Evolution-X-Devices/kernel_google_redbull
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d4414bc0e93d8da170fd0fc9fef65fe84015677d
kernel_google_redbull/security/selinux/include/security.h
Lucas Wei 728131a2be Merge android-4.19-stable (4.19.196) into android-msm-pixel-4.19-lts 
Merge 4.19.196 into android-4.19-stable
Linux 4.19.196
    i2c: robotfuzz-osif: fix control-request directions
    nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
    pinctrl: stm32: fix the reported number of GPIO lines per bank
    net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY
    PCI: Add AMD RS690 quirk to enable 64-bit DMA
    net: qed: Fix memcpy() overflow of qed_dcbx_params()
    KVM: selftests: Fix kvm_check_cap() assertion
    r8169: Avoid memcpy() over-reading of ETH_SS_STATS
    sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS
  * r8152: Avoid memcpy() over-reading of ETH_SS_STATS
      drivers/net/usb/r8152.c
  * net/packet: annotate accesses to po->ifindex
      net/packet/af_packet.c
  * net/packet: annotate accesses to po->bind
      net/packet/af_packet.c
    net: caif: fix memory leak in ldisc_open
  * inet: annotate date races around sk->sk_txhash
      include/net/sock.h
  * ping: Check return value of function 'ping_queue_rcv_skb'
      net/ipv4/ping.c
  * net: ethtool: clear heap allocations for ethtool function
      net/core/ethtool.c
    mac80211: drop multicast fragments
  * cfg80211: call cfg80211_leave_ocb when switching away from OCB
      net/wireless/util.c
    mac80211: remove warning in ieee80211_get_sband()
  * Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
      drivers/pci/pci.c
    MIPS: generic: Update node names to avoid unit addresses
  * Makefile: Move -Wno-unused-but-set-variable out of GCC only block
      Makefile
    ARM: 9081/1: fix gcc-10 thumb2-kernel regression
    drm/radeon: wait for moving fence after pinning
    drm/nouveau: wait for moving fence after pinning v2
  * module: limit enabling module.sig_enforce
      kernel/module.c
    x86/fpu: Reset state for all signal restore failures
  * usb: dwc3: core: fix kernel panic when do reboot
      drivers/usb/dwc3/core.c
  * usb: dwc3: debugfs: Add and remove endpoint dirs dynamically
      drivers/usb/dwc3/debug.h
      drivers/usb/dwc3/debugfs.c
      drivers/usb/dwc3/gadget.c
  * inet: use bigger hash table for IP ID generation
      net/ipv4/route.c
    can: bcm/raw/isotp: use per module netdevice notifier
    KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read
    tools headers UAPI: Sync linux/in.h copy with the kernel sources
    net: fec_ptp: add clock rate zero check
  * mm/slub.c: include swab.h
      mm/slub.c
  * mm/slub: clarify verification reporting
      mm/slub.c
    net: bridge: fix vlan tunnel dst refcnt when egressing
  * net: bridge: fix vlan tunnel dst null pointer dereference
      net/bridge/br_private.h
  * cfg80211: make certificate generation more robust
      net/wireless/Makefile
    dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
    ARCv2: save ABI registers across signal handling
  * PCI: Work around Huawei Intelligent NIC VF FLR erratum
      drivers/pci/quirks.c
  * PCI: Add ACS quirk for Broadcom BCM57414 NIC
      drivers/pci/quirks.c
  * PCI: Mark some NVIDIA GPUs to avoid bus reset
      drivers/pci/quirks.c
  * PCI: Mark TI C667X to avoid bus reset
      drivers/pci/quirks.c
  * tracing: Do no increment trace_clock_global() by one
      kernel/trace/trace_clock.c
  * tracing: Do not stop recording comms if the trace file is being read
      kernel/trace/trace.c
  * tracing: Do not stop recording cmdlines when tracing is off
      kernel/trace/trace.c
  * usb: core: hub: Disable autosuspend for Cypress CY7C65632
      drivers/usb/core/hub.c
    can: mcba_usb: fix memory leak in mcba_usb
    can: bcm: fix infoleak in struct bcm_msg_head
    hwmon: (scpi-hwmon) shows the negative temperature properly
    radeon: use memcpy_to/fromio for UVD fw upload
    pinctrl: ralink: rt2880: avoid to error in calls is pin is already enabled
    ASoC: rt5659: Fix the lost powers for the HDA header
    net: ethernet: fix potential use-after-free in ec_bhf_remove
  * icmp: don't send out ICMP messages with a source address of 0.0.0.0
      include/uapi/linux/in.h
      net/ipv4/icmp.c
    net: cdc_eem: fix tx fixup skb leak
    net: hamradio: fix memory leak in mkiss_close
    be2net: Fix an error handling path in 'be_probe()'
  * net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
      net/unix/af_unix.c
  * net: ipv4: fix memory leak in ip_mc_add1_src
      net/ipv4/igmp.c
    net: fec_ptp: fix issue caused by refactor the fec_devtype
    net: usb: fix possible use-after-free in smsc75xx_bind
  * net: cdc_ncm: switch to eth%d interface naming
      drivers/net/usb/cdc_ncm.c
  * ptp: improve max_adj check against unreasonable values
      drivers/ptp/ptp_clock.c
      include/linux/ptp_clock_kernel.h
  * ptp: ptp_clock: Publish scaled_ppm_to_ppb
      drivers/ptp/ptp_clock.c
      include/linux/ptp_clock_kernel.h
  * net: qrtr: fix OOB Read in qrtr_endpoint_post
      net/qrtr/qrtr.c
    netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
    qlcnic: Fix an error handling path in 'qlcnic_probe()'
  * net: make get_net_ns return error if NET_NS is disabled
      include/linux/socket.h
      include/net/net_namespace.h
      net/core/net_namespace.c
      net/socket.c
  * net: add documentation to socket.c
      include/linux/net.h
      include/linux/socket.h
      net/socket.c
    net: stmmac: dwmac1000: Fix extended MAC address registers definition
    alx: Fix an error handling path in 'alx_probe()'
    sch_cake: Fix out of bounds when parsing TCP options and header
    netfilter: synproxy: Fix out of bounds when parsing TCP options
    net/mlx5e: Block offload of outer header csum for UDP tunnels
    net/mlx5e: Remove dependency in IPsec initialization flows
  * rtnetlink: Fix regression in bridge VLAN configuration
      net/core/rtnetlink.c
  * udp: fix race between close() and udp_abort()
      net/ipv4/udp.c
      net/ipv6/udp.c
    net: rds: fix memory leak in rds_recvmsg
  * net: ipv4: fix memory leak in netlbl_cipsov4_add_std
      net/ipv4/cipso_ipv4.c
    batman-adv: Avoid WARN_ON timing related checks
    mm/memory-failure: make sure wait for page writeback in memory_failure
    afs: Fix an IS_ERR() vs NULL check
    dmaengine: stedma40: add missing iounmap() on error in d40_probe()
  * dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM
      drivers/dma/qcom/Kconfig
  * dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM
      drivers/dma/Kconfig
  * fib: Return the correct errno code
      net/core/fib_rules.c
  * net: Return the correct errno code
      net/compat.c
    net/x25: Return the correct errno code
  * rtnetlink: Fix missing error code in rtnl_bridge_notify()
      net/core/rtnetlink.c
  * net: ipconfig: Don't override command-line hostnames or domains
      net/ipv4/ipconfig.c
    nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue()
    nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails
    nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues()
  * scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
      drivers/scsi/scsi_devinfo.c
    ethernet: myri10ge: Fix missing error code in myri10ge_probe()
    scsi: target: core: Fix warning on realtime kernels
    gfs2: Fix use-after-free in gfs2_glock_shrink_scan
    HID: gt683r: add missing MODULE_DEVICE_TABLE
    gfs2: Prevent direct-I/O write fallback errors from getting lost
    ARM: OMAP2+: Fix build warning when mmc_omap is not built
  * HID: usbhid: fix info leak in hid_submit_ctrl
      drivers/hid/usbhid/hid-core.c
      include/linux/hid.h
  * HID: Add BUS_VIRTUAL to hid_connect logging
      drivers/hid/hid-core.c
    HID: hid-sensor-hub: Return error for hid_set_field() failure
  * HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
      drivers/hid/hid-ids.h
      drivers/hid/hid-quirks.c
    net: ieee802154: fix null deref in parse dev addr
  * FROMGIT: bpf: Do not change gso_size during bpf_skb_change_proto()
      net/core/filter.c
    ANDROID: gki_config: disable per-cgroup pressure tracking
  * BACKPORT: cgroup: make per-cgroup pressure stall tracking configurable
      include/linux/cgroup-defs.h
      include/linux/cgroup.h
      kernel/cgroup/cgroup.c
      kernel/sched/psi.c
  * ANDROID: selinux: modify RTM_GETNEIGH{TBL}
      security/selinux/include/classmap.h
      security/selinux/include/security.h
      security/selinux/nlmsgtab.c
      security/selinux/ss/policydb.c
      security/selinux/ss/policydb.h
      security/selinux/ss/services.c
    BACKPORT: x86, lto: Pass -stack-alignment only on LLD < 13.0.0
  * ANDROID: Add CONFIG_LLD_VERSION
      init/Kconfig
      scripts/lld-version.sh
    ANDROID: GKI: Update the ABI XML
    ANDROID: GKI: Update the symbol list
  * Revert "perf/core: Fix endless multiplex timer"
      kernel/events/core.c
    Merge 4.19.195 into android-4.19-stable
Linux 4.19.195
  * proc: only require mm_struct for writing
      fs/proc/base.c
  * tracing: Correct the length check which causes memory corruption
      kernel/trace/trace.c
    ftrace: Do not blindly read the ip address in ftrace_bug()
  * scsi: core: Only put parent device if host state differs from SHOST_CREATED
      drivers/scsi/hosts.c
  * scsi: core: Put .shost_dev in failure path if host state changes to RUNNING
      drivers/scsi/hosts.c
  * scsi: core: Fix error handling of scsi_host_alloc()
      drivers/scsi/hosts.c
    NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error.
    NFSv4: Fix second deadlock in nfs4_evict_inode()
    NFS: Fix use-after-free in nfs4_init_client()
  * kvm: fix previous commit for 32-bit builds
      include/linux/kvm_host.h
    perf session: Correct buffer copying when peeking events
    NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode()
    NFS: Fix a potential NULL dereference in nfs_get_client()
    IB/mlx5: Fix initializing CQ fragments buffer
  * sched/fair: Make sure to update tg contrib for blocked load
      kernel/sched/fair.c
  * perf: Fix data race between pin_count increment/decrement
      kernel/events/core.c
  * vmlinux.lds.h: Avoid orphan section with !SMP
      include/asm-generic/vmlinux.lds.h
  * RDMA/mlx4: Do not map the core_clock page to user space unless enabled
      include/linux/mlx4/device.h
    regulator: max77620: Use device_set_of_node_from_dev()
  * regulator: core: resolve supply for boot-on/always-on regulators
      drivers/regulator/core.c
  * usb: fix various gadget panics on 10gbps cabling
      drivers/usb/gadget/config.c
  * usb: fix various gadgets null ptr deref on 10gbps cabling.
      drivers/usb/gadget/function/f_hid.c
    usb: gadget: eem: fix wrong eem header operation
    USB: serial: cp210x: fix alternate function for CP2102N QFN20
    USB: serial: quatech2: fix control-request directions
    USB: serial: omninet: add device id for Zyxel Omni 56K Plus
    USB: serial: ftdi_sio: add NovaTech OrionMX product ID
  * usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
      drivers/usb/gadget/function/f_fs.c
    usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path
  * usb: dwc3: ep0: fix NULL pointer exception
      drivers/usb/dwc3/ep0.c
  * usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms
      include/linux/usb/pd.h
  * usb: f_ncm: only first packet of aggregate needs to start timer
      drivers/usb/gadget/function/f_ncm.c
  * USB: f_ncm: ncm_bitrate (speed) is unsigned
      drivers/usb/gadget/function/f_ncm.c
  * cgroup1: don't allow '\n' in renaming
      kernel/cgroup/cgroup-v1.c
    btrfs: return value from btrfs_mark_extent_written() in case of error
    staging: rtl8723bs: Fix uninitialized variables
  * kvm: avoid speculation-based attacks from out-of-range memslot accesses
      include/linux/kvm_host.h
  * drm: Lock pointer access in drm_master_release()
      drivers/gpu/drm/drm_auth.c
  * drm: Fix use-after-free read in drm_getunique()
      drivers/gpu/drm/drm_ioctl.c
    ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators
    ARM: dts: imx6qdl-sabresd: Assign corresponding power supply for LDOs
    i2c: mpc: implement erratum A-004447 workaround
    i2c: mpc: Make use of i2c_recover_bus()
    powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers
    powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers
    bnx2x: Fix missing error code in bnx2x_iov_init_one()
    MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER
    nvme-fabrics: decode host pathing error for connect
    net: appletalk: cops: Fix data race in cops_probe1
    net: macb: ensure the device is available before accessing GEMGXL control registers
    scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
    scsi: vmw_pvscsi: Set correct residual data length
    scsi: bnx2fc: Return failure if io_req is already in ABTS processing
    RDS tcp loopback connection can hang
    net/qla3xxx: fix schedule while atomic in ql_sem_spinlock
  * wq: handle VM suspension in stall detection
      kernel/workqueue.c
  * cgroup: disable controllers at parse time
      kernel/cgroup/cgroup.c
  * net: mdiobus: get rid of a BUG_ON()
      drivers/net/phy/mdio_bus.c
  * netlink: disable IRQs for netlink_lock_table()
      net/netlink/af_netlink.c
  * bonding: init notify_work earlier to avoid uninitialized use
      drivers/net/bonding/bond_main.c
    isdn: mISDN: netjet: Fix crash in nj_probe:
    ASoC: sti-sas: add missing MODULE_DEVICE_TABLE
    ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
    ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
    net/nfc/rawsock.c: fix a permission check bug
  * proc: Track /proc/$pid/attr/ opener mm_struct
      fs/proc/base.c
  * perf/core: Fix endless multiplex timer
      kernel/events/core.c
  * Revert "perf/cgroups: Don't rotate events for cgroups unnecessarily"
      include/linux/perf_event.h
      kernel/events/core.c
  * Revert "perf/core: Fix corner case in perf_rotate_context()"
      kernel/events/core.c
    Merge 4.19.194 into android-4.19-stable
Linux 4.19.194
    xen-pciback: redo VF placement in the virtual topology
  * sched/fair: Optimize select_idle_cpu
      kernel/sched/fair.c
    ACPI: EC: Look for ECDT EC after calling acpi_load_tables()
    ACPI: probe ECDT before loading AML tables regardless of module-level code flag
    KVM: arm64: Fix debug register indexing
    KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode
    btrfs: fix unmountable seed device after fstrim
  * perf/core: Fix corner case in perf_rotate_context()
      kernel/events/core.c
  * perf/cgroups: Don't rotate events for cgroups unnecessarily
      include/linux/perf_event.h
      kernel/events/core.c
    bnxt_en: Remove the setting of dev_port.
    selftests/bpf: Avoid running unprivileged tests with alignment requirements
    selftests/bpf: add "any alignment" annotation for some tests
    bpf: Apply F_NEEDS_EFFICIENT_UNALIGNED_ACCESS to more ACCEPT test cases.
    bpf: Make more use of 'any' alignment in test_verifier.c
    bpf: Adjust F_NEEDS_EFFICIENT_UNALIGNED_ACCESS handling in test_verifier.c
  * bpf: Add BPF_F_ANY_ALIGNMENT.
      include/uapi/linux/bpf.h
      kernel/bpf/syscall.c
      kernel/bpf/verifier.c
    selftests/bpf: Generalize dummy program types
    bpf: test make sure to run unpriv test cases in test_verifier
    bpf: fix test suite to enable all unpriv program types
    mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY
    btrfs: fixup error handling in fixup_inode_link_counts
    btrfs: return errors from btrfs_del_csums in cleanup_ref_head
    btrfs: fix error handling in btrfs_del_csums
    btrfs: mark ordered extent and inode with error if we fail to finish
    x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing
    nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
    ocfs2: fix data corruption by fallocate
  * pid: take a reference when initializing `cad_pid`
      init/main.c
    usb: dwc2: Fix build in periphal-only mode
  * ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
      fs/ext4/extents.c
    ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx
  * ALSA: timer: Fix master timer notification
      sound/core/timer.c
  * HID: multitouch: require Finger field to mark Win8 reports as MT
      drivers/hid/hid-multitouch.c
    net: caif: fix memory leak in cfusbl_device_notify
    net: caif: fix memory leak in caif_device_notify
  * net: caif: add proper error handling
      include/net/caif/caif_dev.h
      include/net/caif/cfcnfg.h
  * net: caif: added cfserl_release function
      include/net/caif/cfserl.h
  * Bluetooth: use correct lock to prevent UAF of hdev object
      net/bluetooth/hci_sock.c
  * Bluetooth: fix the erroneous flush_work() order
      net/bluetooth/hci_core.c
  * tipc: fix unique bearer names sanity check
      net/tipc/bearer.c
  * tipc: add extack messages for bearer/media failure
      net/tipc/bearer.c
    ixgbevf: add correct exception tracing for XDP
    ieee802154: fix error return code in ieee802154_llsec_getparams()
    ieee802154: fix error return code in ieee802154_add_iface()
    netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches
    HID: i2c-hid: fix format string mismatch
    HID: pidff: fix error return code in hid_pidff_init()
    ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
    vfio/platform: fix module_put call in error flow
    samples: vfio-mdev: fix error handing in mdpy_fb_probe()
  * vfio/pci: zap_vma_ptes() needs MMU
      drivers/vfio/pci/Kconfig
    vfio/pci: Fix error return code in vfio_ecap_init()
    efi: cper: fix snprintf() use in cper_dimm_err_location()
    efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
  * nl80211: validate key indexes for cfg80211_registered_device
      net/wireless/core.h
      net/wireless/nl80211.c
      net/wireless/util.c
  * ALSA: usb: update old-style static const declaration
      sound/usb/mixer_quirks.c
  * net: usb: cdc_ncm: don't spew notifications
      drivers/net/usb/cdc_ncm.c
      include/linux/usb/usbnet.h
    Merge 4.19.193 into android-4.19-stable
Linux 4.19.193
  * usb: core: reduce power-on-good delay time of root hub
      drivers/usb/core/hub.h
    net: hns3: check the return of skb_checksum_help()
    drivers/net/ethernet: clean up unused assignments
  * hugetlbfs: hugetlb_fault_mutex_hash() cleanup
      include/linux/hugetlb.h
    MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
    MIPS: alchemy: xxs1500: add gpio-au1000.h header file
    sch_dsmark: fix a NULL deref in qdisc_reset()
  * ipv6: record frag_max_size in atomic fragments in input path
      net/ipv6/reassembly.c
    scsi: libsas: Use _safe() loop in sas_resume_port()
    ixgbe: fix large MTU request from VF
  * bpf: Set mac_len in bpf_skb_change_head
      net/core/filter.c
    ASoC: cs35l33: fix an error code in probe()
    staging: emxx_udc: fix loop in _nbu2ss_nuke()
  * mld: fix panic in mld_newpack()
      net/ipv6/mcast.c
    net: bnx2: Fix error return code in bnx2_init_board()
    openvswitch: meter: fix race when getting now_ms.
    net: mdio: octeon: Fix some double free issues
    net: mdio: thunder: Fix a double free issue in the .remove function
    net: fec: fix the potential memory leak in fec_enet_init()
    net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count
    net: netcp: Fix an error message
    drm/amdgpu: Fix a use-after-free
    drm/amd/amdgpu: fix refcount leak
    drm/amd/display: Disconnect non-DP with no EDID
    SMB3: incorrect file id in requests compounded with open
    platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
    platform/x86: hp-wireless: add AMD's hardware id to the supported list
    btrfs: do not BUG_ON in link_to_fixup_dir
    openrisc: Define memory barrier mb
    scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
    media: gspca: properly check for errors in po1030_probe()
    media: dvb: Add check on sp8870_readreg return
    ASoC: cs43130: handle errors in cs43130_probe() properly
    libertas: register sysfs groups properly
    dmaengine: qcom_hidma: comment platform_driver_register call
    isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
    char: hpet: add checks after calling ioremap
    net: caif: remove BUG_ON(dev == NULL) in caif_xmit
    net: fujitsu: fix potential null-ptr-deref
    serial: max310x: unregister uart driver in case of failure and abort
    platform/x86: hp_accel: Avoid invoking _INI to speed up resume
    perf jevents: Fix getting maximum number of fds
    i2c: i801: Don't generate an interrupt on bus reset
    i2c: s3c2410: fix possible NULL pointer deref on read message after write
    net: dsa: fix a crash if ->get_sset_count() fails
    net: dsa: mt7530: fix VLAN traffic leaks
  * tipc: skb_linearize the head skb when reassembling msgs
      net/tipc/msg.c
  * Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv"
      net/tipc/socket.c
    net/mlx4: Fix EEPROM dump support
    drm/meson: fix shutdown crash when component not probed
    NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
    NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
    NFS: fix an incorrect limit in filelayout_decode_layout()
    Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
    spi: mt7621: Don't leak SPI master in probe error path
    spi: mt7621: Disable clock in probe error path
    spi: gpio: Don't leak SPI master in probe error path
  * bpf: No need to simulate speculative domain for immediates
      kernel/bpf/verifier.c
  * bpf: Fix mask direction swap upon off reg sign change
      kernel/bpf/verifier.c
  * bpf: Wrap aux data inside bpf_sanitize_info container
      kernel/bpf/verifier.c
  * bpf: Fix leakage of uninitialized bpf stack under speculation
      include/linux/bpf_verifier.h
      kernel/bpf/verifier.c
    bpf: Update selftests to reflect new error states
  * bpf: Tighten speculative pointer arithmetic mask
      kernel/bpf/verifier.c
  * bpf: Move sanitize_val_alu out of op switch
      kernel/bpf/verifier.c
  * bpf: Refactor and streamline bounds check into helper
      kernel/bpf/verifier.c
  * bpf: Improve verifier error messages for users
      kernel/bpf/verifier.c
  * bpf: Rework ptr_limit into alu_limit and add common error path
      kernel/bpf/verifier.c
  * bpf: Ensure off_reg has no mixed signed bounds for all types
      kernel/bpf/verifier.c
  * bpf: Move off_reg into sanitize_ptr_alu
      kernel/bpf/verifier.c
    bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test
    bpf: Test_verifier, bpf_get_stack return value add <0
  * bpf: extend is_branch_taken to registers
      kernel/bpf/verifier.c
    selftests/bpf: add selftest part of "bpf: improve verifier branch analysis"
    selftests/bpf: Test narrow loads with off > 0 in test_verifier
    bpf, selftests: Fix up some test_verifier cases for unprivileged
    bpf: fix up selftests after backports were fixed
    net: usb: fix memory leak in smsc75xx_bind
    usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
  * usb: dwc3: gadget: Properly track pending and queued SG
      drivers/usb/dwc3/gadget.c
    USB: serial: pl2303: add device id for ADLINK ND-6530 GC
    USB: serial: ftdi_sio: add IDs for IDS GmbH Products
    USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
    USB: serial: ti_usb_3410_5052: add startech.com device id
    serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
    serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
  * USB: usbfs: Don't WARN about excessively large memory allocations
      drivers/usb/core/devio.c
    USB: trancevibrator: fix control-request direction
    iio: adc: ad7793: Add missing error code in ad7793_setup()
    staging: iio: cdc: ad7746: avoid overwrite of num_channels
    mei: request autosuspend after sending rx flow control
    thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
    misc/uss720: fix memory leak in uss720_probe
    kgdb: fix gcc-11 warnings harder
  * dm snapshot: properly fix a crash when an origin has no snapshots
      drivers/md/dm-snap.c
    ath10k: Validate first subframe of A-MSDU before processing the list
    mac80211: extend protection against mixed key and fragment cache attacks
    mac80211: do not accept/forward invalid EAPOL frames
    mac80211: prevent attacks on TKIP/WEP as well
    mac80211: check defrag PN against current frame
    mac80211: add fragment cache to sta_info
    mac80211: drop A-MSDUs on old ciphers
  * cfg80211: mitigate A-MSDU aggregation attacks
      net/wireless/util.c
  * mac80211: properly handle A-MSDUs that start with an RFC 1042 header
      include/net/cfg80211.h
      net/wireless/util.c
    mac80211: prevent mixed key and fragment cache attacks
    mac80211: assure all fragments are encrypted
    net: hso: fix control-request directions
  * proc: Check /proc/$pid/attr/ writes against file opener
      fs/proc/base.c
    perf intel-pt: Fix transaction abort handling
    perf intel-pt: Fix sample instruction bytes
    iommu/vt-d: Fix sysfs leak in alloc_iommu()
    NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
    cifs: set server->cipher_type to AES-128-CCM for SMB3.0
  * NFC: nci: fix memory leak in nci_allocate_device
      include/net/nfc/nci_core.h
  * usb: dwc3: gadget: Enable suspend events
      drivers/usb/dwc3/gadget.c
  * mm, vmstat: drop zone->lock in /proc/pagetypeinfo
      mm/vmstat.c
    Merge 4.19.192 into android-4.19-stable
  * Revert "spi: Fix use-after-free with devm_spi_alloc_*"
      drivers/spi/spi.c
      include/linux/spi/spi.h
  * Revert "modules: inherit TAINT_PROPRIETARY_MODULE"
      include/linux/module.h
      kernel/module.c
Linux 4.19.192
  * Bluetooth: SMP: Fail if remote and local public keys are identical
      net/bluetooth/smp.c
    video: hgafb: correctly handle card detect failure during probe
    tty: vt: always invoke vc->vc_sw->con_resize callback
  * vt: Fix character height handling with VT_RESIZEX
      include/linux/console_struct.h
    vgacon: Record video mode changes with VT_RESIZEX
    video: hgafb: fix potential NULL pointer dereference
    qlcnic: Add null check after calling netdev_alloc_skb
    leds: lp5523: check return value of lp5xx_read and jump to cleanup code
    net: rtlwifi: properly check for alloc_workqueue() failure
    scsi: ufs: handle cleanup correctly on devm_reset_control_get error
    net: stmicro: handle clk_prepare() failure during init
    ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
    Revert "niu: fix missing checks of niu_pci_eeprom_read"
    Revert "qlcnic: Avoid potential NULL pointer dereference"
    Revert "rtlwifi: fix a potential NULL pointer dereference"
    Revert "media: rcar_drif: fix a memory disclosure"
    cdrom: gdrom: initialize global variable at init time
    cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
    Revert "gdrom: fix a memory leak bug"
    Revert "scsi: ufs: fix a missing check of devm_reset_control_get"
  * Revert "ecryptfs: replace BUG_ON with error handling code"
      fs/ecryptfs/crypto.c
    Revert "video: imsttfb: fix potential NULL pointer dereferences"
    Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
    Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"
    Revert "net: stmicro: fix a missing check of clk_prepare"
    Revert "video: hgafb: fix potential NULL pointer dereference"
  * dm snapshot: fix crash with transient storage and zero chunk size
      drivers/md/dm-snap.c
    xen-pciback: reconfigure also from backend watch handler
    Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference"
    rapidio: handle create_workqueue() failure
    Revert "rapidio: fix a NULL pointer dereference when create_workqueue() fails"
    ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293
    ALSA: hda/realtek: reset eapd coeff to default value for alc287
    Revert "ALSA: sb8: add a check for request_region"
  * ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
      sound/firewire/Kconfig
  * ALSA: usb-audio: Validate MS endpoint descriptors
      sound/usb/midi.c
    ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26
    ALSA: line6: Fix racy initialization of LINE6 MIDI
    ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency
    cifs: fix memory leak in smb2_copychunk_range
  * locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
      kernel/locking/mutex.c
      kernel/locking/mutex.h
    nvmet: seset ns->file when open fails
  * ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
      kernel/ptrace.c
    platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
    RDMA/mlx5: Recover from fatal event in dual port mode
    scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword()
    RDMA/rxe: Clear all QP fields if creation failed
    openrisc: Fix a memory leak
    firmware: arm_scpi: Prevent the ternary sign expansion bug

Bug: 192919066
Change-Id: I94d2e40c5024fc0f1b6fac206b04c73765df4cb0
Signed-off-by: Lucas Wei <lucaswei@google.com>
2021-08-03 17:13:29 +08:00

415 lines
12 KiB
C
Raw Blame History

/* SPDX-License-Identifier: GPL-2.0 */
/*
* Security server interface.
*
* Author : Stephen Smalley, <sds@tycho.nsa.gov>
*
*/
#ifndef _SELINUX_SECURITY_H_
#define _SELINUX_SECURITY_H_
#include <linux/compiler.h>
#include <linux/dcache.h>
#include <linux/magic.h>
#include <linux/types.h>
#include <linux/refcount.h>
#include <linux/workqueue.h>
#include "flask.h"
#define SECSID_NULL 0x00000000 /* unspecified SID */
#define SECSID_WILD 0xffffffff /* wildcard SID */
#define SECCLASS_NULL 0x0000 /* no class */
/* Identify specific policy version changes */
#define POLICYDB_VERSION_BASE 15
#define POLICYDB_VERSION_BOOL 16
#define POLICYDB_VERSION_IPV6 17
#define POLICYDB_VERSION_NLCLASS 18
#define POLICYDB_VERSION_VALIDATETRANS 19
#define POLICYDB_VERSION_MLS 19
#define POLICYDB_VERSION_AVTAB 20
#define POLICYDB_VERSION_RANGETRANS 21
#define POLICYDB_VERSION_POLCAP 22
#define POLICYDB_VERSION_PERMISSIVE 23
#define POLICYDB_VERSION_BOUNDARY 24
#define POLICYDB_VERSION_FILENAME_TRANS 25
#define POLICYDB_VERSION_ROLETRANS 26
#define POLICYDB_VERSION_NEW_OBJECT_DEFAULTS 27
#define POLICYDB_VERSION_DEFAULT_TYPE 28
#define POLICYDB_VERSION_CONSTRAINT_NAMES 29
#define POLICYDB_VERSION_XPERMS_IOCTL 30
#define POLICYDB_VERSION_INFINIBAND 31
/* Range of policy versions we understand*/
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
#define POLICYDB_VERSION_MAX POLICYDB_VERSION_INFINIBAND
/* Mask for just the mount related flags */
#define SE_MNTMASK 0x0f
/* Super block security struct flags for mount options */
/* BE CAREFUL, these need to be the low order bits for selinux_get_mnt_opts */
#define CONTEXT_MNT 0x01
#define FSCONTEXT_MNT 0x02
#define ROOTCONTEXT_MNT 0x04
#define DEFCONTEXT_MNT 0x08
#define SBLABEL_MNT 0x10
/* Non-mount related flags */
#define SE_SBINITIALIZED 0x0100
#define SE_SBPROC 0x0200
#define SE_SBGENFS 0x0400
#define CONTEXT_STR "context="
#define FSCONTEXT_STR "fscontext="
#define ROOTCONTEXT_STR "rootcontext="
#define DEFCONTEXT_STR "defcontext="
#define LABELSUPP_STR "seclabel"
struct netlbl_lsm_secattr;
extern int selinux_enabled;
/* Policy capabilities */
enum {
POLICYDB_CAPABILITY_NETPEER,
POLICYDB_CAPABILITY_OPENPERM,
POLICYDB_CAPABILITY_EXTSOCKCLASS,
POLICYDB_CAPABILITY_ALWAYSNETWORK,
POLICYDB_CAPABILITY_CGROUPSECLABEL,
POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
__POLICYDB_CAPABILITY_MAX
};
#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
extern const char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX];
/*
* type_datum properties
* available at the kernel policy version >= POLICYDB_VERSION_BOUNDARY
*/
#define TYPEDATUM_PROPERTY_PRIMARY 0x0001
#define TYPEDATUM_PROPERTY_ATTRIBUTE 0x0002
/* limitation of boundary depth */
#define POLICYDB_BOUNDS_MAXDEPTH 4
struct selinux_avc;
struct selinux_ss;
struct selinux_state {
bool disabled;
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
bool enforcing;
#endif
bool checkreqprot;
bool initialized;
bool policycap[__POLICYDB_CAPABILITY_MAX];
bool android_netlink_route;
bool android_netlink_getneigh;
struct selinux_avc *avc;
struct selinux_ss *ss;
};
void selinux_ss_init(struct selinux_ss **ss);
void selinux_avc_init(struct selinux_avc **avc);
extern struct selinux_state selinux_state;
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
static inline bool enforcing_enabled(struct selinux_state *state)
{
return state->enforcing;
}
static inline void enforcing_set(struct selinux_state *state, bool value)
{
state->enforcing = value;
}
#else
static inline bool enforcing_enabled(struct selinux_state *state)
{
return true;
}
static inline void enforcing_set(struct selinux_state *state, bool value)
{
}
#endif
static inline bool selinux_policycap_netpeer(void)
{
struct selinux_state *state = &selinux_state;
return state->policycap[POLICYDB_CAPABILITY_NETPEER];
}
static inline bool selinux_policycap_openperm(void)
{
struct selinux_state *state = &selinux_state;
return state->policycap[POLICYDB_CAPABILITY_OPENPERM];
}
static inline bool selinux_policycap_extsockclass(void)
{
struct selinux_state *state = &selinux_state;
return state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS];
}
static inline bool selinux_policycap_alwaysnetwork(void)
{
struct selinux_state *state = &selinux_state;
return state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK];
}
static inline bool selinux_policycap_cgroupseclabel(void)
{
struct selinux_state *state = &selinux_state;
return state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL];
}
static inline bool selinux_policycap_nnp_nosuid_transition(void)
{
struct selinux_state *state = &selinux_state;
return state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION];
}
static inline bool selinux_android_nlroute_getlink(void)
{
struct selinux_state *state = &selinux_state;
return state->android_netlink_route;
}
static inline bool selinux_android_nlroute_getneigh(void)
{
struct selinux_state *state = &selinux_state;
return state->android_netlink_getneigh;
}
int security_mls_enabled(struct selinux_state *state);
int security_load_policy(struct selinux_state *state,
void *data, size_t len);
int security_read_policy(struct selinux_state *state,
void **data, size_t *len);
size_t security_policydb_len(struct selinux_state *state);
int security_policycap_supported(struct selinux_state *state,
unsigned int req_cap);
#define SEL_VEC_MAX 32
struct av_decision {
u32 allowed;
u32 auditallow;
u32 auditdeny;
u32 seqno;
u32 flags;
};
#define XPERMS_ALLOWED 1
#define XPERMS_AUDITALLOW 2
#define XPERMS_DONTAUDIT 4
#define security_xperm_set(perms, x) (perms[x >> 5] |= 1 << (x & 0x1f))
#define security_xperm_test(perms, x) (1 & (perms[x >> 5] >> (x & 0x1f)))
struct extended_perms_data {
u32 p[8];
};
struct extended_perms_decision {
u8 used;
u8 driver;
struct extended_perms_data *allowed;
struct extended_perms_data *auditallow;
struct extended_perms_data *dontaudit;
};
struct extended_perms {
u16 len; /* length associated decision chain */
struct extended_perms_data drivers; /* flag drivers that are used */
};
/* definitions of av_decision.flags */
#define AVD_FLAGS_PERMISSIVE 0x0001
void security_compute_av(struct selinux_state *state,
u32 ssid, u32 tsid,
u16 tclass, struct av_decision *avd,
struct extended_perms *xperms);
void security_compute_xperms_decision(struct selinux_state *state,
u32 ssid, u32 tsid, u16 tclass,
u8 driver,
struct extended_perms_decision *xpermd);
void security_compute_av_user(struct selinux_state *state,
u32 ssid, u32 tsid,
u16 tclass, struct av_decision *avd);
int security_transition_sid(struct selinux_state *state,
u32 ssid, u32 tsid, u16 tclass,
const struct qstr *qstr, u32 *out_sid);
int security_transition_sid_user(struct selinux_state *state,
u32 ssid, u32 tsid, u16 tclass,
const char *objname, u32 *out_sid);
int security_member_sid(struct selinux_state *state, u32 ssid, u32 tsid,
u16 tclass, u32 *out_sid);
int security_change_sid(struct selinux_state *state, u32 ssid, u32 tsid,
u16 tclass, u32 *out_sid);
int security_sid_to_context(struct selinux_state *state, u32 sid,
char **scontext, u32 *scontext_len);
int security_sid_to_context_force(struct selinux_state *state,
u32 sid, char **scontext, u32 *scontext_len);
int security_context_to_sid(struct selinux_state *state,
const char *scontext, u32 scontext_len,
u32 *out_sid, gfp_t gfp);
int security_context_str_to_sid(struct selinux_state *state,
const char *scontext, u32 *out_sid, gfp_t gfp);
int security_context_to_sid_default(struct selinux_state *state,
const char *scontext, u32 scontext_len,
u32 *out_sid, u32 def_sid, gfp_t gfp_flags);
int security_context_to_sid_force(struct selinux_state *state,
const char *scontext, u32 scontext_len,
u32 *sid);
int security_get_user_sids(struct selinux_state *state,
u32 callsid, char *username,
u32 **sids, u32 *nel);
int security_port_sid(struct selinux_state *state,
u8 protocol, u16 port, u32 *out_sid);
int security_ib_pkey_sid(struct selinux_state *state,
u64 subnet_prefix, u16 pkey_num, u32 *out_sid);
int security_ib_endport_sid(struct selinux_state *state,
const char *dev_name, u8 port_num, u32 *out_sid);
int security_netif_sid(struct selinux_state *state,
char *name, u32 *if_sid);
int security_node_sid(struct selinux_state *state,
u16 domain, void *addr, u32 addrlen,
u32 *out_sid);
int security_validate_transition(struct selinux_state *state,
u32 oldsid, u32 newsid, u32 tasksid,
u16 tclass);
int security_validate_transition_user(struct selinux_state *state,
u32 oldsid, u32 newsid, u32 tasksid,
u16 tclass);
int security_bounded_transition(struct selinux_state *state,
u32 oldsid, u32 newsid);
int security_sid_mls_copy(struct selinux_state *state,
u32 sid, u32 mls_sid, u32 *new_sid);
int security_net_peersid_resolve(struct selinux_state *state,
u32 nlbl_sid, u32 nlbl_type,
u32 xfrm_sid,
u32 *peer_sid);
int security_get_classes(struct selinux_state *state,
char ***classes, int *nclasses);
int security_get_permissions(struct selinux_state *state,
char *class, char ***perms, int *nperms);
int security_get_reject_unknown(struct selinux_state *state);
int security_get_allow_unknown(struct selinux_state *state);
#define SECURITY_FS_USE_XATTR 1 /* use xattr */
#define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */
#define SECURITY_FS_USE_TASK 3 /* use task SIDs, e.g. pipefs/sockfs */
#define SECURITY_FS_USE_GENFS 4 /* use the genfs support */
#define SECURITY_FS_USE_NONE 5 /* no labeling support */
#define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */
#define SECURITY_FS_USE_NATIVE 7 /* use native label support */
#define SECURITY_FS_USE_MAX 7 /* Highest SECURITY_FS_USE_XXX */
int security_fs_use(struct selinux_state *state, struct super_block *sb);
int security_genfs_sid(struct selinux_state *state,
const char *fstype, char *name, u16 sclass,
u32 *sid);
#ifdef CONFIG_NETLABEL
int security_netlbl_secattr_to_sid(struct selinux_state *state,
struct netlbl_lsm_secattr *secattr,
u32 *sid);
int security_netlbl_sid_to_secattr(struct selinux_state *state,
u32 sid,
struct netlbl_lsm_secattr *secattr);
#else
static inline int security_netlbl_secattr_to_sid(struct selinux_state *state,
struct netlbl_lsm_secattr *secattr,
u32 *sid)
{
return -EIDRM;
}
static inline int security_netlbl_sid_to_secattr(struct selinux_state *state,
u32 sid,
struct netlbl_lsm_secattr *secattr)
{
return -ENOENT;
}
#endif /* CONFIG_NETLABEL */
const char *security_get_initial_sid_context(u32 sid);
/*
* status notifier using mmap interface
*/
extern struct page *selinux_kernel_status_page(struct selinux_state *state);
#define SELINUX_KERNEL_STATUS_VERSION 1
struct selinux_kernel_status {
u32 version; /* version number of thie structure */
u32 sequence; /* sequence number of seqlock logic */
u32 enforcing; /* current setting of enforcing mode */
u32 policyload; /* times of policy reloaded */
u32 deny_unknown; /* current setting of deny_unknown */
/*
* The version > 0 supports above members.
*/
} __packed;
extern void selinux_status_update_setenforce(struct selinux_state *state,
int enforcing);
extern void selinux_status_update_policyload(struct selinux_state *state,
int seqno);
extern void selinux_complete_init(void);
extern int selinux_disable(struct selinux_state *state);
extern void exit_sel_fs(void);
extern struct path selinux_null;
extern struct vfsmount *selinuxfs_mount;
extern void selnl_notify_setenforce(int val);
extern void selnl_notify_policyload(u32 seqno);
extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
extern void avtab_cache_init(void);
extern void ebitmap_cache_init(void);
extern void hashtab_cache_init(void);
extern void selinux_nlmsg_init(void);
extern int security_sidtab_hash_stats(struct selinux_state *state, char *page);
extern void selinux_nlmsg_init(void);
#endif /* _SELINUX_SECURITY_H_ */
Reference in New Issue View Git Blame Copy Permalink