI controller
fbdev/sh7760fb: Depend on FB=y
perf build: Define YYNOMEM as YYNOABORT for bison < 3.81
sched/cpuacct: Fix user/system in shown cpuacct.usage*
sched/cpuacct: Fix charge percpu cpuusage
sched/cpuacct: Optimize away RCU read lock
cgroup: Fix suspicious rcu_dereference_check() usage warning
ACPI: Check StorageD3Enable _DSD property in ACPI code
nvme-pci: factor the iod mempool creation into a helper
nvme-pci: factor out a nvme_pci_alloc_dev helper
nvme-pci: do not set the NUMA node of device if it has none
watchdog: iTCO_wdt: No need to stop the timer in probe
watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
netfilter: nft_exthdr: Search chunks in SCTP packets only
netfilter: nft_exthdr: Fix for unsafe packet data read
nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev
smack: Record transmuting in smk_transmuted
smack: Retrieve transmuting information in smack_inode_getsecurity()
Smack:- Use overlay inode label in smack_inode_copy_up()
Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux"
serial: 8250_port: Check IRQ data before use
nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
netfilter: nf_tables: disallow rule removal from chain binding
ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q
ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
i2c: i801: unregister tco_pdev in i801_probe() error path
Revert "SUNRPC dont update timeout value on connection reset"
proc: nommu: /proc/<pid>/maps: release mmap read lock
ring-buffer: Update "shortest_full" in polling
btrfs: properly report 0 avail for very full file systems
bpf: Fix BTF_ID symbol generation collision
bpf: Fix BTF_ID symbol generation collision in tools/
net: thunderbolt: Fix TCPv6 GSO checksum calculation
ata: libata-core: Fix ata_port_request_pm() locking
ata: libata-core: Fix port and device removal
ata: libata-core: Do not register PM operations for SAS ports
ata: libata-sata: increase PMP SRST timeout to 10s
fs: binfmt_elf_efpic: fix personality for ELF-FDPIC
spi: spi-zynqmp-gqspi: Fix runtime PM imbalance in zynqmp_qspi_probe
spi: zynqmp-gqspi: fix clock imbalance on probe failure
NFS: Cleanup unused rpc_clnt variable
NFS: rename nfs_client_kset to nfs_kset
NFSv4: Fix a state manager thread deadlock regression
ring-buffer: remove obsolete comment for free_buffer_page()
ring-buffer: Fix bytes info in per_cpu buffer stats
drm/mediatek: Fix backport issue in mtk_drm_gem_prime_vmap()
rbd: move rbd_dev_refresh() definition
rbd: decouple header read-in from updating rbd_dev->header
rbd: decouple parent info read-in from updating rbd_dev
rbd: take header_rwsem in rbd_dev_refresh() only when updating
block: fix use-after-free of q->q_usage_counter
Revert "clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz"
Revert "PCI: qcom: Disable write access to read only registers for IP v2.3.3"
scsi: zfcp: Fix a double put in zfcp_port_enqueue()
qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
wifi: mwifiex: Fix tlv_buf_left calculation
net: replace calls to sock->ops->connect() with kernel_connect()
net: prevent rewrite of msg_name in sock_sendmsg()
arm64: Add Cortex-A520 CPU part definition
ubi: Refuse attaching if mtd's erasesize is 0
wifi: iwlwifi: dbg_ini: fix structure packing
wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
bpf: Fix tr dereferencing
drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close()
wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
regmap: rbtree: Fix wrong register marked as in-cache when creating new node
ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
scsi: target: core: Fix deadlock due to recursive locking
ima: rework CONFIG_IMA dependency block
NFSv4: Fix a nfs4_state_manager() race
modpost: add missing else to the "of" check
net: fix possible store tearing in neigh_periodic_work()
ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent
net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
net: nfc: llcp: Add lock when modifying device list
net: ethernet: ti: am65-cpsw: Fix error code in am65_cpsw_nuss_init_tx_chns()
netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
net: stmmac: dwmac-stm32: fix resume on STM32 MCU
tipc: fix a potential deadlock on &tx->lock
tcp: fix quick-ack counting to count actual ACKs of new data
tcp: fix delayed ACKs for MSS boundary condition
sctp: update transport state when processing a dupcook packet
sctp: update hb timer immediately after users change hb_interval
cpupower: add Makefile dependencies for install targets
dm zoned: free dmz->ddev array in dmz_put_zoned_devices
RDMA/core: Require admin capabilities to set system parameters
of: dynamic: Fix potential memory leak in of_changeset_action()
IB/mlx4: Fix the size of a buffer in add_port_entries()
gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config()
gpio: pxa: disable pinctrl calls for MMP_GPIO
RDMA/cma: Initialize ib_sa_multicast structure to 0 when join
RDMA/cma: Fix truncation compilation warning in make_cma_ports
RDMA/uverbs: Fix typo of sizeof argument
RDMA/siw: Fix connection failure handling
RDMA/mlx5: Fix NULL string error
parisc: Restore __ldcw_align for PA-RISC 2.0 processors
netfilter: nf_tables: fix kdoc warnings after gc rework
netfilter: nftables: exthdr: fix 4-byte stack OOB write
mmc: renesas_sdhi: only reset SCC when its pointer is populated
xen/events: replace evtchn_rwlock with RCU
Linux 5.10.198
Change-Id: Iabfdf919ae63e41a565e523087d800ebc20e5448
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Arnd Bergmann
|
d8f2ba9ec3 |
ima: rework CONFIG_IMA dependency block
[ Upstream commit 91e326563ee34509c35267808a4b1b3ea3db62a8 ]
Changing the direct dependencies of IMA_BLACKLIST_KEYRING and
IMA_LOAD_X509 caused them to no longer depend on IMA, but a
a configuration without IMA results in link failures:
arm-linux-gnueabi-ld: security/integrity/iint.o: in function `integrity_load_keys':
iint.c:(.init.text+0xd8): undefined reference to `ima_load_x509'
aarch64-linux-ld: security/integrity/digsig_asymmetric.o: in function `asymmetric_verify':
digsig_asymmetric.c:(.text+0x104): undefined reference to `ima_blacklist_keyring'
Adding explicit dependencies on IMA would fix this, but a more reliable
way to do this is to enclose the entire Kconfig file in an 'if IMA' block.
This also allows removing the existing direct dependencies.
Fixes: be210c6d3597f ("ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Oleksandr Tymoshenko
|
a9430129d8 |
ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
[ Upstream commit be210c6d3597faf330cb9af33b9f1591d7b2a983 ]
The removal of IMA_TRUSTED_KEYRING made IMA_LOAD_X509
and IMA_BLACKLIST_KEYRING unavailable because the latter
two depend on the former. Since IMA_TRUSTED_KEYRING was
deprecated in favor of INTEGRITY_TRUSTED_KEYRING use it
as a dependency for the two Kconfigs affected by the
deprecation.
Fixes: 5087fd9e80e5 ("ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig")
Signed-off-by: Oleksandr Tymoshenko <ovt@google.com>
Reviewed-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Vishal Goel
|
14443223e0 |
Smack:- Use overlay inode label in smack_inode_copy_up()
[ Upstream commit 387ef964460f14fe1c1ea29aba70e22731ea7cf7 ] Currently in "smack_inode_copy_up()" function, process label is changed with the label on parent inode. Due to which, process is assigned directory label and whatever file or directory created by the process are also getting directory label which is wrong label. Changes has been done to use label of overlay inode instead of parent inode. Signed-off-by: Vishal Goel <vishal.goel@samsung.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |