bka
327 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
7b75470252 |
Merge remote-tracking branch 'sm8250/lineage-20' into lineage-21
* sm8250/lineage-20:
alarmtimer: Make alarmtimer platform device child of RTC device
Revert "timers: Rename del_timer_sync() to timer_delete_sync()"
Revert "geneve: make sure to pull inner header in geneve_rx()"
Linux 4.19.312
amdkfd: use calloc instead of kzalloc to avoid integer overflow
initramfs: fix populate_initrd_image() section mismatch
ip_gre: do not report erspan version on GRE interface
erspan: Check IFLA_GRE_ERSPAN_VER is set.
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Bluetooth: btintel: Fixe build regression
x86/mm/pat: fix VM_PAT handling in COW mappings
virtio: reenable config if freezing device failed
drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
fbmon: prevent division by zero in fb_videomode_from_videomode()
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
tools: iio: replace seekdir() in iio_generic_buffer
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Input: allocate keycode for Display refresh rate toggle
block: prevent division by zero in blk_rq_stat_sum()
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
drm/amd/display: Fix nanosec stat overflow
media: sta2x11: fix irq handler cast
isofs: handle CDs with bad root inode but good Joliet root directory
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
sysv: don't call sb_bread() with pointers_lock held
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
btrfs: send: handle path ref underflow in header iterate_inode_ref()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
arm64: dts: rockchip: fix rk3399 hdmi ports node
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
ata: sata_mv: Fix PCI device ID table declaration compilation warning
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
erspan: make sure erspan_base_hdr is present in skb->head
erspan: Add type I version 0 support.
init: open /initrd.image with O_LARGEFILE
initramfs: switch initramfs unpacking to struct file based APIs
fs: add a vfs_fchmod helper
fs: add a vfs_fchown helper
initramfs: factor out a helper to populate the initrd image
staging: vc04_services: fix information leak in create_component()
staging: vc04_services: changen strncpy() to strscpy_pad()
staging: mmal-vchiq: Fix client_component for 64 bit kernel
staging: mmal-vchiq: Allocate and free components as required
staging: mmal-vchiq: Avoid use of bool in structures
i40e: fix vf may be used uninitialized in this function warning
ipv6: Fix infinite recursion in fib6_dump_done().
selftests: reuseaddr_conflict: add missing new line at the end of the output
net: stmmac: fix rx queue priority assignment
net/sched: act_skbmod: prevent kernel-infoleak
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
net/rds: fix possible cp null dereference
netfilter: nf_tables: disallow timeout for anonymous sets
Bluetooth: Fix TOCTOU in HCI debugfs implementation
Bluetooth: hci_event: set the conn encrypted before conn establishes
r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
tcp: properly terminate timers for kernel sockets
mptcp: add sk_stop_timer_sync helper
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
USB: core: Fix deadlock in usb_deauthorize_interface()
scsi: lpfc: Correct size for wqe for memset()
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
scsi: qla2xxx: Fix command flush on cable pull
usb: udc: remove warning when queue disabled ep
usb: dwc2: gadget: LPM flow fix
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix remote wakeup from hibernation
loop: loop_set_status_from_info() check before assignment
loop: Check for overflow while configuring loop
loop: Factor out configuring loop from status
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
efivarfs: Request at most 512 bytes for variable names
perf/core: Fix reentry problem in perf_output_read_group()
loop: properly observe rotational flag of underlying device
loop: Refactor loop_set_status() size calculation
loop: Factor out setting loop device size
loop: Remove sector_t truncation checks
loop: Call loop_config_discard() only after new config is applied
Revert "loop: Check for overflow while configuring loop"
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
printk: Update @console_may_schedule in console_trylock_spinning()
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
usb: cdc-wdm: close race between read and workqueue
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
mm/migrate: set swap entry values of THP tail pages properly.
mm/memory-failure: fix an incorrect use of tail pages
vt: fix memory overlapping when deleting chars in the buffer
vt: fix unicode buffer corruption when deleting characters
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
usb: port: Don't try to peer unused USB ports based on location
usb: gadget: ncm: Fix handling of zero block length packets
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
netfilter: nf_tables: reject constant set with timeout
netfilter: nf_tables: disallow anonymous set with timeout flag
comedi: comedi_test: Prevent timers rescheduling during deletion
ahci: asm1064: asm1166: don't limit reported ports
ahci: asm1064: correct count of reported ports
x86/CPU/AMD: Update the Zenbleed microcode revisions
nilfs2: prevent kernel bug at submit_bh_wbc()
nilfs2: use a more common logging style
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
memtest: use {READ,WRITE}_ONCE in memory scanning
drm/vc4: hdmi: do not return negative values from .get_modes()
drm/imx/ipuv3: do not return negative values from .get_modes()
s390/zcrypt: fix reference counting on zcrypt card objects
soc: fsl: qbman: Use raw spinlock for cgr_lock
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
vfio/platform: Disable virqfds on cleanup
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
speakup: Fix 8bit characters from direct synth
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
ext4: fix corruption during on-line resize
hwmon: (amc6821) add of_match table
mmc: core: Fix switch on gp3 partition
dm-raid: fix lockdep waring in "pers->hot_add_disk"
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
PCI/PM: Drain runtime-idle callbacks before driver removal
PCI: Drop pci_device_remove() test of pci_dev->driver
fuse: don't unhash root
mmc: tmio: avoid concurrent runs of mmc_request_done()
PM: sleep: wakeirq: fix wake irq warning in system suspend
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
USB: serial: option: add MeiG Smart SLM320 product
USB: serial: cp210x: add ID for MGP Instruments PDS100
USB: serial: add device ID for VeriFone adapter
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
powerpc/fsl: Fix mfpmr build errors with newer binutils
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
PM: suspend: Set mem_sleep_current during kernel command line setup
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix ip_fast_csum
parisc: Do not hardcode registers in checksum functions
ubi: correct the calculation of fastmap size
ubi: Check for too small LEB size in VTBL code
ubifs: Set page uptodate in the correct place
fat: fix uninitialized field in nostale filehandles
crypto: qat - resolve race condition during AER recovery
crypto: qat - fix double free during reset
sparc: vDSO: fix return value of __setup handler
sparc64: NMI watchdog: fix return value of __setup handler
KVM: Always flush async #PF workqueue when vCPU is being destroyed
media: xc4000: Fix atomicity violation in xc4000_get_frequency
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
ARM: dts: mmp2-brownstone: Don't redeclare phandle references
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
timers: Rename del_timer_sync() to timer_delete_sync()
timers: Use del_timer_sync() even on UP
timers: Update kernel-doc for various functions
timers: Prepare support for PREEMPT_RT
timer/trace: Improve timer tracing
timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps
x86/bugs: Use sysfs_emit()
x86/cpu: Support AMD Automatic IBRS
Documentation/hw-vuln: Update spectre doc
Linux 4.19.311
crypto: af_alg - Work around empty control messages without MSG_MORE
crypto: af_alg - Fix regression on empty requests
spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
net/bnx2x: Prevent access to a freed page in page_pool
hsr: Handle failures in module init
rds: introduce acquire/release ordering in acquire/release_in_xmit()
hsr: Fix uninit-value access in hsr_get_node()
net: hsr: fix placement of logical operator in a multi-line statement
usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
staging: greybus: fix get_channel_from_mode() failure path
serial: 8250_exar: Don't remove GPIO device on suspend
rtc: mt6397: select IRQ_DOMAIN instead of depending on it
kconfig: fix infinite loop when expanding a macro at the end of file
tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
serial: max310x: fix syntax error in IRQ error message
clk: qcom: gdsc: Add support to update GDSC transition delay
NFS: Fix an off by one in root_nfs_cat()
net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
scsi: csiostor: Avoid function pointer casts
ALSA: usb-audio: Stop parsing channels bits when all channels are found.
sparc32: Fix section mismatch in leon_pci_grpci
backlight: lp8788: Fully initialize backlight_properties during probe
backlight: lm3639: Fully initialize backlight_properties during probe
backlight: da9052: Fully initialize backlight_properties during probe
backlight: lm3630a: Don't set bl->props.brightness in get_brightness
backlight: lm3630a: Initialize backlight_properties on init
powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
media: go7007: fix a memleak in go7007_load_encoder
media: dvb-frontends: avoid stack overflow warnings with clang
media: pvrusb2: fix uaf in pvr2_context_set_notify
drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs
mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
crypto: arm/sha - fix function cast warnings
crypto: arm - Rename functions to avoid conflict with crypto/sha256.h
mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
drm/tegra: put drm_gem_object ref on error in tegra_fb_create
clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister()
PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
firmware: qcom: scm: Add WLAN VMID for Qualcomm SCM interface
media: pvrusb2: fix pvr2_stream_callback casts
media: go7007: add check of return value of go7007_read_addr()
ALSA: seq: fix function cast warnings
drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str()
quota: Fix rcu annotations of inode dquot pointers
quota: Fix potential NULL pointer dereference
quota: simplify drop_dquot_ref()
quota: check time limit when back out space/inode change
fs/quota: erase unused but set variable warning
quota: code cleanup for __dquot_alloc_space()
clk: qcom: reset: Ensure write completion on reset de/assertion
clk: qcom: reset: Commonize the de/assert functions
clk: qcom: reset: support resetting multiple bits
clk: qcom: reset: Allow specifying custom reset delay
media: edia: dvbdev: fix a use-after-free
media: dvb-core: Fix use-after-free due to race at dvb_register_device()
media: dvbdev: fix error logic at dvb_register_device()
media: dvbdev: Fix memleak in dvb_register_device
media: media/dvb: Use kmemdup rather than duplicating its implementation
media: dvbdev: remove double-unlock
media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
media: v4l2-tpg: fix some memleaks in tpg_alloc
media: em28xx: annotate unchecked call to media_device_register()
ABI: sysfs-bus-pci-devices-aer_stats uses an invalid tag
perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample()
media: tc358743: register v4l2 async device only after successful setup
drm/rockchip: lvds: do not print scary message when probing defer
drm/rockchip: lvds: do not overwrite error code
drm: Don't treat 0 as -1 in drm_fixp2int_ceil
drm/rockchip: inno_hdmi: Fix video timing
drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe()
drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe()
drm/tegra: dsi: Make use of the helper function dev_err_probe()
gpu: host1x: mipi: Update tegra_mipi_request() to be node based
drm/tegra: dsi: Add missing check for of_find_device_by_node
dm: call the resume method on internal suspend
dm raid: fix false positive for requeue needed during reshape
nfp: flower: handle acti_netdevs allocation failure
net/x25: fix incorrect parameter validation in the x25_getsockopt() function
net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function
tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function
ipv6: fib6_rules: flush route cache when rule is changed
bpf: Fix stackmap overflow check on 32-bit arches
bpf: Fix hashtab overflow check on 32-bit arches
sr9800: Add check for usbnet_get_endpoints
Bluetooth: hci_core: Fix possible buffer overflow
Bluetooth: Remove superfluous call to hci_conn_check_pending()
igb: Fix missing time sync events
igb: move PEROUT and EXTTS isr logic to separate functions
mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function
SUNRPC: fix some memleaks in gssx_dec_option_array
x86, relocs: Ignore relocations in .notes section
ACPI: scan: Fix device check notification handling
ARM: dts: arm: realview: Fix development chip ROM compatible value
wifi: brcmsmac: avoid function pointer casts
iommu/amd: Mark interrupt as managed
bus: tegra-aconnect: Update dependency to ARCH_TEGRA
ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
sock_diag: annotate data-races around sock_diag_handlers[family]
wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir()
wifi: b43: Disable QoS for bcm4331
wifi: b43: Stop correct queue in DMA worker when QoS is disabled
b43: main: Fix use true/false for bool type
wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
b43: dma: Fix use true/false for bool type variable
wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
timekeeping: Fix cross-timestamp interpolation for non-x86
timekeeping: Fix cross-timestamp interpolation corner case decision
timekeeping: Fix cross-timestamp interpolation on counter wrap
aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
md: Don't clear MD_CLOSING when the raid is about to stop
md: implement ->set_read_only to hook into BLKROSET processing
block: add a new set_read_only method
md: switch to ->check_events for media change notifications
fs/select: rework stack allocation hack for clang
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
crypto: algif_aead - Only wake up when ctx->more is zero
crypto: af_alg - make some functions static
crypto: algif_aead - fix uninitialized ctx->init
ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
Input: gpio_keys_polled - suppress deferred probe error for gpio
ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
firewire: core: use long bus reset on gap count error
Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
dm-verity, dm-crypt: align "struct bvec_iter" correctly
block: sed-opal: handle empty atoms when parsing response
net/iucv: fix the allocation size of iucv_path_table array
MIPS: Clear Cause.BD in instruction_pointer_set
x86/xen: Add some null pointer checking to smp.c
ASoC: rt5645: Make LattePanda board DMI match more precise
Linux 4.19.310
selftests/vm: fix map_hugetlb length used for testing read and write
selftests/vm: fix display of page size in map_hugetlb
getrusage: use sig->stats_lock rather than lock_task_sighand()
getrusage: use __for_each_thread()
getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()
getrusage: add the "signal_struct *sig" local variable
y2038: rusage: use __kernel_old_timeval
hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
hv_netvsc: use netif_is_bond_master() instead of open code
hv_netvsc: Make netvsc/VF binding check both MAC and serial number
Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
um: allow not setting extra rpaths in the linux binary
selftests: mm: fix map_hugetlb failure on 64K page size systems
tools/selftest/vm: allow choosing mem size and page size in map_hugetlb
btrfs: ref-verify: free ref cache before clearing mount opt
netrom: Fix data-races around sysctl_net_busy_read
netrom: Fix a data-race around sysctl_netrom_link_fails_count
netrom: Fix a data-race around sysctl_netrom_routing_control
netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size
netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
netrom: Fix a data-race around sysctl_netrom_transport_timeout
netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser
netrom: Fix a data-race around sysctl_netrom_default_path_quality
netfilter: nf_conntrack_h323: Add protection for bmp length out of range
net/rds: fix WARNING in rds_conn_connect_if_down
net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
geneve: make sure to pull inner header in geneve_rx()
net: move definition of pcpu_lstats to header file
net: lan78xx: fix runtime PM count underflow on link stop
lan78xx: Fix race conditions in suspend/resume handling
lan78xx: Fix partial packet errors on suspend/resume
lan78xx: Add missing return code checks
lan78xx: Fix white space and style issues
net: usb: lan78xx: Remove lots of set but unused 'ret' variables
Linux 4.19.309
gpio: 74x164: Enable output pins after registers are reset
cachefiles: fix memory leak in cachefiles_add_cache()
mmc: core: Fix eMMC initialization with 1-bit bus connection
btrfs: dev-replace: properly validate device names
wifi: nl80211: reject iftype change with mesh ID change
gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
ALSA: Drop leftover snd-rtctimer stuff from Makefile
power: supply: bq27xxx-i2c: Do not free non existing IRQ
efi/capsule-loader: fix incorrect allocation size
Bluetooth: Enforce validation on max value of connection interval
Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
Bluetooth: Avoid potential use-after-free in hci_error_reset
net: usb: dm9601: fix wrong return value in dm9601_mdio_read
lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected
tun: Fix xdp_rxq_info's queue_index when detaching
netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
Linux 4.19.308
scripts/bpf: Fix xdp_md forward declaration typo
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
PCI/MSI: Prevent MSI hardware interrupt number truncation
s390: use the correct count for __iowrite64_copy()
packet: move from strlcpy with unused retval to strscpy
ipv6: sr: fix possible use-after-free and null-ptr-deref
nouveau: fix function cast warnings
scsi: jazz_esp: Only build if SCSI core is builtin
bpf, scripts: Correct GPL license name
scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions
RDMA/srpt: fix function pointer cast warnings
RDMA/srpt: Make debug output more detailed
RDMA/ulp: Use dev_name instead of ibdev->name
RDMA/srpt: Support specifying the srpt_service_guid parameter
RDMA/bnxt_re: Return error for SRQ resize
IB/hfi1: Fix a memleak in init_credit_return
usb: roles: don't get/set_role() when usb_role_switch is unregistered
usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
ARM: ep93xx: Add terminator to gpiod_lookup_table
l2tp: pass correct message length to ip6_append_data
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
dm-crypt: don't modify the data when using authenticated encryption
mm: memcontrol: switch to rcu protection in drain_all_stock()
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
pmdomain: renesas: r8a77980-sysc: CR7 must be always on
s390/qeth: Fix potential loss of L3-IP@ in case of network issues
virtio-blk: Ensure no requests in virtqueues before deleting vqs.
firewire: core: send bus reset promptly on gap count error
hwmon: (coretemp) Enlarge per package core count limit
regulator: pwm-regulator: Add validity checks in continuous .get_voltage
ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
ahci: asm1166: correct count of reported ports
fbdev: sis: Error out if pixclock equals zero
fbdev: savage: Error out if pixclock equals zero
wifi: mac80211: fix race condition on enabling fast-xmit
wifi: cfg80211: fix missing interfaces when dumping
dmaengine: shdma: increase size of 'dev_id'
scsi: target: core: Add TMF to tmr_list handling
sched/rt: Disallow writing invalid values to sched_rt_period_us
sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
sched/rt: Fix sysctl_sched_rr_timeslice intial value
userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()
net: stmmac: fix notifier registration
stmmac: no need to check return value of debugfs_create functions
net/sched: Retire dsmark qdisc
net/sched: Retire ATM qdisc
net/sched: Retire CBQ qdisc
Linux 4.19.307
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
lsm: new security_file_ioctl_compat() hook
nilfs2: fix potential bug in end_buffer_async_write
sched/membarrier: reduce the ability to hammer on sys_membarrier
Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
pmdomain: core: Move the unused cleanup to a _sync initcall
irqchip/irq-brcmstb-l2: Add write memory barrier before exit
nfp: use correct macro for LengthSelect in BAR config
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
nilfs2: fix data corruption in dsync block recovery for small block sizes
ALSA: hda/conexant: Add quirk for SWS JS201D
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6
serial: max310x: improve crystal stable clock detection
serial: max310x: set default value when reading clock ready bit
ring-buffer: Clean ring_buffer_poll_wait() error return
staging: iio: ad5933: fix type mismatch regression
ext4: fix double-free of blocks due to wrong extents moved_len
binder: signal epoll threads of self-work
xen-netback: properly sync TX responses
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
firewire: core: correct documentation of fw_csr_string() kernel API
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
usb: f_mass_storage: forbid async queue when shutdown happen
USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
HID: wacom: Do not register input devices until after hid_hw_start
HID: wacom: generic: Avoid reporting a serial of '0' to userspace
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
tracing/trigger: Fix to return error if failed to alloc snapshot
i40e: Fix waiting for queues of all VSIs to be disabled
MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
net: sysfs: Fix /sys/class/net/<iface> path for statistics
Documentation: net-sysfs: describe missing statistics
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
spi: ppc4xx: Drop write-only variable
btrfs: send: return EOPNOTSUPP on unknown flags
btrfs: forbid creating subvol qgroups
hrtimer: Report offline hrtimer enqueue
vhost: use kzalloc() instead of kmalloc() followed by memset()
Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
USB: serial: cp210x: add ID for IMST iM871A-USB
USB: serial: option: add Fibocom FM101-GL variant
USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
net/af_iucv: clean up a try_then_request_module()
netfilter: nft_compat: restrict match/target protocol to u16
netfilter: nft_compat: reject unused compat flag
ppp_async: limit MRU to 64K
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
rxrpc: Fix response to PING RESPONSE ACKs to a dead call
inet: read sk->sk_family once in inet_recv_error()
hwmon: (coretemp) Fix bogus core_id to attr name mapping
hwmon: (coretemp) Fix out-of-bounds memory access
hwmon: (aspeed-pwm-tacho) mutex for tach reading
atm: idt77252: fix a memleak in open_card_ubr0
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
bonding: remove print in bond_verify_device_path
HID: apple: Add 2021 magic keyboard FN key mapping
HID: apple: Swap the Fn and Left Control keys on Apple keyboards
HID: apple: Add support for the 2021 Magic Keyboard
net: sysfs: Fix /sys/class/net/<iface> path
af_unix: fix lockdep positive in sk_diag_dump_icons()
net: ipv4: fix a memleak in ip_setup_cork
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
llc: call sock_orphan() at release time
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
ixgbe: Refactor overtemp event handling
ixgbe: Refactor returning internal error codes
ixgbe: Remove non-inclusive language
net: remove unneeded break
scsi: isci: Fix an error code problem in isci_io_request_build()
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()'
ceph: fix deadlock or deadcode of misusing dget()
blk-mq: fix IO hang from sbitmap wakeup race
virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings
libsubcmd: Fix memory leak in uniq()
usb: hub: Replace hardcoded quirk value with BIT() macro
PCI: Only override AMD USB controller if required
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
um: net: Fix return type of uml_net_start_xmit()
um: Don't use vfprintf() for os_info()
um: Fix naming clash between UML and scheduler
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
drm/amdgpu: Let KFD sync with VM fences
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
drm/msm/dpu: Ratelimit framedone timeout msgs
media: ddbridge: fix an error code problem in ddb_probe
IB/ipoib: Fix mcast list locking
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
ALSA: hda: Intel: add HDA_ARL PCI ID support
PCI: add INTEL_HDA_ARL to pci_ids.h
media: rockchip: rga: fix swizzling for RGB formats
media: stk1160: Fixed high volume of stk1160_dbg messages
drm/mipi-dsi: Fix detach call without attach
drm/framebuffer: Fix use of uninitialized variable
drm/drm_file: fix use of uninitialized variable
RDMA/IPoIB: Fix error code return in ipoib_mcast_join
fast_dput(): handle underflows gracefully
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
f2fs: fix to check return value of f2fs_reserve_new_block()
wifi: cfg80211: free beacon_ies when overridden from hidden BSS
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
md: Whenassemble the array, consult the superblock of the freshest device
ARM: dts: imx23/28: Fix the DMA controller node name
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
ARM: dts: imx27-apf27dev: Fix LED name
ARM: dts: imx1: Fix sram node
ARM: dts: imx27: Fix sram node
ARM: dts: imx: Use flash@0,0 pattern
ARM: dts: imx25/27-eukrea: Fix RTC node name
ARM: dts: rockchip: fix rk3036 hdmi ports node
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
scsi: libfc: Don't schedule abort twice
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
ARM: dts: imx7s: Fix nand-controller #size-cells
ARM: dts: imx7s: Fix lcdif compatible
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
PCI: Add no PM reset quirk for NVIDIA Spectrum devices
scsi: lpfc: Fix possible file string name overflow when updating firmware
ext4: avoid online resizing failures due to oversized flex bg
ext4: remove unnecessary check from alloc_flex_gd()
ext4: unify the type of flexbg_size to unsigned int
ext4: fix inconsistent between segment fstrim and full fstrim
SUNRPC: Fix a suspicious RCU usage warning
KVM: s390: fix setting of fpc register
s390/ptrace: handle setting of fpc register correctly
jfs: fix array-index-out-of-bounds in diNewExt
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
crypto: stm32/crc32 - fix parsing list of devices
pstore/ram: Fix crash when setting number of cpus to an odd number
jfs: fix uaf in jfs_evict_inode
jfs: fix array-index-out-of-bounds in dbAdjTree
jfs: fix slab-out-of-bounds Read in dtSearch
UBSAN: array-index-out-of-bounds in dtSplitRoot
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
ACPI: extlog: fix NULL pointer dereference check
PNP: ACPI: fix fortify warning
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
audit: Send netlink ACK before setting connection in auditd_set
powerpc/lib: Validate size for vector operations
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
powerpc: Fix build error due to is_valid_bugaddr()
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
net/sched: cbs: Fix not adding cbs instance to list
x86/entry/ia32: Ensure s32 is sign extended to s64
tick/sched: Preserve number of idle sleeps across CPU hotplug events
mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
gpio: eic-sprd: Clear interrupt after set the interrupt type
drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume
drm/bridge: nxp-ptn3460: simplify some error checking
drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
drm: Don't unref the same fb many times by mistake due to deadlock handling
gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
btrfs: don't warn if discard range is not aligned to sector
net: fec: fix the unhandled context fault from smmu
fjes: fix memleaks in fjes_hw_setup
netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
net/mlx5e: fix a double-free in arfs_create_groups
net/mlx5: Use kfree(ft->g) in arfs_create_groups()
netlink: fix potential sleeping issue in mqueue_flush_file
Change-Id: I5e9292f6762747696c2af38ea5b14ae2d86bdaff
|
||
|
Greg Kroah-Hartman
|
45df1db3d3 |
Merge 4.19.307 into android-4.19-stable
Changes in 4.19.307
PCI: mediatek: Clear interrupt status before dispatching handler
include/linux/units.h: add helpers for kelvin to/from Celsius conversion
units: Add Watt units
units: change from 'L' to 'UL'
units: add the HZ macros
serial: sc16is7xx: set safe default SPI clock frequency
driver core: add device probe log helper
spi: introduce SPI_MODE_X_MASK macro
serial: sc16is7xx: add check for unsupported SPI modes during probe
ext4: allow for the last group to be marked as trimmed
crypto: api - Disallow identical driver names
PM: hibernate: Enforce ordering during image compression/decompression
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
rpmsg: virtio: Free driver_override when rpmsg_remove()
parisc/firmware: Fix F-extend for PDC addresses
nouveau/vmm: don't set addr on the fail path to avoid warning
block: Remove special-casing of compound pages
powerpc: Use always instead of always-y in for crtsavres.o
x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum
driver core: Annotate dev_err_probe() with __must_check
Revert "driver core: Annotate dev_err_probe() with __must_check"
driver code: print symbolic error code
drivers: core: fix kernel-doc markup for dev_err_probe()
net/smc: fix illegal rmb_desc access in SMC-D connection dump
vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
llc: make llc_ui_sendmsg() more robust against bonding changes
llc: Drop support for ETH_P_TR_802_2.
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
tracing: Ensure visibility when inserting an element into tracing_map
tcp: Add memory barrier to tcp_push()
netlink: fix potential sleeping issue in mqueue_flush_file
net/mlx5: Use kfree(ft->g) in arfs_create_groups()
net/mlx5e: fix a double-free in arfs_create_groups
netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
fjes: fix memleaks in fjes_hw_setup
net: fec: fix the unhandled context fault from smmu
btrfs: don't warn if discard range is not aligned to sector
btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
drm: Don't unref the same fb many times by mistake due to deadlock handling
drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
drm/bridge: nxp-ptn3460: simplify some error checking
drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume
gpio: eic-sprd: Clear interrupt after set the interrupt type
mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
tick/sched: Preserve number of idle sleeps across CPU hotplug events
x86/entry/ia32: Ensure s32 is sign extended to s64
net/sched: cbs: Fix not adding cbs instance to list
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
powerpc: Fix build error due to is_valid_bugaddr()
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
powerpc/lib: Validate size for vector operations
audit: Send netlink ACK before setting connection in auditd_set
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
PNP: ACPI: fix fortify warning
ACPI: extlog: fix NULL pointer dereference check
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
UBSAN: array-index-out-of-bounds in dtSplitRoot
jfs: fix slab-out-of-bounds Read in dtSearch
jfs: fix array-index-out-of-bounds in dbAdjTree
jfs: fix uaf in jfs_evict_inode
pstore/ram: Fix crash when setting number of cpus to an odd number
crypto: stm32/crc32 - fix parsing list of devices
afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
jfs: fix array-index-out-of-bounds in diNewExt
s390/ptrace: handle setting of fpc register correctly
KVM: s390: fix setting of fpc register
SUNRPC: Fix a suspicious RCU usage warning
ext4: fix inconsistent between segment fstrim and full fstrim
ext4: unify the type of flexbg_size to unsigned int
ext4: remove unnecessary check from alloc_flex_gd()
ext4: avoid online resizing failures due to oversized flex bg
scsi: lpfc: Fix possible file string name overflow when updating firmware
PCI: Add no PM reset quirk for NVIDIA Spectrum devices
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
ARM: dts: imx7s: Fix lcdif compatible
ARM: dts: imx7s: Fix nand-controller #size-cells
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
scsi: libfc: Don't schedule abort twice
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
ARM: dts: rockchip: fix rk3036 hdmi ports node
ARM: dts: imx25/27-eukrea: Fix RTC node name
ARM: dts: imx: Use flash@0,0 pattern
ARM: dts: imx27: Fix sram node
ARM: dts: imx1: Fix sram node
ARM: dts: imx27-apf27dev: Fix LED name
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
ARM: dts: imx23/28: Fix the DMA controller node name
md: Whenassemble the array, consult the superblock of the freshest device
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
wifi: cfg80211: free beacon_ies when overridden from hidden BSS
f2fs: fix to check return value of f2fs_reserve_new_block()
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
fast_dput(): handle underflows gracefully
RDMA/IPoIB: Fix error code return in ipoib_mcast_join
drm/drm_file: fix use of uninitialized variable
drm/framebuffer: Fix use of uninitialized variable
drm/mipi-dsi: Fix detach call without attach
media: stk1160: Fixed high volume of stk1160_dbg messages
media: rockchip: rga: fix swizzling for RGB formats
PCI: add INTEL_HDA_ARL to pci_ids.h
ALSA: hda: Intel: add HDA_ARL PCI ID support
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
IB/ipoib: Fix mcast list locking
media: ddbridge: fix an error code problem in ddb_probe
drm/msm/dpu: Ratelimit framedone timeout msgs
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
drm/amdgpu: Let KFD sync with VM fences
drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
um: Fix naming clash between UML and scheduler
um: Don't use vfprintf() for os_info()
um: net: Fix return type of uml_net_start_xmit()
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
PCI: Only override AMD USB controller if required
usb: hub: Replace hardcoded quirk value with BIT() macro
libsubcmd: Fix memory leak in uniq()
virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings
blk-mq: fix IO hang from sbitmap wakeup race
ceph: fix deadlock or deadcode of misusing dget()
drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()'
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
scsi: isci: Fix an error code problem in isci_io_request_build()
net: remove unneeded break
ixgbe: Remove non-inclusive language
ixgbe: Refactor returning internal error codes
ixgbe: Refactor overtemp event handling
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
llc: call sock_orphan() at release time
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
net: ipv4: fix a memleak in ip_setup_cork
af_unix: fix lockdep positive in sk_diag_dump_icons()
net: sysfs: Fix /sys/class/net/<iface> path
HID: apple: Add support for the 2021 Magic Keyboard
HID: apple: Swap the Fn and Left Control keys on Apple keyboards
HID: apple: Add 2021 magic keyboard FN key mapping
bonding: remove print in bond_verify_device_path
dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
atm: idt77252: fix a memleak in open_card_ubr0
hwmon: (aspeed-pwm-tacho) mutex for tach reading
hwmon: (coretemp) Fix out-of-bounds memory access
hwmon: (coretemp) Fix bogus core_id to attr name mapping
inet: read sk->sk_family once in inet_recv_error()
rxrpc: Fix response to PING RESPONSE ACKs to a dead call
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
ppp_async: limit MRU to 64K
netfilter: nft_compat: reject unused compat flag
netfilter: nft_compat: restrict match/target protocol to u16
net/af_iucv: clean up a try_then_request_module()
USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
USB: serial: option: add Fibocom FM101-GL variant
USB: serial: cp210x: add ID for IMST iM871A-USB
Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
vhost: use kzalloc() instead of kmalloc() followed by memset()
hrtimer: Report offline hrtimer enqueue
btrfs: forbid creating subvol qgroups
btrfs: send: return EOPNOTSUPP on unknown flags
spi: ppc4xx: Drop write-only variable
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
Documentation: net-sysfs: describe missing statistics
net: sysfs: Fix /sys/class/net/<iface> path for statistics
MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
i40e: Fix waiting for queues of all VSIs to be disabled
tracing/trigger: Fix to return error if failed to alloc snapshot
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
HID: wacom: generic: Avoid reporting a serial of '0' to userspace
HID: wacom: Do not register input devices until after hid_hw_start
USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
usb: f_mass_storage: forbid async queue when shutdown happen
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
firewire: core: correct documentation of fw_csr_string() kernel API
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
xen-netback: properly sync TX responses
binder: signal epoll threads of self-work
ext4: fix double-free of blocks due to wrong extents moved_len
staging: iio: ad5933: fix type mismatch regression
ring-buffer: Clean ring_buffer_poll_wait() error return
serial: max310x: set default value when reading clock ready bit
serial: max310x: improve crystal stable clock detection
x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
ALSA: hda/conexant: Add quirk for SWS JS201D
nilfs2: fix data corruption in dsync block recovery for small block sizes
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
nfp: use correct macro for LengthSelect in BAR config
irqchip/irq-brcmstb-l2: Add write memory barrier before exit
pmdomain: core: Move the unused cleanup to a _sync initcall
Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
sched/membarrier: reduce the ability to hammer on sys_membarrier
nilfs2: fix potential bug in end_buffer_async_write
lsm: new security_file_ioctl_compat() hook
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
Linux 4.19.307
Change-Id: Ib05aec445afe9920e2502bcfce1c52db76e27139
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Alfred Piccioni
|
f8f51085b4 |
lsm: new security_file_ioctl_compat() hook
commit f1bb47a31dff6d4b34fb14e99850860ee74bb003 upstream.
Some ioctl commands do not require ioctl permission, but are routed to
other permissions such as FILE_GETATTR or FILE_SETATTR. This routing is
done by comparing the ioctl cmd to a set of 64-bit flags (FS_IOC_*).
However, if a 32-bit process is running on a 64-bit kernel, it emits
32-bit flags (FS_IOC32_*) for certain ioctl operations. These flags are
being checked erroneously, which leads to these ioctl operations being
routed to the ioctl permission, rather than the correct file
permissions.
This was also noted in a RED-PEN finding from a while back -
"/* RED-PEN how should LSM module know it's handling 32bit? */".
This patch introduces a new hook, security_file_ioctl_compat(), that is
called from the compat ioctl syscall. All current LSMs have been changed
to support this hook.
Reviewing the three places where we are currently using
security_file_ioctl(), it appears that only SELinux needs a dedicated
compat change; TOMOYO and SMACK appear to be functional without any
change.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
pswbuild
|
cdf57c4ee1 |
Synchronize codes for OnePlus 8 IN2013_11_F.13/OnePlus 8Pro IN2023_11_F.13 and OnePlus 8T KB2003_11_F.13
Change-Id: I7432dcd8d139edcb8ea1a5e6503950a528acc647 |
||
|
Todd Kjos
|
e82f3f9638 |
binder: use cred instead of task for selinux checks
commit 52f88693378a58094c538662ba652aff0253c4fe upstream.
Since binder was integrated with selinux, it has passed
'struct task_struct' associated with the binder_proc
to represent the source and target of transactions.
The conversion of task to SID was then done in the hook
implementations. It turns out that there are race conditions
which can result in an incorrect security context being used.
Fix by using the 'struct cred' saved during binder_open and pass
it to the selinux subsystem.
Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables)
Fixes:
|
||
|
Todd Kjos
|
7b7aa234a0 |
UPSTREAM: binder: use cred instead of task for getsecid
commit 4d5b5539742d2554591751b4248b0204d20dcc9d upstream. Use the 'struct cred' saved at binder_open() to lookup the security ID via security_cred_getsecid(). This ensures that the security context that opened binder is the one used to generate the secctx. Cc: stable@vger.kernel.org # 5.4+ Fixes: ec74136ded79 ("binder: create node flag to request sender's security context") Signed-off-by: Todd Kjos <tkjos@google.com> Suggested-by: Stephen Smalley <stephen.smalley.work@gmail.com> Reported-by: kernel test robot <lkp@intel.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Change-Id: Ia7b59804a0bdbd51191bbcca556414840307c623 Bug: 200688826 Signed-off-by: Todd Kjos <tkjos@google.com> |
||
|
Todd Kjos
|
2a4f6c6295 |
BACKPORT: binder: use cred instead of task for selinux checks
commit 52f88693378a58094c538662ba652aff0253c4fe upstream.
Since binder was integrated with selinux, it has passed
'struct task_struct' associated with the binder_proc
to represent the source and target of transactions.
The conversion of task to SID was then done in the hook
implementations. It turns out that there are race conditions
which can result in an incorrect security context being used.
Fix by using the 'struct cred' saved during binder_open and pass
it to the selinux subsystem.
Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables)
Fixes:
|
||
|
Greg Kroah-Hartman
|
07ce88e9de |
Merge 4.19.164 into android-4.19-stable
Changes in 4.19.164
Kbuild: do not emit debug info for assembly with LLVM_IAS=1
x86/lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S
spi: bcm2835aux: Fix use-after-free on unbind
spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
iwlwifi: pcie: limit memory read spin time
arm64: dts: rockchip: Assign a fixed index to mmc devices on rk3399 boards.
iwlwifi: mvm: fix kernel panic in case of assert during CSA
powerpc: Drop -me200 addition to build flags
ARC: stack unwinding: don't assume non-current task is sleeping
scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE
irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend
soc: fsl: dpio: Get the cpumask through cpumask_of(cpu)
platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e
platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen
platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE
platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC
Input: cm109 - do not stomp on control URB
Input: i8042 - add Acer laptops to the i8042 reset list
pinctrl: amd: remove debounce filter setting in IRQ type setting
mmc: block: Fixup condition for CMD13 polling for RPMB requests
kbuild: avoid static_assert for genksyms
scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP
x86/membarrier: Get rid of a dubious optimization
x86/apic/vector: Fix ordering in vector assignment
compiler.h: fix barrier_data() on clang
PCI: qcom: Add missing reset for ipq806x
mac80211: mesh: fix mesh_pathtbl_init() error path
net: stmmac: free tx skb buffer in stmmac_resume()
tcp: select sane initial rcvq_space.space for big MSS
tcp: fix cwnd-limited bug for TSO deferral where we send nothing
net/mlx4_en: Avoid scheduling restart task if it is already running
lan743x: fix for potential NULL pointer dereference with bare card
net/mlx4_en: Handle TX error CQE
net: stmmac: delete the eee_ctrl_timer after napi disabled
net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux
net: bridge: vlan: fix error return code in __vlan_add()
ktest.pl: If size of log is too big to email, email error message
USB: dummy-hcd: Fix uninitialized array use in init()
USB: add RESET_RESUME quirk for Snapscan 1212
ALSA: usb-audio: Fix potential out-of-bounds shift
ALSA: usb-audio: Fix control 'access overflow' errors from chmap
xhci: Give USB2 ports time to enter U3 in bus suspend
USB: UAS: introduce a quirk to set no_write_same
USB: sisusbvga: Make console support depend on BROKEN
ALSA: pcm: oss: Fix potential out-of-bounds shift
serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access
drm/xen-front: Fix misused IS_ERR_OR_NULL checks
drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi
arm64: lse: fix LSE atomics with LLVM's integrated assembler
arm64: lse: Fix LSE atomics with LLVM
arm64: Change .weak to SYM_FUNC_START_WEAK_PI for arch/arm64/lib/mem*.S
x86/resctrl: Remove unused struct mbm_state::chunks_bw
x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled
pinctrl: merrifield: Set default bias in case no particular value given
pinctrl: baytrail: Avoid clearing debounce value when turning it off
ARM: dts: sun8i: v3s: fix GIC node memory range
gpio: mvebu: fix potential user-after-free on probe
scsi: bnx2i: Requires MMU
xsk: Fix xsk_poll()'s return type
can: softing: softing_netdev_open(): fix error handling
clk: renesas: r9a06g032: Drop __packed for portability
block: factor out requeue handling from dispatch code
netfilter: x_tables: Switch synchronization to RCU
gpio: eic-sprd: break loop when getting NULL device resource
selftests/bpf/test_offload.py: Reset ethtool features after failed setting
RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
ixgbe: avoid premature Rx buffer reuse
drm/tegra: replace idr_init() by idr_init_base()
kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling
drm/tegra: sor: Disable clocks on error in tegra_sor_init()
arm64: syscall: exit userspace before unmasking exceptions
vxlan: Add needed_headroom for lower device
vxlan: Copy needed_tailroom from lowerdev
scsi: mpt3sas: Increase IOCInit request timeout to 30s
dm table: Remove BUG_ON(in_interrupt())
soc/tegra: fuse: Fix index bug in get_process_id
USB: serial: option: add interface-number sanity check to flag handling
USB: gadget: f_acm: add support for SuperSpeed Plus
USB: gadget: f_midi: setup SuperSpeed Plus descriptors
usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus
USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU
ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410
ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU
coresight: tmc-etr: Check if page is valid before dma_map_page()
scsi: megaraid_sas: Check user-provided offsets
HID: i2c-hid: add Vero K147 to descriptor override
serial_core: Check for port state when tty is in error state
Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
quota: Sanity-check quota file headers on load
media: msi2500: assign SPI bus number dynamically
crypto: af_alg - avoid undefined behavior accessing salg_name
md: fix a warning caused by a race between concurrent md_ioctl()s
perf cs-etm: Change tuple from traceID-CPU# to traceID-metadata
perf cs-etm: Move definition of 'traceid_list' global variable from header file
drm/gma500: fix double free of gma_connector
drm/tve200: Fix handling of platform_get_irq() error
soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains()
soc: mediatek: Check if power domains can be powered on at boot time
soc: qcom: geni: More properly switch to DMA mode
RDMA/bnxt_re: Set queue pair state when being queried
selinux: fix error initialization in inode_doinit_with_dentry()
ARM: dts: aspeed: s2600wf: Fix VGA memory region location
RDMA/rxe: Compute PSN windows correctly
x86/mm/ident_map: Check for errors from ident_pud_init()
ARM: p2v: fix handling of LPAE translation in BE mode
x86/apic: Fix x2apic enablement without interrupt remapping
sched/deadline: Fix sched_dl_global_validate()
sched: Reenable interrupts in do_sched_yield()
crypto: talitos - Endianess in current_desc_hdr()
crypto: talitos - Fix return type of current_desc_hdr()
crypto: inside-secure - Fix sizeof() mismatch
powerpc/64: Set up a kernel stack for secondaries before cpu_restore()
spi: img-spfi: fix reference leak in img_spfi_resume
drm/msm/dsi_pll_10nm: restore VCO rate during restore_state
ASoC: pcm: DRAIN support reactivation
selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
arm64: dts: exynos: Include common syscon restart/poweroff for Exynos7
arm64: dts: exynos: Correct psci compatible used on Exynos7
Bluetooth: Fix null pointer dereference in hci_event_packet()
Bluetooth: hci_h5: fix memory leak in h5_close
spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
spi: tegra20-slink: fix reference leak in slink ops of tegra20
spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
spi: tegra114: fix reference leak in tegra spi ops
spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume
mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure
ASoC: wm8998: Fix PM disable depth imbalance on error
ASoC: arizona: Fix a wrong free in wm8997_probe
RDMa/mthca: Work around -Wenum-conversion warning
MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA
crypto: qat - fix status check in qat_hal_put_rel_rd_xfer()
staging: greybus: codecs: Fix reference counter leak in error handling
staging: gasket: interrupt: fix the missed eventfd_ctx_put() in gasket_interrupt.c
media: tm6000: Fix sizeof() mismatches
media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm()
ASoC: meson: fix COMPILE_TEST error
scsi: core: Fix VPD LUN ID designator priorities
media: solo6x10: fix missing snd_card_free in error handling case
video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init()
drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
Input: ads7846 - fix race that causes missing releases
Input: ads7846 - fix integer overflow on Rt calculation
Input: ads7846 - fix unaligned access on 7845
usb/max3421: fix return error code in max3421_probe()
spi: mxs: fix reference leak in mxs_spi_probe
powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32
crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd
crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe
spi: fix resource leak for drivers without .remove callback
soc: ti: knav_qmss: fix reference leak in knav_queue_probe
soc: ti: Fix reference imbalance in knav_dma_probe
drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe
Input: omap4-keypad - fix runtime PM error handling
RDMA/cxgb4: Validate the number of CQEs
memstick: fix a double-free bug in memstick_check
ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host
ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host
orinoco: Move context allocation after processing the skb
cw1200: fix missing destroy_workqueue() on error in cw1200_init_common
dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe()
media: siano: fix memory leak of debugfs members in smsdvb_hotplug
platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration
platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration
samples: bpf: Fix lwt_len_hist reusing previous BPF map
mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
media: max2175: fix max2175_set_csm_mode() error code
slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI
HSI: omap_ssi: Don't jump to free ID in ssi_add_controller()
ARM: dts: Remove non-existent i2c1 from 98dx3236
arm64: dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc
power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching
power: supply: bq24190_charger: fix reference leak
genirq/irqdomain: Don't try to free an interrupt that has no mapping
PCI: Bounds-check command-line resource alignment requests
PCI: Fix overflow in command-line resource alignment requests
PCI: iproc: Fix out-of-bound array accesses
arm64: dts: meson: fix spi-max-frequency on Khadas VIM2
ARM: dts: at91: at91sam9rl: fix ADC triggers
platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init
ath10k: Fix the parsing error in service available event
ath10k: Fix an error handling path
ath10k: Release some resources in an error handling path
NFSv4.2: condition READDIR's mask for security label based on LSM state
SUNRPC: xprt_load_transport() needs to support the netid "rdma6"
lockd: don't use interval-based rebinding over TCP
NFS: switch nfsiod to be an UNBOUND workqueue.
vfio-pci: Use io_remap_pfn_range() for PCI IO memory
media: saa7146: fix array overflow in vidioc_s_audio()
clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent()
ARM: dts: at91: sama5d2: map securam as device
pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()
arm64: dts: rockchip: Fix UART pull-ups on rk3328
memstick: r592: Fix error return in r592_probe()
net/mlx5: Properly convey driver version to firmware
ASoC: jz4740-i2s: add missed checks for clk_get()
dm ioctl: fix error return code in target_message
clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI
cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE
cpufreq: st: Add missing MODULE_DEVICE_TABLE
cpufreq: loongson1: Add missing MODULE_ALIAS
cpufreq: scpi: Add missing MODULE_ALIAS
scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe
scsi: pm80xx: Fix error return in pm8001_pci_probe()
seq_buf: Avoid type mismatch for seq_buf_init
scsi: fnic: Fix error return code in fnic_probe()
platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems
powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops
powerpc/pseries/hibernation: remove redundant cacheinfo update
usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe
usb: oxu210hp-hcd: Fix memory leak in oxu_create
speakup: fix uninitialized flush_lock
nfsd: Fix message level for normal termination
nfs_common: need lock during iterate through the list
x86/kprobes: Restore BTF if the single-stepping is cancelled
bus: fsl-mc: fix error return code in fsl_mc_object_allocate()
clk: tegra: Fix duplicated SE clock entry
extcon: max77693: Fix modalias string
mac80211: don't set set TDLS STA bandwidth wider than possible
ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control()
irqchip/alpine-msi: Fix freeing of interrupts on allocation error path
watchdog: sirfsoc: Add missing dependency on HAS_IOMEM
watchdog: sprd: remove watchdog disable from resume fail path
watchdog: sprd: check busy bit before new loading rather than after that
watchdog: Fix potential dereferencing of null pointer
um: Monitor error events in IRQ controller
um: tty: Fix handling of close in tty lines
um: chan_xterm: Fix fd leak
nfc: s3fwrn5: Release the nfc firmware
powerpc/ps3: use dma_mapping_error()
checkpatch: fix unescaped left brace
net: bcmgenet: Fix a resource leak in an error handling path in the probe functin
net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function
net: korina: fix return value
libnvdimm/label: Return -ENXIO for no slot in __blk_label_update
watchdog: qcom: Avoid context switch in restart handler
watchdog: coh901327: add COMMON_CLK dependency
clk: ti: Fix memleak in ti_fapll_synth_setup
pwm: zx: Add missing cleanup in error path
pwm: lp3943: Dynamically allocate PWM chip base
perf record: Fix memory leak when using '--user-regs=?' to list registers
qlcnic: Fix error code in probe
clk: s2mps11: Fix a resource leak in error handling paths in the probe function
clk: sunxi-ng: Make sure divider tables have sentinel
kconfig: fix return value of do_error_if()
ARM: sunxi: Add machine match for the Allwinner V3 SoC
cfg80211: initialize rekey_data
fix namespaced fscaps when !CONFIG_SECURITY
lwt: Disable BH too in run_lwt_bpf()
Input: cros_ec_keyb - send 'scancodes' in addition to key events
Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
media: gspca: Fix memory leak in probe
media: sunxi-cir: ensure IR is handled when it is continuous
media: netup_unidvb: Don't leak SPI master in probe error path
media: ipu3-cio2: Remove traces of returned buffers
media: ipu3-cio2: Return actual subdev format
media: ipu3-cio2: Serialise access to pad format
media: ipu3-cio2: Validate mbus format in setting subdev format
media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE
Input: cyapa_gen6 - fix out-of-bounds stack access
ALSA: hda/ca0132 - Change Input Source enum strings.
PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup()
Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks"
ACPI: PNP: compare the string length in the matching_id()
ALSA: hda: Fix regressions on clear and reconfig sysfs
ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256
ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255
ALSA: pcm: oss: Fix a few more UBSAN fixes
ALSA: hda/realtek: Add quirk for MSI-GP73
ALSA: hda/realtek: Apply jack fixup for Quanta NL3
ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices
ALSA: usb-audio: Disable sample read check if firmware doesn't give back
s390/smp: perform initial CPU reset also for SMT siblings
s390/kexec_file: fix diag308 subcode when loading crash kernel
s390/dasd: fix hanging device offline processing
s390/dasd: prevent inconsistent LCU device data
s390/dasd: fix list corruption of pavgroup group list
s390/dasd: fix list corruption of lcu list
staging: comedi: mf6x4: Fix AI end-of-conversion detection
powerpc/perf: Exclude kernel samples while counting events in user space.
crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()
EDAC/amd64: Fix PCI component registration
USB: serial: mos7720: fix parallel-port state restore
USB: serial: digi_acceleport: fix write-wakeup deadlocks
USB: serial: keyspan_pda: fix dropped unthrottle interrupts
USB: serial: keyspan_pda: fix write deadlock
USB: serial: keyspan_pda: fix stalled writes
USB: serial: keyspan_pda: fix write-wakeup use-after-free
USB: serial: keyspan_pda: fix tx-unthrottle use-after-free
USB: serial: keyspan_pda: fix write unthrottling
ext4: fix a memory leak of ext4_free_data
ext4: fix deadlock with fs freezing and EA inodes
KVM: arm64: Introduce handling of AArch32 TTBCR2 traps
ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard ES
ARM: dts: at91: sama5d2: fix CAN message ram offset and size
powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
powerpc/rtas: Fix typo of ibm,open-errinjct in RTAS filter
powerpc/xmon: Change printk() to pr_cont()
powerpc/powernv/memtrace: Don't leak kernel memory to user space
powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently
ima: Don't modify file descriptor mode on the fly
ceph: fix race in concurrent __ceph_remove_cap invocations
SMB3: avoid confusing warning message on mount to Azure
SMB3.1.1: do not log warning message if server doesn't populate salt
ubifs: wbuf: Don't leak kernel memory to flash
jffs2: Fix GC exit abnormally
jfs: Fix array index bounds check in dbAdjTree
drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor()
spi: spi-sh: Fix use-after-free on unbind
spi: davinci: Fix use-after-free on unbind
spi: pic32: Don't leak DMA channels in probe error path
spi: rb4xx: Don't leak SPI master in probe error path
spi: sc18is602: Don't leak SPI master in probe error path
spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path
spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe
soc: qcom: smp2p: Safely acquire spinlock without IRQs
mtd: spinand: Fix OOB read
mtd: parser: cmdline: Fix parsing of part-names with colons
mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read
scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc()
scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free()
iio: buffer: Fix demux update
iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume
iio:light:rpr0521: Fix timestamp alignment and prevent data leak.
iio:light:st_uvis25: Fix timestamp alignment and prevent data leak.
iio:pressure:mpl3115: Force alignment of buffer
iio:imu:bmi160: Fix too large a buffer.
md/cluster: block reshape with remote resync job
md/cluster: fix deadlock when node is doing resync job
pinctrl: sunxi: Always call chained_irq_{enter, exit} in sunxi_pinctrl_irq_handler
clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9
xen-blkback: set ring->xenblkd to NULL after kthread_stop()
xen/xenbus: Allow watches discard events before queueing
xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
xen/xenbus/xen_bus_type: Support will_handle watch callback
xen/xenbus: Count pending messages for each watch
xenbus/xenbus_backend: Disallow pending watch messages
libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels
platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12
PCI: Fix pci_slot_release() NULL pointer dereference
platform/x86: mlx-platform: remove an unused variable
Linux 4.19.164
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8e2d24b45393ee2360186893d4e578e20156c7f1
|
||
|
Serge Hallyn
|
9f0e4cd4ef |
fix namespaced fscaps when !CONFIG_SECURITY
[ Upstream commit ed9b25d1970a4787ac6a39c2091e63b127ecbfc1 ]
Namespaced file capabilities were introduced in
|
||
|
Greg Kroah-Hartman
|
8cb4870403 |
Merge 4.19.98 into android-4.19
Changes in 4.19.98 ARM: dts: meson8: fix the size of the PMU registers clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs dt-bindings: reset: meson8b: fix duplicate reset IDs ARM: dts: imx6q-dhcom: fix rtc compatible clk: Don't try to enable critical clocks if prepare failed ASoC: msm8916-wcd-digital: Reset RX interpolation path after use iio: buffer: align the size of scan bytes to size of the largest element USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx USB: serial: option: Add support for Quectel RM500Q USB: serial: opticon: fix control-message timeouts USB: serial: option: add support for Quectel RM500Q in QDL mode USB: serial: suppress driver bind attributes USB: serial: ch341: handle unbound port at reset_resume USB: serial: io_edgeport: handle unbound ports on URB completion USB: serial: io_edgeport: add missing active-port sanity check USB: serial: keyspan: handle unbound ports USB: serial: quatech2: handle unbound ports scsi: fnic: fix invalid stack access scsi: mptfusion: Fix double fetch bug in ioctl ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 ASoC: msm8916-wcd-analog: Fix MIC BIAS Internal1 ARM: dts: imx6q-dhcom: Fix SGTL5000 VDDIO regulator connection ALSA: dice: fix fallback from protocol extension into limited functionality ALSA: seq: Fix racy access for queue timer in proc read ALSA: usb-audio: fix sync-ep altsetting sanity check arm64: dts: allwinner: a64: olinuxino: Fix SDIO supply regulator Fix built-in early-load Intel microcode alignment block: fix an integer overflow in logical block size ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number LSM: generalize flag passing to security_capable ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() usb: core: hub: Improved device recognition on remote wakeup x86/resctrl: Fix an imbalance in domain_remove_cpu() x86/CPU/AMD: Ensure clearing of SME/SEV features is maintained x86/efistub: Disable paging at mixed mode entry drm/i915: Add missing include file <linux/math64.h> x86/resctrl: Fix potential memory leak perf hists: Fix variable name's inconsistency in hists__for_each() macro perf report: Fix incorrectly added dimensions as switch perf data file mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD alignment mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is valid btrfs: rework arguments of btrfs_unlink_subvol btrfs: fix invalid removal of root ref btrfs: do not delete mismatched root refs btrfs: fix memory leak in qgroup accounting mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() ARM: dts: imx6qdl: Add Engicam i.Core 1.5 MX6 ARM: dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL ARM: dts: imx7: Fix Toradex Colibri iMX7S 256MB NAND flash support net: stmmac: 16KB buffer must be 16 byte aligned net: stmmac: Enable 16KB buffer size mm/huge_memory.c: make __thp_get_unmapped_area static mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD alignment arm64: dts: agilex/stratix10: fix pmu interrupt numbers bpf: Fix incorrect verifier simulation of ARSH under ALU32 cfg80211: fix deadlocks in autodisconnect work cfg80211: fix memory leak in cfg80211_cqm_rssi_update cfg80211: fix page refcount issue in A-MSDU decap netfilter: fix a use-after-free in mtype_destroy() netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct netfilter: nft_tunnel: fix null-attribute check netfilter: nf_tables: remove WARN and add NLA_STRING upper limits netfilter: nf_tables: store transaction list locally while requesting module netfilter: nf_tables: fix flowtable list del corruption NFC: pn533: fix bulk-message timeout batman-adv: Fix DAT candidate selection on little endian systems macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() hv_netvsc: Fix memory leak when removing rndis device net: dsa: tag_qca: fix doubled Tx statistics net: hns: fix soft lockup when there is not enough memory net: usb: lan78xx: limit size of local TSO packets net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info ptp: free ptp device pin descriptors properly r8152: add missing endpoint sanity check tcp: fix marked lost packets not being retransmitted sh_eth: check sh_eth_cpu_data::dual_port when dumping registers mlxsw: spectrum: Wipe xstats.backlog of down ports mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk tcp: refine rule to allow EPOLLOUT generation under mem pressure irqchip: Place CONFIG_SIFIVE_PLIC into the menu cw1200: Fix a signedness bug in cw1200_load_firmware() arm64: dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node cfg80211: check for set_wiphy_params tick/sched: Annotate lockless access to last_jiffies_update arm64: dts: marvell: Fix CP110 NAND controller node multi-line comment alignment Revert "arm64: dts: juno: add dma-ranges property" mtd: devices: fix mchp23k256 read and write drm/nouveau/bar/nv50: check bar1 vmm return value drm/nouveau/bar/gf100: ensure BAR is mapped drm/nouveau/mmu: qualify vmm during dtor reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr scsi: esas2r: unlock on error in esas2r_nvram_read_direct() scsi: qla4xxx: fix double free bug scsi: bnx2i: fix potential use after free scsi: target: core: Fix a pr_debug() argument scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan scsi: core: scsi_trace: Use get_unaligned_be*() perf probe: Fix wrong address verification clk: sprd: Use IS_ERR() to validate the return value of syscon_regmap_lookup_by_phandle() regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id hwmon: (pmbus/ibm-cffps) Switch LEDs to blocking brightness call Linux 4.19.98 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I74a43a9e60734aec6d24b10374ba97de89172eca |
||
|
Micah Morton
|
87ca9aaf0c |
LSM: generalize flag passing to security_capable
[ Upstream commit c1a85a00ea66cb6f0bd0f14e47c28c2b0999799f ] This patch provides a general mechanism for passing flags to the security_capable LSM hook. It replaces the specific 'audit' flag that is used to tell security_capable whether it should log an audit message for the given capability check. The reason for generalizing this flag passing is so we can add an additional flag that signifies whether security_capable is being called by a setid syscall (which is needed by the proposed SafeSetID LSM). Signed-off-by: Micah Morton <mortonm@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Joel Fernandes (Google)
|
89ae5a7cad |
BACKPORT: perf_event: Add support for LSM and SELinux checks
In current mainline, the degree of access to perf_event_open(2) system call depends on the perf_event_paranoid sysctl. This has a number of limitations: 1. The sysctl is only a single value. Many types of accesses are controlled based on the single value thus making the control very limited and coarse grained. 2. The sysctl is global, so if the sysctl is changed, then that means all processes get access to perf_event_open(2) opening the door to security issues. This patch adds LSM and SELinux access checking which will be used in Android to access perf_event_open(2) for the purposes of attaching BPF programs to tracepoints, perf profiling and other operations from userspace. These operations are intended for production systems. 5 new LSM hooks are added: 1. perf_event_open: This controls access during the perf_event_open(2) syscall itself. The hook is called from all the places that the perf_event_paranoid sysctl is checked to keep it consistent with the systctl. The hook gets passed a 'type' argument which controls CPU, kernel and tracepoint accesses (in this context, CPU, kernel and tracepoint have the same semantics as the perf_event_paranoid sysctl). Additionally, I added an 'open' type which is similar to perf_event_paranoid sysctl == 3 patch carried in Android and several other distros but was rejected in mainline [1] in 2016. 2. perf_event_alloc: This allocates a new security object for the event which stores the current SID within the event. It will be useful when the perf event's FD is passed through IPC to another process which may try to read the FD. Appropriate security checks will limit access. 3. perf_event_free: Called when the event is closed. 4. perf_event_read: Called from the read(2) and mmap(2) syscalls for the event. 5. perf_event_write: Called from the ioctl(2) syscalls for the event. [1] https://lwn.net/Articles/696240/ Since Peter had suggest LSM hooks in 2016 [1], I am adding his Suggested-by tag below. To use this patch, we set the perf_event_paranoid sysctl to -1 and then apply selinux checking as appropriate (default deny everything, and then add policy rules to give access to domains that need it). In the future we can remove the perf_event_paranoid sysctl altogether. Suggested-by: Peter Zijlstra <peterz@infradead.org> Co-developed-by: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: James Morris <jmorris@namei.org> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: rostedt@goodmis.org Cc: Yonghong Song <yhs@fb.com> Cc: Kees Cook <keescook@chromium.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Alexei Starovoitov <ast@kernel.org> Cc: jeffv@google.com Cc: Jiri Olsa <jolsa@redhat.com> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: primiano@google.com Cc: Song Liu <songliubraving@fb.com> Cc: rsavitski@google.com Cc: Namhyung Kim <namhyung@kernel.org> Cc: Matthew Garrett <matthewgarrett@google.com> Link: https://lkml.kernel.org/r/20191014170308.70668-1-joel@joelfernandes.org (cherry picked from commit da97e18458fb42d7c00fac5fd1c56a3896ec666e) [ Ryan Savitski: Resolved conflicts with existing code, and folded in upstream ae79d5588a04 (perf/core: Fix !CONFIG_PERF_EVENTS build warnings and failures). This should fix the build errors from the previous backport attempt, where certain configurations would end up with functions referring to the perf_event struct prior to its declaration (and therefore declaring it with a different scope). ] Bug: 137092007 Signed-off-by: Ryan Savitski <rsavitski@google.com> Change-Id: Ief8c669083c81f4ea2fa75d5c0d947d19ea741b3 |
||
|
Greg Kroah-Hartman
|
58fd41cb2d |
Revert "BACKPORT: perf_event: Add support for LSM and SELinux checks"
This reverts commit
|
||
|
Joel Fernandes (Google)
|
8af21ac176 |
BACKPORT: perf_event: Add support for LSM and SELinux checks
In current mainline, the degree of access to perf_event_open(2) system call depends on the perf_event_paranoid sysctl. This has a number of limitations: 1. The sysctl is only a single value. Many types of accesses are controlled based on the single value thus making the control very limited and coarse grained. 2. The sysctl is global, so if the sysctl is changed, then that means all processes get access to perf_event_open(2) opening the door to security issues. This patch adds LSM and SELinux access checking which will be used in Android to access perf_event_open(2) for the purposes of attaching BPF programs to tracepoints, perf profiling and other operations from userspace. These operations are intended for production systems. 5 new LSM hooks are added: 1. perf_event_open: This controls access during the perf_event_open(2) syscall itself. The hook is called from all the places that the perf_event_paranoid sysctl is checked to keep it consistent with the systctl. The hook gets passed a 'type' argument which controls CPU, kernel and tracepoint accesses (in this context, CPU, kernel and tracepoint have the same semantics as the perf_event_paranoid sysctl). Additionally, I added an 'open' type which is similar to perf_event_paranoid sysctl == 3 patch carried in Android and several other distros but was rejected in mainline [1] in 2016. 2. perf_event_alloc: This allocates a new security object for the event which stores the current SID within the event. It will be useful when the perf event's FD is passed through IPC to another process which may try to read the FD. Appropriate security checks will limit access. 3. perf_event_free: Called when the event is closed. 4. perf_event_read: Called from the read(2) and mmap(2) syscalls for the event. 5. perf_event_write: Called from the ioctl(2) syscalls for the event. [1] https://lwn.net/Articles/696240/ Since Peter had suggest LSM hooks in 2016 [1], I am adding his Suggested-by tag below. To use this patch, we set the perf_event_paranoid sysctl to -1 and then apply selinux checking as appropriate (default deny everything, and then add policy rules to give access to domains that need it). In the future we can remove the perf_event_paranoid sysctl altogether. Suggested-by: Peter Zijlstra <peterz@infradead.org> Co-developed-by: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: James Morris <jmorris@namei.org> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: rostedt@goodmis.org Cc: Yonghong Song <yhs@fb.com> Cc: Kees Cook <keescook@chromium.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Alexei Starovoitov <ast@kernel.org> Cc: jeffv@google.com Cc: Jiri Olsa <jolsa@redhat.com> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: primiano@google.com Cc: Song Liu <songliubraving@fb.com> Cc: rsavitski@google.com Cc: Namhyung Kim <namhyung@kernel.org> Cc: Matthew Garrett <matthewgarrett@google.com> Link: https://lkml.kernel.org/r/20191014170308.70668-1-joel@joelfernandes.org Bug: 137092007 Change-Id: I591c6ad6c82ab9133409e51383d2c9b9f6ae4545 (cherry picked from commit da97e18458fb42d7c00fac5fd1c56a3896ec666e) [ Ryan Savitski: Resolved conflicts with existing code, no new functionality ] Signed-off-by: Ryan Savitski <rsavitski@google.com> |
||
|
Linus Torvalds
|
92d4a03674 |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: - kstrdup() return value fix from Eric Biggers - Add new security_load_data hook to differentiate security checking of kernel-loaded binaries in the case of there being no associated file descriptor, from Mimi Zohar. - Add ability to IMA to specify a policy at build-time, rather than just via command line params or by loading a custom policy, from Mimi. - Allow IMA and LSMs to prevent sysfs firmware load fallback (e.g. if using signed firmware), from Mimi. - Allow IMA to deny loading of kexec kernel images, as they cannot be measured by IMA, from Mimi. * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: security: check for kstrdup() failure in lsm_append() security: export security_kernel_load_data function ima: based on policy warn about loading firmware (pre-allocated buffer) module: replace the existing LSM hook in init_module ima: add build time policy ima: based on policy require signed firmware (sysfs fallback) firmware: add call to LSM hook before firmware sysfs fallback ima: based on policy require signed kexec kernel images kexec: add call to LSM hook in original kexec_load syscall security: define new LSM hook named security_kernel_load_data MAINTAINERS: remove the outdated "LINUX SECURITY MODULE (LSM) FRAMEWORK" entry |
||
|
Mimi Zohar
|
377179cd28 |
security: define new LSM hook named security_kernel_load_data
Differentiate between the kernel reading a file specified by userspace from the kernel loading a buffer containing data provided by userspace. This patch defines a new LSM hook named security_kernel_load_data(). Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Eric Biederman <ebiederm@xmission.com> Cc: Luis R. Rodriguez <mcgrof@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Serge Hallyn <serge@hallyn.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> |
||
|
Al Viro
|
e3f20ae210 |
security_file_open(): lose cred argument
Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
David Herrmann
|
aae7cfcbb7 |
security: add hook for socketpair()
Right now the LSM labels for socketpairs are always uninitialized, since there is no security hook for the socketpair() syscall. This patch adds the required hooks so LSMs can properly label socketpairs. This allows SO_PEERSEC to return useful information on those sockets. Note that the behavior of socketpair() can be emulated by creating a listener socket, connecting to it, and then discarding the initial listener socket. With this workaround, SO_PEERSEC would return the caller's security context. However, with socketpair(), the uninitialized context is returned unconditionally. This is unexpected and makes socketpair() less useful in situations where the security context is crucial to the application. With the new socketpair-hook this disparity can be solved by making socketpair() return the expected security context. Acked-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: Tom Gundersen <teg@jklm.no> Signed-off-by: David Herrmann <dh.herrmann@gmail.com> Signed-off-by: James Morris <james.morris@microsoft.com> |
||
|
James Morris
|
b393a707c8 |
Merge tag 'v4.17-rc2' into next-general
Sync to Linux 4.17-rc2 for developers. |
||
|
Sargun Dhillon
|
e59644b720 |
security: remove security_settime
security_settime was a wrapper around security_settime64. There are no more
users of it. Therefore it can be removed. It was removed in:
commit
|
||
|
Linus Torvalds
|
f8cf2f16a7 |
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris:
"A mixture of bug fixes, code cleanup, and continues to close
IMA-measurement, IMA-appraisal, and IMA-audit gaps.
Also note the addition of a new cred_getsecid LSM hook by Matthew
Garrett:
For IMA purposes, we want to be able to obtain the prepared secid
in the bprm structure before the credentials are committed. Add a
cred_getsecid hook that makes this possible.
which is used by a new CREDS_CHECK target in IMA:
In ima_bprm_check(), check with both the existing process
credentials and the credentials that will be committed when the new
process is started. This will not change behaviour unless the
system policy is extended to include CREDS_CHECK targets -
BPRM_CHECK will continue to check the same credentials that it did
previously"
* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
ima: Fallback to the builtin hash algorithm
ima: Add smackfs to the default appraise/measure list
evm: check for remount ro in progress before writing
ima: Improvements in ima_appraise_measurement()
ima: Simplify ima_eventsig_init()
integrity: Remove unused macro IMA_ACTION_RULE_FLAGS
ima: drop vla in ima_audit_measurement()
ima: Fix Kconfig to select TPM 2.0 CRB interface
evm: Constify *integrity_status_msg[]
evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.c
fuse: define the filesystem as untrusted
ima: fail signature verification based on policy
ima: clear IMA_HASH
ima: re-evaluate files on privileged mounted filesystems
ima: fail file signature verification on non-init mounted filesystems
IMA: Support using new creds in appraisal policy
security: Add a cred_getsecid hook
|
||
|
Linus Torvalds
|
3612605a5a |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull general security layer updates from James Morris: - Convert security hooks from list to hlist, a nice cleanup, saving about 50% of space, from Sargun Dhillon. - Only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill (as the secid can be determined from the cred), from Stephen Smalley. - Close a potential race in kernel_read_file(), by making the file unwritable before calling the LSM check (vs after), from Kees Cook. * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: security: convert security hooks to use hlist exec: Set file unwritable before LSM check usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill |
||
|
Linus Torvalds
|
9eda2d2dca |
Merge tag 'selinux-pr-20180403' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull SELinux updates from Paul Moore:
"A bigger than usual pull request for SELinux, 13 patches (lucky!)
along with a scary looking diffstat.
Although if you look a bit closer, excluding the usual minor
tweaks/fixes, there are really only two significant changes in this
pull request: the addition of proper SELinux access controls for SCTP
and the encapsulation of a lot of internal SELinux state.
The SCTP changes are the result of a multi-month effort (maybe even a
year or longer?) between the SELinux folks and the SCTP folks to add
proper SELinux controls. A special thanks go to Richard for seeing
this through and keeping the effort moving forward.
The state encapsulation work is a bit of janitorial work that came out
of some early work on SELinux namespacing. The question of namespacing
is still an open one, but I believe there is some real value in the
encapsulation work so we've split that out and are now sending that up
to you"
* tag 'selinux-pr-20180403' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: wrap AVC state
selinux: wrap selinuxfs state
selinux: fix handling of uninitialized selinux state in get_bools/classes
selinux: Update SELinux SCTP documentation
selinux: Fix ltp test connect-syscall failure
selinux: rename the {is,set}_enforcing() functions
selinux: wrap global selinux state
selinux: fix typo in selinux_netlbl_sctp_sk_clone declaration
selinux: Add SCTP support
sctp: Add LSM hooks
sctp: Add ip option support
security: Add support for SCTP security hooks
netlabel: If PF_INET6, check sk_buff ip header version
|
||
|
Matthew Garrett
|
3ec3011326 |
security: Add a cred_getsecid hook
For IMA purposes, we want to be able to obtain the prepared secid in the bprm structure before the credentials are committed. Add a cred_getsecid hook that makes this possible. Signed-off-by: Matthew Garrett <mjg59@google.com> Acked-by: Paul Moore <paul@paul-moore.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> |
||
|
Eric W. Biederman
|
d8c6e85432 |
msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks
All of the implementations of security hooks that take msg_queue only access q_perm the struct kern_ipc_perm member. This means the dependencies of the msg_queue security hooks can be simplified by passing the kern_ipc_perm member of msg_queue. Making this change will allow struct msg_queue to become private to ipc/msg.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Eric W. Biederman
|
7191adff2a |
shm/security: Pass kern_ipc_perm not shmid_kernel into the shm security hooks
All of the implementations of security hooks that take shmid_kernel only access shm_perm the struct kern_ipc_perm member. This means the dependencies of the shm security hooks can be simplified by passing the kern_ipc_perm member of shmid_kernel.. Making this change will allow struct shmid_kernel to become private to ipc/shm.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Eric W. Biederman
|
aefad9593e |
sem/security: Pass kern_ipc_perm not sem_array into the sem security hooks
All of the implementations of security hooks that take sem_array only access sem_perm the struct kern_ipc_perm member. This means the dependencies of the sem security hooks can be simplified by passing the kern_ipc_perm member of sem_array. Making this change will allow struct sem and struct sem_array to become private to ipc/sem.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Stephen Smalley
|
6b4f3d0105 |
usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill
commit
|
||
|
Richard Haines
|
72e89f5008 |
security: Add support for SCTP security hooks
The SCTP security hooks are explained in: Documentation/security/LSM-sctp.rst Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
|
Jakub Kicinski
|
1495dc9f0a |
security: bpf: replace include of linux/bpf.h with forward declarations
Touching linux/bpf.h makes us rebuild a surprisingly large portion of the kernel. Remove the unnecessary dependency from security.h, it only needs forward declarations. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Chenbo Feng
|
afdb09c720 |
security: bpf: Add LSM hooks for bpf object related syscall
Introduce several LSM hooks for the syscalls that will allow the userspace to access to eBPF object such as eBPF programs and eBPF maps. The security check is aimed to enforce a per object security protection for eBPF object so only processes with the right priviliges can read/write to a specific map or use a specific eBPF program. Besides that, a general security hook is added before the multiplexer of bpf syscall to check the cmd and the attribute used for the command. The actual security module can decide which command need to be checked and how the cmd should be checked. Signed-off-by: Chenbo Feng <fengc@google.com> Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Linus Torvalds
|
7f85565a3f |
Merge tag 'selinux-pr-20170831' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore: "A relatively quiet period for SELinux, 11 patches with only two/three having any substantive changes. These noteworthy changes include another tweak to the NNP/nosuid handling, per-file labeling for cgroups, and an object class fix for AF_UNIX/SOCK_RAW sockets; the rest of the changes are minor tweaks or administrative updates (Stephen's email update explains the file explosion in the diffstat). Everything passes the selinux-testsuite" [ Also a couple of small patches from the security tree from Tetsuo Handa for Tomoyo and LSM cleanup. The separation of security policy updates wasn't all that clean - Linus ] * tag 'selinux-pr-20170831' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: constify nf_hook_ops selinux: allow per-file labeling for cgroupfs lsm_audit: update my email address selinux: update my email address MAINTAINERS: update the NetLabel and Labeled Networking information selinux: use GFP_NOWAIT in the AVC kmem_caches selinux: Generalize support for NNP/nosuid SELinux domain transitions selinux: genheaders should fail if too many permissions are defined selinux: update the selinux info in MAINTAINERS credits: update Paul Moore's info selinux: Assign proper class to PF_UNIX/SOCK_RAW sockets tomoyo: Update URLs in Documentation/admin-guide/LSM/tomoyo.rst LSM: Remove security_task_create() hook. |
||
|
Linus Torvalds
|
dd198ce714 |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace updates from Eric Biederman:
"Life has been busy and I have not gotten half as much done this round
as I would have liked. I delayed it so that a minor conflict
resolution with the mips tree could spend a little time in linux-next
before I sent this pull request.
This includes two long delayed user namespace changes from Kirill
Tkhai. It also includes a very useful change from Serge Hallyn that
allows the security capability attribute to be used inside of user
namespaces. The practical effect of this is people can now untar
tarballs and install rpms in user namespaces. It had been suggested to
generalize this and encode some of the namespace information
information in the xattr name. Upon close inspection that makes the
things that should be hard easy and the things that should be easy
more expensive.
Then there is my bugfix/cleanup for signal injection that removes the
magic encoding of the siginfo union member from the kernel internal
si_code. The mips folks reported the case where I had used FPE_FIXME
me is impossible so I have remove FPE_FIXME from mips, while at the
same time including a return statement in that case to keep gcc from
complaining about unitialized variables.
I almost finished the work to get make copy_siginfo_to_user a trivial
copy to user. The code is available at:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git neuter-copy_siginfo_to_user-v3
But I did not have time/energy to get the code posted and reviewed
before the merge window opened.
I was able to see that the security excuse for just copying fields
that we know are initialized doesn't work in practice there are buggy
initializations that don't initialize the proper fields in siginfo. So
we still sometimes copy unitialized data to userspace"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
Introduce v3 namespaced file capabilities
mips/signal: In force_fcr31_sig return in the impossible case
signal: Remove kernel interal si_code magic
fcntl: Don't use ambiguous SIG_POLL si_codes
prctl: Allow local CAP_SYS_ADMIN changing exe_file
security: Use user_namespace::level to avoid redundant iterations in cap_capable()
userns,pidns: Verify the userns for new pid namespaces
signal/testing: Don't look for __SI_FAULT in userspace
signal/mips: Document a conflict with SI_USER with SIGFPE
signal/sparc: Document a conflict with SI_USER with SIGFPE
signal/ia64: Document a conflict with SI_USER with SIGFPE
signal/alpha: Document a conflict with SI_USER for SIGTRAP
|
||
|
Serge E. Hallyn
|
8db6c34f1d |
Introduce v3 namespaced file capabilities
Root in a non-initial user ns cannot be trusted to write a traditional
security.capability xattr. If it were allowed to do so, then any
unprivileged user on the host could map his own uid to root in a private
namespace, write the xattr, and execute the file with privilege on the
host.
However supporting file capabilities in a user namespace is very
desirable. Not doing so means that any programs designed to run with
limited privilege must continue to support other methods of gaining and
dropping privilege. For instance a program installer must detect
whether file capabilities can be assigned, and assign them if so but set
setuid-root otherwise. The program in turn must know how to drop
partial capabilities, and do so only if setuid-root.
This patch introduces v3 of the security.capability xattr. It builds a
vfs_ns_cap_data struct by appending a uid_t rootid to struct
vfs_cap_data. This is the absolute uid_t (that is, the uid_t in user
namespace which mounted the filesystem, usually init_user_ns) of the
root id in whose namespaces the file capabilities may take effect.
When a task asks to write a v2 security.capability xattr, if it is
privileged with respect to the userns which mounted the filesystem, then
nothing should change. Otherwise, the kernel will transparently rewrite
the xattr as a v3 with the appropriate rootid. This is done during the
execution of setxattr() to catch user-space-initiated capability writes.
Subsequently, any task executing the file which has the noted kuid as
its root uid, or which is in a descendent user_ns of such a user_ns,
will run the file with capabilities.
Similarly when asking to read file capabilities, a v3 capability will
be presented as v2 if it applies to the caller's namespace.
If a task writes a v3 security.capability, then it can provide a uid for
the xattr so long as the uid is valid in its own user namespace, and it
is privileged with CAP_SETFCAP over its namespace. The kernel will
translate that rootid to an absolute uid, and write that to disk. After
this, a task in the writer's namespace will not be able to use those
capabilities (unless rootid was 0), but a task in a namespace where the
given uid is root will.
Only a single security.capability xattr may exist at a time for a given
file. A task may overwrite an existing xattr so long as it is
privileged over the inode. Note this is a departure from previous
semantics, which required privilege to remove a security.capability
xattr. This check can be re-added if deemed useful.
This allows a simple setxattr to work, allows tar/untar to work, and
allows us to tar in one namespace and untar in another while preserving
the capability, without risking leaking privilege into a parent
namespace.
Example using tar:
$ cp /bin/sleep sleepx
$ mkdir b1 b2
$ lxc-usernsexec -m b:0:100000:1 -m b:1:$(id -u):1 -- chown 0:0 b1
$ lxc-usernsexec -m b:0:100001:1 -m b:1:$(id -u):1 -- chown 0:0 b2
$ lxc-usernsexec -m b:0:100000:1000 -- tar --xattrs-include=security.capability --xattrs -cf b1/sleepx.tar sleepx
$ lxc-usernsexec -m b:0:100001:1000 -- tar --xattrs-include=security.capability --xattrs -C b2 -xf b1/sleepx.tar
$ lxc-usernsexec -m b:0:100001:1000 -- getcap b2/sleepx
b2/sleepx = cap_sys_admin+ep
# /opt/ltp/testcases/bin/getv3xattr b2/sleepx
v3 xattr, rootid is 100001
A patch to linux-test-project adding a new set of tests for this
functionality is in the nsfscaps branch at github.com/hallyn/ltp
Changelog:
Nov 02 2016: fix invalid check at refuse_fcap_overwrite()
Nov 07 2016: convert rootid from and to fs user_ns
(From ebiederm: mar 28 2017)
commoncap.c: fix typos - s/v4/v3
get_vfs_caps_from_disk: clarify the fs_ns root access check
nsfscaps: change the code split for cap_inode_setxattr()
Apr 09 2017:
don't return v3 cap for caps owned by current root.
return a v2 cap for a true v2 cap in non-init ns
Apr 18 2017:
. Change the flow of fscap writing to support s_user_ns writing.
. Remove refuse_fcap_overwrite(). The value of the previous
xattr doesn't matter.
Apr 24 2017:
. incorporate Eric's incremental diff
. move cap_convert_nscap to setxattr and simplify its usage
May 8, 2017:
. fix leaking dentry refcount in cap_inode_getsecurity
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
|
||
|
Kees Cook
|
2af6228026 |
LSM: drop bprm_secureexec hook
This removes the bprm_secureexec hook since the logic has been folded into the bprm_set_creds hook for all LSMs now. Cc: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> |
||
|
Kees Cook
|
46d98eb4e1 |
commoncap: Refactor to remove bprm_secureexec hook
The commoncap implementation of the bprm_secureexec hook is the only LSM that depends on the final call to its bprm_set_creds hook (since it may be called for multiple files, it ignores bprm->called_set_creds). As a result, it cannot safely _clear_ bprm->secureexec since other LSMs may have set it. Instead, remove the bprm_secureexec hook by introducing a new flag to bprm specific to commoncap: cap_elevated. This is similar to cap_effective, but that is used for a specific subset of elevated privileges, and exists solely to track state from bprm_set_creds to bprm_secureexec. As such, it will be removed in the next patch. Here, set the new bprm->cap_elevated flag when setuid/setgid has happened from bprm_fill_uid() or fscapabilities have been prepared. This temporarily moves the bprm_secureexec hook to a static inline. The helper will be removed in the next patch; this makes the step easier to review and bisect, since this does not introduce any changes to inputs nor outputs to the "elevated privileges" calculation. The new flag is merged with the bprm->secureexec flag in setup_new_exec() since this marks the end of any further prepare_binprm() calls. Cc: Andy Lutomirski <luto@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Andy Lutomirski <luto@kernel.org> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> |
||
|
Tetsuo Handa
|
3cf2993145 |
LSM: Remove security_task_create() hook.
Since commit
|
||
|
James Morris
|
5965453d5e | Merge branch 'stable-4.13' of git://git.infradead.org/users/pcmoore/selinux into next | ||
|
Scott Mayhew
|
0b4d3452b8 |
security/selinux: allow security_sb_clone_mnt_opts to enable/disable native labeling behavior
When an NFSv4 client performs a mount operation, it first mounts the NFSv4 root and then does path walk to the exported path and performs a submount on that, cloning the security mount options from the root's superblock to the submount's superblock in the process. Unless the NFS server has an explicit fsid=0 export with the "security_label" option, the NFSv4 root superblock will not have SBLABEL_MNT set, and neither will the submount superblock after cloning the security mount options. As a result, setxattr's of security labels over NFSv4.2 will fail. In a similar fashion, NFSv4.2 mounts mounted with the context= mount option will not show the correct labels because the nfs_server->caps flags of the cloned superblock will still have NFS_CAP_SECURITY_LABEL set. Allowing the NFSv4 client to enable or disable SECURITY_LSM_NATIVE_LABELS behavior will ensure that the SBLABEL_MNT flag has the correct value when the client traverses from an exported path without the "security_label" option to one with the "security_label" option and vice versa. Similarly, checking to see if SECURITY_LSM_NATIVE_LABELS is set upon return from security_sb_clone_mnt_opts() and clearing NFS_CAP_SECURITY_LABEL if necessary will allow the correct labels to be displayed for NFSv4.2 mounts mounted with the context= mount option. Resolves: https://github.com/SELinuxProject/selinux-kernel/issues/35 Signed-off-by: Scott Mayhew <smayhew@redhat.com> Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> Tested-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
|
John Johansen
|
6623ec7c4d |
securityfs: add the ability to support symlinks
Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> |
||
|
Daniel Jurgens
|
47a2b338fe |
IB/core: Enforce security on management datagrams
Allocate and free a security context when creating and destroying a MAD agent. This context is used for controlling access to PKeys and sending and receiving SMPs. When sending or receiving a MAD check that the agent has permission to access the PKey for the Subnet Prefix of the port. During MAD and snoop agent registration for SMI QPs check that the calling process has permission to access the manage the subnet and register a callback with the LSM to be notified of policy changes. When notificaiton of a policy change occurs recheck permission and set a flag indicating sending and receiving SMPs is allowed. When sending and receiving MADs check that the agent has access to the SMI if it's on an SMI QP. Because security policy can change it's possible permission was allowed when creating the agent, but no longer is. Signed-off-by: Daniel Jurgens <danielj@mellanox.com> Acked-by: Doug Ledford <dledford@redhat.com> [PM: remove the LSM hook init code] Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
|
Daniel Jurgens
|
8f408ab64b |
selinux lsm IB/core: Implement LSM notification system
Add a generic notificaiton mechanism in the LSM. Interested consumers can register a callback with the LSM and security modules can produce events. Because access to Infiniband QPs are enforced in the setup phase of a connection security should be enforced again if the policy changes. Register infiniband devices for policy change notification and check all QPs on that device when the notification is received. Add a call to the notification mechanism from SELinux when the AVC cache changes or setenforce is cleared. Signed-off-by: Daniel Jurgens <danielj@mellanox.com> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Doug Ledford <dledford@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
|
Daniel Jurgens
|
d291f1a652 |
IB/core: Enforce PKey security on QPs
Add new LSM hooks to allocate and free security contexts and check for permission to access a PKey. Allocate and free a security context when creating and destroying a QP. This context is used for controlling access to PKeys. When a request is made to modify a QP that changes the port, PKey index, or alternate path, check that the QP has permission for the PKey in the PKey table index on the subnet prefix of the port. If the QP is shared make sure all handles to the QP also have access. Store which port and PKey index a QP is using. After the reset to init transition the user can modify the port, PKey index and alternate path independently. So port and PKey settings changes can be a merge of the previous settings and the new ones. In order to maintain access control if there are PKey table or subnet prefix change keep a list of all QPs are using each PKey index on each port. If a change occurs all QPs using that device and port must have access enforced for the new cache settings. These changes add a transaction to the QP modify process. Association with the old port and PKey index must be maintained if the modify fails, and must be removed if it succeeds. Association with the new port and PKey index must be established prior to the modify and removed if the modify fails. 1. When a QP is modified to a particular Port, PKey index or alternate path insert that QP into the appropriate lists. 2. Check permission to access the new settings. 3. If step 2 grants access attempt to modify the QP. 4a. If steps 2 and 3 succeed remove any prior associations. 4b. If ether fails remove the new setting associations. If a PKey table or subnet prefix changes walk the list of QPs and check that they have permission. If not send the QP to the error state and raise a fatal error event. If it's a shared QP make sure all the QPs that share the real_qp have permission as well. If the QP that owns a security structure is denied access the security structure is marked as such and the QP is added to an error_list. Once the moving the QP to error is complete the security structure mark is cleared. Maintaining the lists correctly turns QP destroy into a transaction. The hardware driver for the device frees the ib_qp structure, so while the destroy is in progress the ib_qp pointer in the ib_qp_security struct is undefined. When the destroy process begins the ib_qp_security structure is marked as destroying. This prevents any action from being taken on the QP pointer. After the QP is destroyed successfully it could still listed on an error_list wait for it to be processed by that flow before cleaning up the structure. If the destroy fails the QPs port and PKey settings are reinserted into the appropriate lists, the destroying flag is cleared, and access control is enforced, in case there were any cache changes during the destroy flow. To keep the security changes isolated a new file is used to hold security related functionality. Signed-off-by: Daniel Jurgens <danielj@mellanox.com> Acked-by: Doug Ledford <dledford@redhat.com> [PM: merge fixup in ib_verbs.h and uverbs_cmd.c] Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
|
Tetsuo Handa
|
e4e55b47ed |
LSM: Revive security_task_alloc() hook and per "struct task_struct" security blob.
We switched from "struct task_struct"->security to "struct cred"->security in Linux 2.6.29. But not all LSM modules were happy with that change. TOMOYO LSM module is an example which want to use per "struct task_struct" security blob, for TOMOYO's security context is defined based on "struct task_struct" rather than "struct cred". AppArmor LSM module is another example which want to use it, for AppArmor is currently abusing the cred a little bit to store the change_hat and setexeccon info. Although security_task_free() hook was revived in Linux 3.4 because Yama LSM module wanted to release per "struct task_struct" security blob, security_task_alloc() hook and "struct task_struct"->security field were not revived. Nowadays, we are getting proposals of lightweight LSM modules which want to use per "struct task_struct" security blob. We are already allowing multiple concurrent LSM modules (up to one fully armored module which uses "struct cred"->security field or exclusive hooks like security_xfrm_state_pol_flow_match(), plus unlimited number of lightweight modules which do not use "struct cred"->security nor exclusive hooks) as long as they are built into the kernel. But this patch does not implement variable length "struct task_struct"->security field which will become needed when multiple LSM modules want to use "struct task_struct"-> security field. Although it won't be difficult to implement variable length "struct task_struct"->security field, let's think about it after we merged this patch. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serge@hallyn.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Tested-by: Djalal Harouni <tixxdz@gmail.com> Acked-by: José Bollo <jobol@nonadev.net> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@parisplace.org> Cc: Kees Cook <keescook@chromium.org> Cc: James Morris <james.l.morris@oracle.com> Cc: José Bollo <jobol@nonadev.net> Signed-off-by: James Morris <james.l.morris@oracle.com> |
||
|
Stephen Smalley
|
791ec491c3 |
prlimit,security,selinux: add a security hook for prlimit
When SELinux was first added to the kernel, a process could only get and set its own resource limits via getrlimit(2) and setrlimit(2), so no MAC checks were required for those operations, and thus no security hooks were defined for them. Later, SELinux introduced a hook for setlimit(2) with a check if the hard limit was being changed in order to be able to rely on the hard limit value as a safe reset point upon context transitions. Later on, when prlimit(2) was added to the kernel with the ability to get or set resource limits (hard or soft) of another process, LSM/SELinux was not updated other than to pass the target process to the setrlimit hook. This resulted in incomplete control over both getting and setting the resource limits of another process. Add a new security_task_prlimit() hook to the check_prlimit_permission() function to provide complete mediation. The hook is only called when acting on another task, and only if the existing DAC/capability checks would allow access. Pass flags down to the hook to indicate whether the prlimit(2) call will read, write, or both read and write the resource limits of the target process. The existing security_task_setrlimit() hook is left alone; it continues to serve a purpose in supporting the ability to make decisions based on the old and/or new resource limit values when setting limits. This is consistent with the DAC/capability logic, where check_prlimit_permission() performs generic DAC/capability checks for acting on another task, while do_prlimit() performs a capability check based on a comparison of the old and new resource limits. Fix the inline documentation for the hook to match the code. Implement the new hook for SELinux. For setting resource limits, we reuse the existing setrlimit permission. Note that this does overload the setrlimit permission to mean the ability to set the resource limit (soft or hard) of another process or the ability to change one's own hard limit. For getting resource limits, a new getrlimit permission is defined. This was not originally defined since getrlimit(2) could only be used to obtain a process' own limits. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <james.l.morris@oracle.com> |
||
|
Linus Torvalds
|
f1ef09fde1 |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace updates from Eric Biederman: "There is a lot here. A lot of these changes result in subtle user visible differences in kernel behavior. I don't expect anything will care but I will revert/fix things immediately if any regressions show up. From Seth Forshee there is a continuation of the work to make the vfs ready for unpriviled mounts. We had thought the previous changes prevented the creation of files outside of s_user_ns of a filesystem, but it turns we missed the O_CREAT path. Ooops. Pavel Tikhomirov and Oleg Nesterov worked together to fix a long standing bug in the implemenation of PR_SET_CHILD_SUBREAPER where only children that are forked after the prctl are considered and not children forked before the prctl. The only known user of this prctl systemd forks all children after the prctl. So no userspace regressions will occur. Holding earlier forked children to the same rules as later forked children creates a semantic that is sane enough to allow checkpoing of processes that use this feature. There is a long delayed change by Nikolay Borisov to limit inotify instances inside a user namespace. Michael Kerrisk extends the API for files used to maniuplate namespaces with two new trivial ioctls to allow discovery of the hierachy and properties of namespaces. Konstantin Khlebnikov with the help of Al Viro adds code that when a network namespace exits purges it's sysctl entries from the dcache. As in some circumstances this could use a lot of memory. Vivek Goyal fixed a bug with stacked filesystems where the permissions on the wrong inode were being checked. I continue previous work on ptracing across exec. Allowing a file to be setuid across exec while being ptraced if the tracer has enough credentials in the user namespace, and if the process has CAP_SETUID in it's own namespace. Proc files for setuid or otherwise undumpable executables are now owned by the root in the user namespace of their mm. Allowing debugging of setuid applications in containers to work better. A bug I introduced with permission checking and automount is now fixed. The big change is to mark the mounts that the kernel initiates as a result of an automount. This allows the permission checks in sget to be safely suppressed for this kind of mount. As the permission check happened when the original filesystem was mounted. Finally a special case in the mount namespace is removed preventing unbounded chains in the mount hash table, and making the semantics simpler which benefits CRIU. The vfs fix along with related work in ima and evm I believe makes us ready to finish developing and merge fully unprivileged mounts of the fuse filesystem. The cleanups of the mount namespace makes discussing how to fix the worst case complexity of umount. The stacked filesystem fixes pave the way for adding multiple mappings for the filesystem uids so that efficient and safer containers can be implemented" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: proc/sysctl: Don't grab i_lock under sysctl_lock. vfs: Use upper filesystem inode in bprm_fill_uid() proc/sysctl: prune stale dentries during unregistering mnt: Tuck mounts under others instead of creating shadow/side mounts. prctl: propagate has_child_subreaper flag to every descendant introduce the walk_process_tree() helper nsfs: Add an ioctl() to return owner UID of a userns fs: Better permission checking for submounts exit: fix the setns() && PR_SET_CHILD_SUBREAPER interaction vfs: open() with O_CREAT should not create inodes with unknown ids nsfs: Add an ioctl() to return the namespace type proc: Better ownership of files for non-dumpable tasks in user namespaces exec: Remove LSM_UNSAFE_PTRACE_CAP exec: Test the ptracer's saved cred to see if the tracee can gain caps exec: Don't reset euid and egid when the tracee has CAP_SETUID inotify: Convert to using per-namespace limits |
||
|
Eric W. Biederman
|
9227dd2a84 |
exec: Remove LSM_UNSAFE_PTRACE_CAP
With previous changes every location that tests for LSM_UNSAFE_PTRACE_CAP also tests for LSM_UNSAFE_PTRACE making the LSM_UNSAFE_PTRACE_CAP redundant, so remove it. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Stephen Smalley
|
3a2f5a59a6 |
security,selinux,smack: kill security_task_wait hook
As reported by yangshukui, a permission denial from security_task_wait() can lead to a soft lockup in zap_pid_ns_processes() since it only expects sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can in general lead to zombies; in the absence of some way to automatically reparent a child process upon a denial, the hook is not useful. Remove the security hook and its implementations in SELinux and Smack. Smack already removed its check from its hook. Reported-by: yangshukui <yangshukui@huawei.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
|
Stephen Smalley
|
b21507e272 |
proc,security: move restriction on writing /proc/pid/attr nodes to proc
Processes can only alter their own security attributes via /proc/pid/attr nodes. This is presently enforced by each individual security module and is also imposed by the Linux credentials implementation, which only allows a task to alter its own credentials. Move the check enforcing this restriction from the individual security modules to proc_pid_attr_write() before calling the security hook, and drop the unnecessary task argument to the security hook since it can only ever be the current task. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
|
James Morris
|
de2f4b3453 | Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/selinux into next |