10.0
408 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Kees Cook
|
41b77821cf |
treewide: kzalloc() -> kcalloc()
The kzalloc() function has a 2-factor argument form, kcalloc(). This
patch replaces cases of:
kzalloc(a * b, gfp)
with:
kcalloc(a * b, gfp)
as well as handling cases of:
kzalloc(a * b * c, gfp)
with:
kzalloc(array3_size(a, b, c), gfp)
as it's slightly less ugly than:
kzalloc_array(array_size(a, b), c, gfp)
This does, however, attempt to ignore constant size factors like:
kzalloc(4 * 1024, gfp)
though any constants defined via macros get caught up in the conversion.
Any factors with a sizeof() of "unsigned char", "char", and "u8" were
dropped, since they're redundant.
The Coccinelle script used for this was:
// Fix redundant parens around sizeof().
@@
type TYPE;
expression THING, E;
@@
(
kzalloc(
- (sizeof(TYPE)) * E
+ sizeof(TYPE) * E
, ...)
|
kzalloc(
- (sizeof(THING)) * E
+ sizeof(THING) * E
, ...)
)
// Drop single-byte sizes and redundant parens.
@@
expression COUNT;
typedef u8;
typedef __u8;
@@
(
kzalloc(
- sizeof(u8) * (COUNT)
+ COUNT
, ...)
|
kzalloc(
- sizeof(__u8) * (COUNT)
+ COUNT
, ...)
|
kzalloc(
- sizeof(char) * (COUNT)
+ COUNT
, ...)
|
kzalloc(
- sizeof(unsigned char) * (COUNT)
+ COUNT
, ...)
|
kzalloc(
- sizeof(u8) * COUNT
+ COUNT
, ...)
|
kzalloc(
- sizeof(__u8) * COUNT
+ COUNT
, ...)
|
kzalloc(
- sizeof(char) * COUNT
+ COUNT
, ...)
|
kzalloc(
- sizeof(unsigned char) * COUNT
+ COUNT
, ...)
)
// 2-factor product with sizeof(type/expression) and identifier or constant.
@@
type TYPE;
expression THING;
identifier COUNT_ID;
constant COUNT_CONST;
@@
(
- kzalloc
+ kcalloc
(
- sizeof(TYPE) * (COUNT_ID)
+ COUNT_ID, sizeof(TYPE)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(TYPE) * COUNT_ID
+ COUNT_ID, sizeof(TYPE)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(TYPE) * (COUNT_CONST)
+ COUNT_CONST, sizeof(TYPE)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(TYPE) * COUNT_CONST
+ COUNT_CONST, sizeof(TYPE)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(THING) * (COUNT_ID)
+ COUNT_ID, sizeof(THING)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(THING) * COUNT_ID
+ COUNT_ID, sizeof(THING)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(THING) * (COUNT_CONST)
+ COUNT_CONST, sizeof(THING)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(THING) * COUNT_CONST
+ COUNT_CONST, sizeof(THING)
, ...)
)
// 2-factor product, only identifiers.
@@
identifier SIZE, COUNT;
@@
- kzalloc
+ kcalloc
(
- SIZE * COUNT
+ COUNT, SIZE
, ...)
// 3-factor product with 1 sizeof(type) or sizeof(expression), with
// redundant parens removed.
@@
expression THING;
identifier STRIDE, COUNT;
type TYPE;
@@
(
kzalloc(
- sizeof(TYPE) * (COUNT) * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kzalloc(
- sizeof(TYPE) * (COUNT) * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kzalloc(
- sizeof(TYPE) * COUNT * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kzalloc(
- sizeof(TYPE) * COUNT * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kzalloc(
- sizeof(THING) * (COUNT) * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
kzalloc(
- sizeof(THING) * (COUNT) * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
kzalloc(
- sizeof(THING) * COUNT * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
kzalloc(
- sizeof(THING) * COUNT * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
)
// 3-factor product with 2 sizeof(variable), with redundant parens removed.
@@
expression THING1, THING2;
identifier COUNT;
type TYPE1, TYPE2;
@@
(
kzalloc(
- sizeof(TYPE1) * sizeof(TYPE2) * COUNT
+ array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
, ...)
|
kzalloc(
- sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
, ...)
|
kzalloc(
- sizeof(THING1) * sizeof(THING2) * COUNT
+ array3_size(COUNT, sizeof(THING1), sizeof(THING2))
, ...)
|
kzalloc(
- sizeof(THING1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(THING1), sizeof(THING2))
, ...)
|
kzalloc(
- sizeof(TYPE1) * sizeof(THING2) * COUNT
+ array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
, ...)
|
kzalloc(
- sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
, ...)
)
// 3-factor product, only identifiers, with redundant parens removed.
@@
identifier STRIDE, SIZE, COUNT;
@@
(
kzalloc(
- (COUNT) * STRIDE * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- COUNT * (STRIDE) * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- COUNT * STRIDE * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- (COUNT) * (STRIDE) * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- COUNT * (STRIDE) * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- (COUNT) * STRIDE * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- (COUNT) * (STRIDE) * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- COUNT * STRIDE * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
)
// Any remaining multi-factor products, first at least 3-factor products,
// when they're not all constants...
@@
expression E1, E2, E3;
constant C1, C2, C3;
@@
(
kzalloc(C1 * C2 * C3, ...)
|
kzalloc(
- (E1) * E2 * E3
+ array3_size(E1, E2, E3)
, ...)
|
kzalloc(
- (E1) * (E2) * E3
+ array3_size(E1, E2, E3)
, ...)
|
kzalloc(
- (E1) * (E2) * (E3)
+ array3_size(E1, E2, E3)
, ...)
|
kzalloc(
- E1 * E2 * E3
+ array3_size(E1, E2, E3)
, ...)
)
// And then all remaining 2 factors products when they're not all constants,
// keeping sizeof() as the second factor argument.
@@
expression THING, E1, E2;
type TYPE;
constant C1, C2, C3;
@@
(
kzalloc(sizeof(THING) * C2, ...)
|
kzalloc(sizeof(TYPE) * C2, ...)
|
kzalloc(C1 * C2 * C3, ...)
|
kzalloc(C1 * C2, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(TYPE) * (E2)
+ E2, sizeof(TYPE)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(TYPE) * E2
+ E2, sizeof(TYPE)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(THING) * (E2)
+ E2, sizeof(THING)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(THING) * E2
+ E2, sizeof(THING)
, ...)
|
- kzalloc
+ kcalloc
(
- (E1) * E2
+ E1, E2
, ...)
|
- kzalloc
+ kcalloc
(
- (E1) * (E2)
+ E1, E2
, ...)
|
- kzalloc
+ kcalloc
(
- E1 * E2
+ E1, E2
, ...)
)
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Adam W. Willis <return.of.octobot@gmail.com>
Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com>
|
||
|
Greg Kroah-Hartman
|
b726057b9e |
Merge 4.14.187 into android-4.14-stable
Changes in 4.14.187 scsi: scsi_devinfo: handle non-terminated strings net: be more gentle about silly gso requests coming from user block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed net: sched: export __netdev_watchdog_up() fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()" apparmor: don't try to replace stale label in ptraceme check ibmveth: Fix max MTU limit mld: fix memory leak in ipv6_mc_destroy_dev() net: bridge: enfore alignment for ethernet address net: fix memleak in register_netdevice() net: usb: ax88179_178a: fix packet alignment padding rocker: fix incorrect error handling in dma_rings_init rxrpc: Fix notification call on completion of discarded calls sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket tcp: grow window for OOO packets only for SACK flows tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes ip_tunnel: fix use-after-free in ip_tunnel_lookup() tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() net: Fix the arp error in some cases net: Do not clear the sock TX queue in sk_set_socket() net: core: reduce recursion limit value USB: ohci-sm501: Add missed iounmap() in remove usb: dwc2: Postponed gadget registration to the udc class driver usb: add USB_QUIRK_DELAY_INIT for Logitech C922 USB: ehci: reopen solution for Synopsys HC bug usb: host: xhci-mtk: avoid runtime suspend when removing hcd usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() ALSA: usb-audio: add quirk for Denon DCD-1500RE xhci: Fix incorrect EP_STATE_MASK xhci: Fix enumeration issue when setting max packet size for FS devices. cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip loop: replace kill_bdev with invalidate_bdev ALSA: usb-audio: uac1: Invalidate ctl on interrupt ALSA: usb-audio: Clean up mixer element list traverse ALSA: usb-audio: Fix OOB access of mixer element list xhci: Poll for U0 after disabling USB2 LPM cifs/smb3: Fix data inconsistent when punch hole cifs/smb3: Fix data inconsistent when zero file range efi/esrt: Fix reference count leak in esre_create_sysfs_entry. ARM: dts: NSP: Correct FA2 mailbox node rxrpc: Fix handling of rwind from an ACK packet RDMA/cma: Protect bind_list and listen_list while finding matching cm id ASoC: rockchip: Fix a reference count leak. RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() net: qed: fix left elements count calculation net: qed: fix NVMe login fails over VFs net: qed: fix excessive QM ILT lines consumption ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() usb: gadget: udc: Potential Oops in error handling code netfilter: ipset: fix unaligned atomic access net: bcmgenet: use hardware padding of runt frames sched/core: Fix PI boosting between RT and DEADLINE tasks ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function net: alx: fix race condition in alx_remove s390/ptrace: fix setting syscall number kbuild: improve cc-option to clean up all temporary files blktrace: break out of blktrace setup on concurrent calls ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table ACPI: sysfs: Fix pm_profile_attr type KVM: X86: Fix MSR range of APIC registers in X2APIC mode KVM: nVMX: Plumb L2 GPA through to PML emulation btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof mm/slab: use memzero_explicit() in kzfree() ocfs2: load global_inode_alloc ocfs2: fix value of OCFS2_INVALID_SLOT ocfs2: fix panic on nfs server over ocfs2 arm64: perf: Report the PC value in REGS_ABI_32 mode tracing: Fix event trigger to accept redundant spaces drm/radeon: fix fb_div check in ni_init_smc_spll_table() Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() sunrpc: fixed rollback in rpc_gssd_dummy_populate() SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() pNFS/flexfiles: Fix list corruption if the mirror count changes NFSv4 fix CLOSE not waiting for direct IO compeletion xfs: add agf freeblocks verify in xfs_agf_verify Revert "tty: hvc: Fix data abort due to race in hvc_open" Linux 4.14.187 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5f3301cdfbf593334e7b3d83f6c83f56a6476a33 |
||
|
Jann Horn
|
ecf8e185a2 |
apparmor: don't try to replace stale label in ptraceme check
[ Upstream commit ca3fde5214e1d24f78269b337d3f22afd6bf445e ]
begin_current_label_crit_section() must run in sleepable context because
when label_is_stale() is true, aa_replace_current_label() runs, which uses
prepare_creds(), which can sleep.
Until now, the ptraceme access check (which runs with tasklist_lock held)
violated this rule.
Fixes:
|
||
|
Greg Kroah-Hartman
|
e570b0fb2f |
Merge 4.14.186 into android-4.14-stable
Changes in 4.14.186 s390: fix syscall_get_error for compat processes drm/i915: Whitelist context-local timestamp in the gen9 cmdparser power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select clk: sunxi: Fix incorrect usage of round_down() i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets iio: pressure: bmp280: Tolerate IRQ before registering remoteproc: Fix IDR initialisation in rproc_alloc() clk: qcom: msm8916: Fix the address location of pll->config_reg backlight: lp855x: Ensure regulators are disabled on probe failure ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type ARM: integrator: Add some Kconfig selections scsi: qedi: Check for buffer overflow in qedi_set_path() ALSA: isa/wavefront: prevent out of bounds write in ioctl scsi: qla2xxx: Fix issue with adapter's stopping state iio: bmp280: fix compensation of humidity f2fs: report delalloc reserve as non-free in statfs for project quota i2c: pxa: clear all master action bits in i2c_pxa_stop_message() usblp: poison URBs upon disconnect dm mpath: switch paths in dm_blk_ioctl() code path PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register ps3disk: use the default segment boundary vfio/pci: fix memory leaks in alloc_perm_bits() m68k/PCI: Fix a memory leak in an error handling path mfd: wm8994: Fix driver operation if loaded as modules scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event clk: clk-flexgen: fix clock-critical handling powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run nfsd: Fix svc_xprt refcnt leak when setup callback client failed powerpc/crashkernel: Take "mem=" option into account yam: fix possible memory leak in yam_init_driver NTB: Fix the default port and peer numbers for legacy drivers mksysmap: Fix the mismatch of '.L' symbols in System.map apparmor: fix introspection of of task mode for unconfined tasks scsi: sr: Fix sr_probe() missing deallocate of device minor scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM staging: greybus: fix a missing-check bug in gb_lights_light_config() scsi: qedi: Do not flush offload work if ARP not resolved ALSA: usb-audio: Improve frames size computation s390/qdio: put thinint indicator after early error tty: hvc: Fix data abort due to race in hvc_open thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR staging: sm750fb: add missing case while setting FB_VISUAL i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output serial: amba-pl011: Make sure we initialize the port.lock spinlock drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish PCI: rcar: Fix incorrect programming of OB windows PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges scsi: qla2xxx: Fix warning after FC target reset power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' power: supply: smb347-charger: IRQSTAT_D is volatile scsi: mpt3sas: Fix double free warnings dlm: remove BUG() before panic() clk: ti: composite: fix memory leak PCI: Fix pci_register_host_bridge() device_register() error handling tty: n_gsm: Fix SOF skipping tty: n_gsm: Fix waking up upper tty layer when room available powerpc/pseries/ras: Fix FWNMI_VALID off by one powerpc/ps3: Fix kexec shutdown hang vfio-pci: Mask cap zero usb/ohci-platform: Fix a warning when hibernating drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() tty: n_gsm: Fix bogus i++ in gsm_data_kick clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 powerpc/64s/pgtable: fix an undefined behaviour dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port IB/cma: Fix ports memory leak in cma_configfs watchdog: da9062: No need to ping manually before setting timeout usb: dwc2: gadget: move gadget resume after the core is in L0 state USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check usb: gadget: fix potential double-free in m66592_probe. usb: gadget: Fix issue with config_ep_by_speed function x86/apic: Make TSC deadline timer detection message visible clk: bcm2835: Fix return type of bcm2835_register_gate scsi: ufs-qcom: Fix scheduling while atomic issue net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION powerpc/4xx: Don't unmap NULL mbase extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed vfio/mdev: Fix reference count leak in add_mdev_supported_type openrisc: Fix issue with argument clobbering for clone/fork gfs2: Allow lock_nolock mount to specify jid=X scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj scsi: ufs: Don't update urgent bkops level when toggling auto bkops pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' crypto: omap-sham - add proper load balancing support for multicore geneve: change from tx_error to tx_dropped on missing metadata lib/zlib: remove outdated and incorrect pre-increment optimization include/linux/bitops.h: avoid clang shift-count-overflow warnings elfnote: mark all .note sections SHF_ALLOC selftests/vm/pkeys: fix alloc_random_pkey() to make it really random blktrace: use errno instead of bi_status blktrace: fix endianness in get_pdu_int() blktrace: fix endianness for blk_log_remap() gfs2: fix use-after-free on transaction ail lists selftests/net: in timestamping, strncpy needs to preserve null byte drm/sun4i: hdmi ddc clk: Fix size of m divider scsi: acornscsi: Fix an error handling path in acornscsi_probe() usb/xhci-plat: Set PM runtime as active on resume usb/ehci-platform: Set PM runtime as active on resume perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events() bcache: fix potential deadlock problem in btree_gc_coalesce block: Fix use-after-free in blkdev_get() arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints libata: Use per port sync for detach drm: encoder_slave: fix refcouting error for modules drm/dp_mst: Reformat drm_dp_check_act_status() a bit drm/qxl: Use correct notify port address when creating cursor ring selinux: fix double free ext4: fix partial cluster initialization when splitting extent drm/dp_mst: Increase ACT retry timeout to 3s x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld block: nr_sects_write(): Disable preemption on seqcount write mtd: rawnand: Pass a nand_chip object to nand_release() mtd: rawnand: diskonchip: Fix the probe error path mtd: rawnand: sharpsl: Fix the probe error path mtd: rawnand: xway: Fix the probe error path mtd: rawnand: orion: Fix the probe error path mtd: rawnand: oxnas: Add of_node_put() mtd: rawnand: oxnas: Fix the probe error path mtd: rawnand: socrates: Fix the probe error path mtd: rawnand: plat_nand: Fix the probe error path mtd: rawnand: mtk: Fix the probe error path mtd: rawnand: tmio: Fix the probe error path crypto: algif_skcipher - Cap recv SG list at ctx->used crypto: algboss - don't wait during notifier callback kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex e1000e: Do not wake up the system via WOL if device wakeup is disabled kretprobe: Prevent triggering kretprobe from within kprobe_flush_task sched/rt, net: Use CONFIG_PREEMPTION.patch net: core: device_rename: Use rwsem instead of a seqcount md: add feature flag MD_FEATURE_RAID0_LAYOUT kvm: x86: Move kvm_set_mmio_spte_mask() from x86.c to mmu.c kvm: x86: Fix reserved bits related calculation errors caused by MKTME KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated Linux 4.14.186 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5a9f5c8483f37ac08cf01991ffa43b333fdfa0a3 |
||
|
John Johansen
|
8906aa8e57 |
apparmor: fix introspection of of task mode for unconfined tasks
[ Upstream commit dd2569fbb053719f7df7ef8fdbb45cf47156a701 ]
Fix two issues with introspecting the task mode.
1. If a task is attached to a unconfined profile that is not the
ns->unconfined profile then. Mode the mode is always reported
as -
$ ps -Z
LABEL PID TTY TIME CMD
unconfined 1287 pts/0 00:00:01 bash
test (-) 1892 pts/0 00:00:00 ps
instead of the correct value of (unconfined) as shown below
$ ps -Z
LABEL PID TTY TIME CMD
unconfined 2483 pts/0 00:00:01 bash
test (unconfined) 3591 pts/0 00:00:00 ps
2. if a task is confined by a stack of profiles that are unconfined
the output of label mode is again the incorrect value of (-) like
above, instead of (unconfined). This is because the visibile
profile count increment is skipped by the special casing of
unconfined.
Fixes:
|
||
|
Greg Kroah-Hartman
|
433305b0af |
Merge 4.14.182 into android-4.14-stable
Changes in 4.14.182 ext4: add cond_resched() to ext4_protect_reserved_inode watchdog: Fix the race between the release of watchdog_core_data and cdev i2c: dev: Fix the race between the release of i2c_dev and cdev padata: ensure the reorder timer callback runs on the correct CPU padata: ensure padata_do_serial() runs on the correct CPU ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash() evm: Check also if *tfm is an error pointer in init_desc() ima: Fix return value of ima_write_policy() fix multiplication overflow in copy_fdtable() iommu/amd: Fix over-read of ACPI UID from IVRS table i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' ubi: Fix seq_file usage in detailed_erase_block_info debugfs file gcc-common.h: Update for GCC 10 HID: multitouch: add eGalaxTouch P80H84 support scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV configfs: fix config_item refcnt leak in configfs_rmdir() vhost/vsock: fix packet delivery order to monitoring devices component: Silence bind error on -EPROBE_DEFER scsi: ibmvscsi: Fix WARN_ON during event pool release x86/apic: Move TSC deadline timer debug printk gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() ceph: fix double unlock in handle_cap_export() USB: core: Fix misleading driver bug report platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA ARM: futex: Address build warning padata: set cpu_index of unused CPUs to -1 padata: Replace delayed timer with immediate workqueue in padata_reorder padata: initialize pd->cpu with effective cpumask padata: purge get_cpu and reorder_via_wq from padata_do_serial arm64: fix the flush_icache_range arguments in machine_kexec l2tp: don't register sessions in l2tp_session_create() l2tp: initialise l2tp_eth sessions before registering them l2tp: protect sock pointer of struct pppol2tp_session with RCU l2tp: initialise PPP sessions before registering them ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option ALSA: pcm: fix incorrect hw_base increase apparmor: Fix aa_label refcnt leak in policy_update dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' powerpc: restore alphabetic order in Kconfig powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE powerpc/64s: Disable STRICT_KERNEL_RWX x86/uaccess, ubsan: Fix UBSAN vs. SMAP ubsan: build ubsan.c more conservatively libnvdimm/btt: Remove unnecessary code in btt_freelist_init libnvdimm/btt: Fix LBA masking during 'free list' population media: fdp1: Fix R-Car M3-N naming in debug message cxgb4: free mac_hlist properly cxgb4/cxgb4vf: Fix mac_hlist initialization and free Revert "gfs2: Don't demote a glock until its revokes are written" staging: iio: ad2s1210: Fix SPI reading staging: greybus: Fix uninitialized scalar variable iio: sca3000: Remove an erroneous 'get_device()' iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' mei: release me_cl object reference rapidio: fix an error in get_user_pages_fast() error handling rxrpc: Fix a memory leak in rxkad_verify_response() x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() iio: adc: stm32-adc: fix device used to request dma Linux 4.14.182 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5c1fd52b8c5565f2b3be89efeefc5a66fe806247 |
||
|
Xiyu Yang
|
50229ba3f5 |
apparmor: Fix aa_label refcnt leak in policy_update
commit c6b39f070722ea9963ffe756bfe94e89218c5e63 upstream.
policy_update() invokes begin_current_label_crit_section(), which
returns a reference of the updated aa_label object to "label" with
increased refcount.
When policy_update() returns, "label" becomes invalid, so the refcount
should be decreased to keep refcount balanced.
The reference counting issue happens in one exception handling path of
policy_update(). When aa_may_manage_policy() returns not NULL, the
refcnt increased by begin_current_label_crit_section() is not decreased,
causing a refcnt leak.
Fix this issue by jumping to "end_section" label when
aa_may_manage_policy() returns not NULL.
Fixes:
|
||
|
Greg Kroah-Hartman
|
509b38045c |
Merge 4.14.168 into android-4.14
Changes in 4.14.168
xfs: Sanity check flags of Q_XQUOTARM call
mfd: intel-lpss: Add default I2C device properties for Gemini Lake
powerpc/archrandom: fix arch_get_random_seed_int()
tipc: fix wrong timeout input for tipc_wait_for_cond()
mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
crypto: sun4i-ss - fix big endian issues
drm/sti: do not remove the drm_bridge that was never added
drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
ALSA: hda: fix unused variable warning
apparmor: don't try to replace stale label in ptrace access check
PCI: iproc: Remove PAXC slot check to allow VF support
drm/hisilicon: hibmc: Don't overwrite fb helper surface depth
IB/rxe: replace kvfree with vfree
IB/hfi1: Add mtu check for operational data VLs
ALSA: usb-audio: update quirk for B&W PX to remove microphone
staging: comedi: ni_mio_common: protect register write overflow
pwm: lpss: Release runtime-pm reference from the driver's remove callback
drm/sun4i: hdmi: Fix double flag assignation
mlxsw: reg: QEEC: Add minimum shaper fields
NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks
pcrypt: use format specifier in kobject_add
exportfs: fix 'passing zero to ERR_PTR()' warning
drm/dp_mst: Skip validating ports during destruction, just ref
net: phy: Fix not to call phy_resume() if PHY is not attached
IB/rxe: Fix incorrect cache cleanup in error flow
staging: bcm2835-camera: Abort probe if there is no camera
switchtec: Remove immediate status check after submitting MRPC command
pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group
pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group
pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group
pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group
pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group
pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field
pinctrl: sh-pfc: sh7734: Add missing IPSR11 field
pinctrl: sh-pfc: r8a77995: Remove bogus SEL_PWM[0-3]_3 configurations
pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field
pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value
vxlan: changelink: Fix handling of default remotes
Input: nomadik-ske-keypad - fix a loop timeout test
clk: highbank: fix refcount leak in hb_clk_init()
clk: qoriq: fix refcount leak in clockgen_init()
clk: socfpga: fix refcount leak
clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
clk: imx6q: fix refcount leak in imx6q_clocks_init()
clk: imx6sx: fix refcount leak in imx6sx_clocks_init()
clk: imx7d: fix refcount leak in imx7d_clocks_init()
clk: vf610: fix refcount leak in vf610_clocks_init()
clk: armada-370: fix refcount leak in a370_clk_init()
clk: kirkwood: fix refcount leak in kirkwood_clk_init()
clk: armada-xp: fix refcount leak in axp_clk_init()
clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init()
clk: dove: fix refcount leak in dove_clk_init()
MIPS: BCM63XX: drop unused and broken DSP platform device
IB/usnic: Fix out of bounds index check in query pkey
RDMA/ocrdma: Fix out of bounds index check in query pkey
RDMA/qedr: Fix out of bounds index check in query pkey
drm/shmob: Fix return value check in shmob_drm_probe
arm64: dts: apq8016-sbc: Increase load on l11 for SDCARD
spi: cadence: Correct initialisation of runtime PM
RDMA/iw_cxgb4: Fix the unchecked ep dereference
drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump()
media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL
kbuild: mark prepare0 as PHONY to fix external module build
crypto: brcm - Fix some set-but-not-used warning
crypto: tgr192 - fix unaligned memory access
ASoC: imx-sgtl5000: put of nodes if finding codec fails
IB/iser: Pass the correct number of entries for dma mapped SGL
rtc: cmos: ignore bogus century byte
spi/topcliff_pch: Fix potential NULL dereference on allocation error
clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it
iwlwifi: mvm: avoid possible access out of array.
net/mlx5: Take lock with IRQs disabled to avoid deadlock
iwlwifi: mvm: fix A-MPDU reference assignment
tty: ipwireless: Fix potential NULL pointer dereference
driver: uio: fix possible memory leak in __uio_register_device
driver: uio: fix possible use-after-free in __uio_register_device
crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments
driver core: Do not resume suppliers under device_links_write_lock()
ARM: dts: lpc32xx: add required clocks property to keypad device node
ARM: dts: lpc32xx: reparent keypad controller to SIC1
ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller variant
ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller clocks property
ARM: dts: lpc32xx: phy3250: fix SD card regulator voltage
iwlwifi: mvm: fix RSS config command
staging: most: cdev: add missing check for cdev_add failure
rtc: ds1672: fix unintended sign extension
thermal: mediatek: fix register index error
net: phy: fixed_phy: Fix fixed_phy not checking GPIO
rtc: ds1307: rx8130: Fix alarm handling
rtc: 88pm860x: fix unintended sign extension
rtc: 88pm80x: fix unintended sign extension
rtc: pm8xxx: fix unintended sign extension
fbdev: chipsfb: remove set but not used variable 'size'
iw_cxgb4: use tos when importing the endpoint
iw_cxgb4: use tos when finding ipv6 routes
drm/etnaviv: potential NULL dereference
pinctrl: sh-pfc: emev2: Add missing pinmux functions
pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group
pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group
pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups
PCI: endpoint: functions: Use memcpy_fromio()/memcpy_toio()
usb: phy: twl6030-usb: fix possible use-after-free on remove
block: don't use bio->bi_vcnt to figure out segment number
keys: Timestamp new keys
vfio_pci: Enable memory accesses before calling pci_map_rom
hwmon: (pmbus/tps53679) Fix driver info initialization in probe routine
KVM: PPC: Release all hardware TCE tables attached to a group
staging: r8822be: check kzalloc return or bail
dmaengine: mv_xor: Use correct device for DMA API
cdc-wdm: pass return value of recover_from_urb_loss
regulator: pv88060: Fix array out-of-bounds access
regulator: pv88080: Fix array out-of-bounds access
regulator: pv88090: Fix array out-of-bounds access
net: dsa: qca8k: Enable delay for RGMII_ID mode
drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
drm/nouveau/pmu: don't print reply values if exec is false
ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of()
fs/nfs: Fix nfs_parse_devname to not modify it's argument
staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx
powerpc/64s: Fix logic when handling unknown CPU features
NFS: Fix a soft lockup in the delegation recovery code
clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable
clocksource/drivers/exynos_mct: Fix error path in timer resources initialization
platform/x86: wmi: fix potential null pointer dereference
NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount
mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe
ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
ARM: 8848/1: virt: Align GIC version check with arm64 counterpart
regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA
netfilter: nft_set_hash: fix lookups with fixed size hash on big endian
NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE()
net: aquantia: fixed instack structure overflow
powerpc/mm: Check secondary hash page table
nios2: ksyms: Add missing symbol exports
x86/mm: Remove unused variable 'cpu'
scsi: megaraid_sas: reduce module load time
drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
xen, cpu_hotplug: Prevent an out of bounds access
net: sh_eth: fix a missing check of of_get_phy_mode
regulator: lp87565: Fix missing register for LP87565_BUCK_0
media: ivtv: update *pos correctly in ivtv_read_pos()
media: cx18: update *pos correctly in cx18_read_pos()
media: wl128x: Fix an error code in fm_download_firmware()
media: cx23885: check allocation return
regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB
jfs: fix bogus variable self-initialization
tipc: tipc clang warning
m68k: mac: Fix VIA timer counter accesses
arm64: dts: allwinner: a64: Add missing PIO clocks
ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset()
media: davinci-isif: avoid uninitialized variable use
media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
spi: tegra114: clear packed bit for unpacked mode
spi: tegra114: fix for unpacked mode transfers
spi: tegra114: terminate dma and reset on transfer timeout
spi: tegra114: flush fifos
spi: tegra114: configure dma burst size to fifo trig level
soc/fsl/qe: Fix an error code in qe_pin_request()
spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
ehea: Fix a copy-paste err in ehea_init_port_res
scsi: qla2xxx: Unregister chrdev if module initialization fails
scsi: target/core: Fix a race condition in the LUN lookup code
ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data"
net: hns3: fix for vport->bw_limit overflow problem
hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
tipc: set sysctl_tipc_rmem and named_timeout right range
selftests/ipc: Fix msgque compiler warnings
powerpc: vdso: Make vdso32 installation conditional in vdso_install
ARM: dts: ls1021: Fix SGMII PCS link remaining down after PHY disconnect
media: ov2659: fix unbalanced mutex_lock/unlock
6lowpan: Off by one handling ->nexthdr
dmaengine: axi-dmac: Don't check the number of frames for alignment
ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
NFS: Don't interrupt file writeout due to fatal errors
irqchip/gic-v3-its: fix some definitions of inner cacheability attributes
scsi: qla2xxx: Fix a format specifier
scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory
packet: in recvmsg msg_name return at least sizeof sockaddr_ll
ASoC: fix valid stream condition
usb: gadget: fsl: fix link error against usb-gadget module
dwc2: gadget: Fix completed transfer size calculation in DDMA
IB/mlx5: Add missing XRC options to QP optional params mask
iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry
net: ena: fix: Free napi resources when ena_up() fails
net: ena: fix incorrect test of supported hash function
net: ena: fix ena_com_fill_hash_function() implementation
dmaengine: tegra210-adma: restore channel status
mmc: core: fix possible use after free of host
lightnvm: pblk: fix lock order in pblk_rb_tear_down_check
afs: Fix the afs.cell and afs.volume xattr handlers
vfio/mdev: Avoid release parent reference during error path
vfio/mdev: Fix aborting mdev child device removal if one fails
l2tp: Fix possible NULL pointer dereference
media: omap_vout: potential buffer overflow in vidioc_dqbuf()
media: davinci/vpbe: array underflow in vpbe_enum_outputs()
platform/x86: alienware-wmi: printing the wrong error code
crypto: caam - fix caam_dump_sg that iterates through scatterlist
netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
pwm: meson: Consider 128 a valid pre-divider
pwm: meson: Don't disable PWM when setting duty repeatedly
ARM: riscpc: fix lack of keyboard interrupts after irq conversion
kdb: do a sanity check on the cpu in kdb_per_cpu()
backlight: lm3630a: Return 0 on success in update_status functions
thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
EDAC/mc: Fix edac_mc_find() in case no device is found
ARM: dts: sun8i-h3: Fix wifi in Beelink X2 DT
dmaengine: tegra210-adma: Fix crash during probe
arm64: dts: meson: libretech-cc: set eMMC as removable
RDMA/qedr: Fix incorrect device rate.
spi: spi-fsl-spi: call spi_finalize_current_message() at the end
crypto: ccp - fix AES CFB error exposed by new test vectors
crypto: ccp - Fix 3DES complaint from ccp-crypto module
serial: stm32: fix rx error handling
serial: stm32: fix transmit_chars when tx is stopped
serial: stm32: Add support of TC bit status check
serial: stm32: fix wakeup source initialization
misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa
iommu: Use right function to get group for device
signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
netvsc: unshare skb in VF rx handler
cpufreq: brcmstb-avs-cpufreq: Fix initial command check
cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency
media: vivid: fix incorrect assignment operation when setting video mode
mpls: fix warning with multi-label encap
iommu/vt-d: Duplicate iommu_resv_region objects per device list
qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state
powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
drm/msm/mdp5: Fix mdp5_cfg_init error return
net: netem: fix backlog accounting for corrupted GSO frames
net/af_iucv: always register net_device notifier
ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs
rtc: pcf8563: Fix interrupt trigger method
rtc: pcf8563: Clear event flags and disable interrupts before requesting irq
drm/msm/a3xx: remove TPL1 regs from snapshot
perf/ioctl: Add check for the sample_period value
dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width"
clk: qcom: Fix -Wunused-const-variable
nvmem: imx-ocotp: Ensure WAIT bits are preserved when setting timing
bnxt_en: Fix ethtool selftest crash under error conditions.
iommu/amd: Make iommu_disable safer
mfd: intel-lpss: Release IDA resources
rxrpc: Fix uninitialized error code in rxrpc_send_data_packet()
devres: allow const resource arguments
RDMA/hns: Fixs hw access invalid dma memory error
net: pasemi: fix an use-after-free in pasemi_mac_phy_init()
scsi: libfc: fix null pointer dereference on a null lport
clk: sunxi-ng: v3s: add the missing PLL_DDR1
PM: sleep: Fix possible overflow in pm_system_cancel_wakeup()
libertas_tf: Use correct channel range in lbtf_geo_init
qed: reduce maximum stack frame size
usb: host: xhci-hub: fix extra endianness conversion
mic: avoid statically declaring a 'struct device'.
x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
crypto: ccp - Reduce maximum stack usage
ALSA: aoa: onyx: always initialize register read value
tipc: reduce risk of wakeup queue starvation
ARM: dts: stm32: add missing vdda-supply to adc on stm32h743i-eval
net/mlx5: Fix mlx5_ifc_query_lag_out_bits
cifs: fix rmmod regression in cifs.ko caused by force_sig changes
crypto: caam - free resources in case caam_rng registration failed
ext4: set error return correctly when ext4_htree_store_dirent fails
ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
ASoC: cs4349: Use PM ops 'cs4349_runtime_pm'
ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
net/rds: Add a few missing rds_stat_names entries
bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails
signal: Allow cifs and drbd to receive their terminating signals
ASoC: sun4i-i2s: RX and TX counter registers are swapped
dmaengine: dw: platform: Switch to acpi_dma_controller_register()
mac80211: minstrel_ht: fix per-group max throughput rate initialization
media: atmel: atmel-isi: fix timeout value for stop streaming
rtc: pcf2127: bugfix: read rtc disables watchdog
mips: avoid explicit UB in assignment of mips_io_port_base
iommu/mediatek: Fix iova_to_phys PA start for 4GB mode
ahci: Do not export local variable ahci_em_messages
Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
hwmon: (lm75) Fix write operations for negative temperatures
power: supply: Init device wakeup after device_add()
x86, perf: Fix the dependency of the x86 insn decoder selftest
staging: greybus: light: fix a couple double frees
irqdomain: Add the missing assignment of domain->fwnode for named fwnode
bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
iio: dac: ad5380: fix incorrect assignment to val
ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs
net: sonic: return NETDEV_TX_OK if failed to map buffer
scsi: fnic: fix msix interrupt allocation
Btrfs: fix hang when loading existing inode cache off disk
Btrfs: fix inode cache waiters hanging on failure to start caching thread
Btrfs: fix inode cache waiters hanging on path allocation failure
btrfs: use correct count in btrfs_file_write_iter()
ixgbe: sync the first fragment unconditionally
hwmon: (shtc1) fix shtc1 and shtw1 id mask
net: sonic: replace dev_kfree_skb in sonic_send_packet
pinctrl: iproc-gpio: Fix incorrect pinconf configurations
ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet
RDMA/cma: Fix false error message
net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
iommu/amd: Wait for completion of IOTLB flush in attach_device
net: aquantia: Fix aq_vec_isr_legacy() return value
net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
net: stmmac: dwmac-meson8b: Fix signedness bug in probe
net: axienet: fix a signedness bug in probe
of: mdio: Fix a signedness bug in of_phy_get_and_connect()
net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
nvme: retain split access workaround for capability reads
net: stmmac: gmac4+: Not all Unicast addresses may be available
mac80211: accept deauth frames in IBSS mode
llc: fix another potential sk_buff leak in llc_ui_sendmsg()
llc: fix sk_buff refcounting in llc_conn_state_process()
net: stmmac: fix length of PTP clock's name string
act_mirred: Fix mirred_init_module error handling
net: avoid possible false sharing in sk_leave_memory_pressure()
net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head
tcp: annotate lockless access to tcp_memory_pressure
drm/msm/dsi: Implement reset correctly
dmaengine: imx-sdma: fix size check for sdma script_number
net: netem: fix error path for corrupted GSO frames
net: netem: correct the parent's backlog when corrupted packet was dropped
net: qca_spi: Move reset_count to struct qcaspi
afs: Fix large file support
MIPS: Loongson: Fix return value of loongson_hwmon_init
hv_netvsc: flag software created hash value
net: neigh: use long type to store jiffies delta
packet: fix data-race in fanout_flow_is_huge()
mmc: sdio: fix wl1251 vendor id
mmc: core: fix wl1251 sdio quirks
affs: fix a memory leak in affs_remount
dmaengine: ti: edma: fix missed failure handling
drm/radeon: fix bad DMA from INTERRUPT_CNTL2
arm64: dts: juno: Fix UART frequency
IB/iser: Fix dma_nents type definition
serial: stm32: fix clearing interrupt error flags
m68k: Call timer_interrupt() with interrupts disabled
Linux 4.14.168
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I3eeaa348e8e99998356d27c99d06dcb38e48e7d5
|
||
|
Jann Horn
|
49f3e22df7 |
apparmor: don't try to replace stale label in ptrace access check
[ Upstream commit 1f8266ff58840d698a1e96d2274189de1bdf7969 ]
As a comment above begin_current_label_crit_section() explains,
begin_current_label_crit_section() must run in sleepable context because
when label_is_stale() is true, aa_replace_current_label() runs, which uses
prepare_creds(), which can sleep.
Until now, the ptrace access check (which runs with a task lock held)
violated this rule.
Also add a might_sleep() assertion to begin_current_label_crit_section(),
because asserts are less likely to be ignored than comments.
Fixes:
|
||
|
Greg Kroah-Hartman
|
c2bd4f8f0c |
Merge 4.14.162 into android-4.14
Changes in 4.14.162 scsi: lpfc: Fix discovery failures when target device connectivity bounces scsi: mpt3sas: Fix clear pending bit in ioctl status scsi: lpfc: Fix locking on mailbox command completion Input: atmel_mxt_ts - disable IRQ across suspend iommu/tegra-smmu: Fix page tables in > 4 GiB memory scsi: target: compare full CHAP_A Algorithm strings scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices scsi: csiostor: Don't enable IRQs too early powerpc/pseries: Mark accumulate_stolen_time() as notrace powerpc/pseries: Don't fail hash page table insert for bolted mapping powerpc/tools: Don't quote $objdump in scripts dma-debug: add a schedule point in debug_dma_dump_mappings() clocksource/drivers/asm9260: Add a check for of_clk_get powerpc/security/book3s64: Report L1TF status in sysfs powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning ext4: update direct I/O read lock pattern for IOCB_NOWAIT jbd2: Fix statistics for the number of logged blocks scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow f2fs: fix to update dir's i_pino during cross_rename clk: qcom: Allow constant ratio freq tables for rcg irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary irqchip: ingenic: Error out if IRQ domain creation failed fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences scsi: ufs: fix potential bug which ends in system hang powerpc/pseries/cmm: Implement release() function for sysfs device powerpc/security: Fix wrong message when RFI Flush is disable scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE clk: pxa: fix one of the pxa RTC clocks bcache: at least try to shrink 1 node in bch_mca_scan() HID: logitech-hidpp: Silence intermittent get_battery_capacity errors libnvdimm/btt: fix variable 'rc' set but not used HID: Improve Windows Precision Touchpad detection. scsi: pm80xx: Fix for SATA device discovery scsi: ufs: Fix error handing during hibern8 enter scsi: scsi_debug: num_tgts must be >= 0 scsi: NCR5380: Add disconnect_mask module parameter scsi: iscsi: Don't send data to unbound connection scsi: target: iscsi: Wait for all commands to finish before freeing a session gpio: mpc8xxx: Don't overwrite default irq_set_type callback apparmor: fix unsigned len comparison with less than zero scripts/kallsyms: fix definitely-lost memory leak cdrom: respect device capabilities during opening action perf script: Fix brstackinsn for AUXTRACE perf regs: Make perf_reg_name() return "unknown" instead of NULL s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h s390/cpum_sf: Check for SDBT and SDB consistency ocfs2: fix passing zero to 'PTR_ERR' warning kernel: sysctl: make drop_caches write-only userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK x86/mce: Fix possibly incorrect severity calculation on AMD net, sysctl: Fix compiler warning when only cBPF is present netfilter: nf_queue: enqueue skbs with NULL dst ALSA: hda - Downgrade error message for single-cmd fallback bonding: fix active-backup transition after link failure perf strbuf: Remove redundant va_end() in strbuf_addv() Make filldir[64]() verify the directory entry filename is valid filldir[64]: remove WARN_ON_ONCE() for bad directory entries netfilter: ebtables: compat: reject all padding in matches/watchers 6pack,mkiss: fix possible deadlock netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() inetpeer: fix data-race in inet_putpeer / inet_putpeer net: add a READ_ONCE() in skb_peek_tail() net: icmp: fix data-race in cmp_global_allow() hrtimer: Annotate lockless access to timer->state spi: fsl: don't map irq during probe tty/serial: atmel: fix out of range clock divider handling pinctrl: baytrail: Really serialize all register accesses net: ena: fix napi handler misbehavior when the napi budget is zero net/mlxfw: Fix out-of-memory error in mfa2 flash burning ptp: fix the race between the release of ptp_clock and cdev udp: fix integer overflow while computing available space in sk_rcvbuf vhost/vsock: accept only packets with the right dst_cid net: add bool confirm_neigh parameter for dst_ops.update_pmtu ip6_gre: do not confirm neighbor when do pmtu update gtp: do not confirm neighbor when do pmtu update net/dst: add new function skb_dst_update_pmtu_no_confirm tunnel: do not confirm neighbor when do pmtu update vti: do not confirm neighbor when do pmtu update sit: do not confirm neighbor when do pmtu update gtp: do not allow adding duplicate tid and ms_addr pdp context tcp/dccp: fix possible race __inet_lookup_established() tcp: do not send empty skb from tcp_write_xmit() gtp: fix wrong condition in gtp_genl_dump_pdp() gtp: fix an use-after-free in ipv4_pdp_find() gtp: avoid zero size hashtable spi: fsl: use platform_get_irq() instead of of_irq_to_resource() Linux 4.14.162 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Colin Ian King
|
04db2eb668 |
apparmor: fix unsigned len comparison with less than zero
[ Upstream commit 00e0590dbaec6f1bcaa36a85467d7e3497ced522 ]
The sanity check in macro update_for_len checks to see if len
is less than zero, however, len is a size_t so it can never be
less than zero, so this sanity check is a no-op. Fix this by
making len a ssize_t so the comparison will work and add ulen
that is a size_t copy of len so that the min() macro won't
throw warnings about comparing different types.
Addresses-Coverity: ("Macro compares unsigned to 0")
Fixes:
|
||
|
Greg Kroah-Hartman
|
84afceb668 |
Merge 4.14.158 into android-4.14
Changes in 4.14.158 Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS" clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX ASoC: compress: fix unsigned integer overflow check reset: Fix memory leak in reset_control_array_put() ASoC: kirkwood: fix external clock probe defer clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume reset: fix reset_control_ops kerneldoc comment clk: at91: avoid sleeping early clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 idr: Fix idr_alloc_u32 on 32-bit systems x86/resctrl: Prevent NULL pointer dereference when reading mondata clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call net: fec: add missed clk_disable_unprepare in remove bridge: ebtables: don't crash when using dnat target in output chains can: peak_usb: report bus recovery as well can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error watchdog: meson: Fix the wrong value of left time scripts/gdb: fix debugging modules compiled with hot/cold partitioning net: bcmgenet: reapply manual settings to the PHY ceph: return -EINVAL if given fsc mount option on kernel w/o support mac80211: fix station inactive_time shortly after boot block: drbd: remove a stray unlock in __drbd_send_protocol() pwm: bcm-iproc: Prevent unloading the driver module while in use scsi: lpfc: Fix kernel Oops due to null pring pointers scsi: lpfc: Fix dif and first burst use in write commands ARM: dts: Fix up SQ201 flash access ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication parisc: Fix serio address output parisc: Fix HP SDC hpa address output arm64: mm: Prevent mismatched 52-bit VA support arm64: smp: Handle errors reported by the firmware ARM: OMAP1: fix USB configuration for device-only setups RDMA/vmw_pvrdma: Use atomic memory allocation in create AH PM / AVS: SmartReflex: NULL check before some freeing functions is not needed ARM: ks8695: fix section mismatch warning ACPI / LPSS: Ignore acpi_device_fix_up_power() return value scsi: lpfc: Enable Management features for IF_TYPE=6 crypto: user - support incremental algorithm dumps mwifiex: fix potential NULL dereference and use after free mwifiex: debugfs: correct histogram spacing, formatting rtl818x: fix potential use after free xfs: require both realtime inodes to mount ubi: Put MTD device after it is not used ubi: Do not drop UBI device reference before using microblaze: adjust the help to the real behavior microblaze: move "... is ready" messages to arch/microblaze/Makefile iwlwifi: move iwl_nvm_check_version() into dvm gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB kvm: vmx: Set IA32_TSC_AUX for legacy mode guests VSOCK: bind to random port for VMADDR_PORT_ANY mmc: meson-gx: make sure the descriptor is stopped on errors mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET btrfs: only track ref_heads in delayed_ref_updates HID: intel-ish-hid: fixes incorrect error handling serial: 8250: Rate limit serial port rx interrupts during input overruns kprobes/x86/xen: blacklist non-attachable xen interrupt functions xen/pciback: Check dev_data before using it vfio-mdev/samples: Use u8 instead of char for handle functions pinctrl: xway: fix gpio-hog related boot issues net/mlx5: Continue driver initialization despite debugfs failure exofs_mount(): fix leaks on failure exits bnxt_en: Return linux standard errors in bnxt_ethtool.c bnxt_en: query force speeds before disabling autoneg mode. KVM: s390: unregister debug feature on failing arch init pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 HID: doc: fix wrong data structure reference for UHID_OUTPUT dm flakey: Properly corrupt multi-page bios. gfs2: take jdata unstuff into account in do_grow xfs: Align compat attrlist_by_handle with native implementation. xfs: Fix bulkstat compat ioctls on x32 userspace. IB/qib: Fix an error code in qib_sdma_verbs_send() clocksource/drivers/fttmr010: Fix invalid interrupt register access vxlan: Fix error path in __vxlan_dev_create() powerpc/book3s/32: fix number of bats in p/v_block_mapped() powerpc/xmon: fix dump_segments() drivers/regulator: fix a missing check of return value Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading serial: max310x: Fix tx_empty() callback openrisc: Fix broken paths to arch/or32 RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer scsi: qla2xxx: deadlock by configfs_depend_item scsi: csiostor: fix incorrect dma device in case of vport ath6kl: Only use match sets when firmware supports it ath6kl: Fix off by one error in scan completion powerpc/perf: Fix unit_sel/cache_sel checks powerpc/prom: fix early DEBUG messages powerpc/mm: Make NULL pointer deferences explicit on bad page faults. powerpc/44x/bamboo: Fix PCI range vfio/spapr_tce: Get rid of possible infinite loop powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status drbd: ignore "all zero" peer volume sizes in handshake drbd: reject attach of unsuitable uuids even if connected drbd: do not block when adjusting "disk-options" while IO is frozen drbd: fix print_st_err()'s prototype to match the definition IB/rxe: Make counters thread safe regulator: tps65910: fix a missing check of return value powerpc/83xx: handle machine check caused by watchdog timer powerpc/pseries: Fix node leak in update_lmb_associativity_index() crypto: mxc-scc - fix build warnings on ARM64 pwm: clps711x: Fix period calculation net/netlink_compat: Fix a missing check of nla_parse_nested net/net_namespace: Check the return value of register_pernet_subsys() f2fs: fix to dirty inode synchronously um: Make GCOV depend on !KCOV net: (cpts) fix a missing check of clk_prepare net: stmicro: fix a missing check of clk_prepare net: dsa: bcm_sf2: Propagate error value from mdio_write atl1e: checking the status of atl1e_write_phy_reg tipc: fix a missing check of genlmsg_put net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe() ocfs2: clear journal dirty flag after shutdown journal vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk lib/genalloc.c: use vzalloc_node() to allocate the bitmap fork: fix some -Wmissing-prototypes warnings drivers/base/platform.c: kmemleak ignore a known leak lib/genalloc.c: include vmalloc.h mtd: Check add_mtd_device() ret code tipc: fix memory leak in tipc_nl_compat_publ_dump net/core/neighbour: tell kmemleak about hash tables PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() net/core/neighbour: fix kmemleak minimal reference count for hash tables serial: 8250: Fix serial8250 initialization crash gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel decnet: fix DN_IFREQ_SIZE net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() blktrace: Show requests without sector tipc: fix skb may be leaky in tipc_link_input sfc: initialise found bitmap in efx_ef10_mtd_probe net: fix possible overflow in __sk_mem_raise_allocated() sctp: don't compare hb_timer expire date before starting it bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() net: dev: Use unsigned integer as an argument to left-shift kvm: properly check debugfs dentry before using it bpf: drop refcount if bpf_map_new_fd() fails in map_create() net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED iommu/amd: Fix NULL dereference bug in match_hid_uid apparmor: delete the dentry in aafs_remove() to avoid a leak scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery ACPI / APEI: Don't wait to serialise with oops messages when panic()ing ACPI / APEI: Switch estatus pool to use vmalloc memory scsi: libsas: Check SMP PHY control function result powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() mtd: Remove a debug trace in mtdpart.c mm, gup: add missing refcount overflow checks on s390 clk: at91: fix update bit maps on CFG_MOR write clk: at91: generated: set audio_pll_allowed in at91_clk_register_generated() staging: rtl8192e: fix potential use after free staging: rtl8723bs: Drop ACPI device ids staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P mei: bus: prefix device names on bus with the bus name xfrm: Fix memleak on xfrm state destroy media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE net: macb: fix error format in dev_err() pwm: Clear chip_data in pwm_put() media: atmel: atmel-isc: fix asd memory allocation media: atmel: atmel-isc: fix INIT_WORK misplacement macvlan: schedule bc_work even if error net: psample: fix skb_over_panic openvswitch: fix flow command message size slip: Fix use-after-free Read in slip_open openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() openvswitch: remove another BUG_ON() tipc: fix link name length check sctp: cache netns in sctp_ep_common net: sched: fix `tc -s class show` no bstats on class with nolock subqueues ext4: add more paranoia checking in ext4_expand_extra_isize handling watchdog: sama5d4: fix WDD value to be always set to max net: macb: Fix SUBNS increment and increase resolution net: macb driver, check for SKBTX_HW_TSTAMP mtd: rawnand: atmel: Fix spelling mistake in error message mtd: rawnand: atmel: fix possible object reference leak mtd: spi-nor: cast to u64 to avoid uint overflows y2038: futex: Move compat implementation into futex.c futex: Prevent robust futex exit race futex: Move futex exit handling into futex code futex: Replace PF_EXITPIDONE with a state exit/exec: Seperate mm_release() futex: Split futex_mm_release() for exit/exec futex: Set task::futex_state to DEAD right after handling futex exit futex: Mark the begin of futex exit explicitly futex: Sanitize exit state handling futex: Provide state handling for exec() as well futex: Add mutex around futex exit futex: Provide distinct return value when owner is exiting futex: Prevent exit livelock HID: core: check whether Usage Page item is after Usage ID items crypto: stm32/hash - Fix hmac issue more than 256 bytes media: stm32-dcmi: fix DMA corruption when stopping streaming hwrng: stm32 - fix unbalanced pm_runtime_enable mailbox: mailbox-test: fix null pointer if no mmio pinctrl: stm32: fix memory leak issue ASoC: stm32: i2s: fix dma configuration ASoC: stm32: i2s: fix 16 bit format support ASoC: stm32: i2s: fix IRQ clearing platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size net: fec: fix clock count mis-match Linux 4.14.158 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Chris Coulson
|
01dbfb2c74 |
apparmor: delete the dentry in aafs_remove() to avoid a leak
[ Upstream commit 201218e4d3dfa1346e30997f48725acce3f26d01 ] Although the apparmorfs dentries are always dropped from the dentry cache when the usage count drops to zero, there is no guarantee that this will happen in aafs_remove(), as another thread might still be using it. In this scenario, this means that the dentry will temporarily continue to appear in the results of lookups, even after the call to aafs_remove(). In the case of removal of a profile - it also causes simple_rmdir() on the profile directory to fail, as the directory won't be empty until the usage counts of all child dentries have decreased to zero. This results in the dentry for the profile directory leaking and appearing empty in the file system tree forever. Signed-off-by: Chris Coulson <chris.coulson@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
fe57a37b3f |
Merge 4.14.130 into android-4.14
Changes in 4.14.130
tracing: Silence GCC 9 array bounds warning
objtool: Support per-function rodata sections
gcc-9: silence 'address-of-packed-member' warning
net: phy: broadcom: Use strlcpy() for ethtool::get_strings
mmc: core: Prevent processing SDIO IRQs when the card is suspended
scsi: ufs: Avoid runtime suspend possibly being blocked forever
usb: chipidea: udc: workaround for endpoint conflict issue
IB/hfi1: Silence txreq allocation warnings
Input: synaptics - enable SMBus on ThinkPad E480 and E580
Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
apparmor: enforce nullbyte at end of tag string
ARC: fix build warnings
ARC: [plat-hsdk]: Add missing multicast filter bins number to GMAC node
ARC: [plat-hsdk]: Add missing FIFO size entry in GMAC node
parport: Fix mem leak in parport_register_dev_model
parisc: Fix compiler warnings in float emulation code
IB/rdmavt: Fix alloc_qpn() WARN_ON()
IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value
IB/hfi1: Validate page aligned for a given virtual address
MIPS: uprobes: remove set but not used variable 'epc'
xtensa: Fix section mismatch between memblock_reserve and mem_reserve
net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
net: hns: Fix loopback test failed at copper ports
mdesc: fix a missing-check bug in get_vdev_port_node_info()
sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported
net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is enabled
drm/arm/hdlcd: Actually validate CRTC modes
drm/arm/hdlcd: Allow a bit of clock tolerance
scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
scsi: ufs: Check that space was properly alloced in copy_query_response
scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous()
net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set
s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
hwmon: (core) add thermal sensors only if dev->of_node is present
hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
nvme: Fix u32 overflow in the number of namespace list calculation
btrfs: start readahead also in seed devices
can: flexcan: fix timeout when set small bitrate
can: purge socket error queue on sock destruct
powerpc/bpf: use unsigned division instruction for 64-bit operations
ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
ARM: dts: am57xx-idk: Remove support for voltage switching for SD card
Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
Bluetooth: Fix regression with minimum encryption key size alignment
SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
cfg80211: fix memory leak of wiphy device name
mac80211: drop robust management frames from unknown TA
mac80211: handle deauthentication/disassociation from TDLS peer
mac80211: Do not use stack memory with scatterlist for GMAC
Linux 4.14.130
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Jann Horn
|
4758984fa3 |
apparmor: enforce nullbyte at end of tag string
commit 8404d7a674c49278607d19726e0acc0cae299357 upstream.
A packed AppArmor policy contains null-terminated tag strings that are read
by unpack_nameX(). However, unpack_nameX() uses string functions on them
without ensuring that they are actually null-terminated, potentially
leading to out-of-bounds accesses.
Make sure that the tag string is null-terminated before passing it to
strcmp().
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
fd9e32a025 |
Merge 4.14.122 into android-4.14
Changes in 4.14.122 net: avoid weird emergency message net/mlx4_core: Change the error print to info print net: test nouarg before dereferencing zerocopy pointers net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions ppp: deflate: Fix possible crash in deflate_init tipc: switch order of device registration to fix a crash vsock/virtio: free packets during the socket release tipc: fix modprobe tipc failed after switch order of device registration vsock/virtio: Initialize core virtio vsock before registering the driver net: Always descend into dsa/ parisc: Export running_on_qemu symbol for modules parisc: Skip registering LED when running in QEMU parisc: Use PA_ASM_LEVEL in boot code parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code stm class: Fix channel free in stm output free path md: add mddev->pers to avoid potential NULL pointer dereference intel_th: msu: Fix single mode with IOMMU p54: drop device reference count if fails to enable device of: fix clang -Wunsequenced for be32_to_cpu() cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() media: ov6650: Fix sensor possibly not detected on probe Revert "cifs: fix memory leak in SMB2_read" NFS4: Fix v4.0 client state corruption when mount PNFS fallback to MDS if no deviceid found clk: hi3660: Mark clk_gate_ufs_subsys as critical clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider clk: rockchip: fix wrong clock definitions for rk3328 fuse: fix writepages on 32bit fuse: honor RLIMIT_FSIZE in fuse_file_fallocate iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 ceph: flush dirty inodes before proceeding with remount x86_64: Add gap to int3 to allow for call emulation x86_64: Allow breakpoints to emulate call instructions ftrace/x86_64: Emulate call function while updating in breakpoint handler tracing: Fix partial reading of trace event's id file memory: tegra: Fix integer overflow on tick value calculation perf intel-pt: Fix instructions sampling rate perf intel-pt: Fix improved sample timestamp perf intel-pt: Fix sample timestamp wrt non-taken branches objtool: Allow AR to be overridden with HOSTAR fbdev: sm712fb: fix brightness control on reboot, don't set SR30 fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75 fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM fbdev: sm712fb: fix support for 1024x768-16 mode fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken PCI: Mark Atheros AR9462 to avoid bus reset PCI: Factor out pcie_retrain_link() function PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum dm cache metadata: Fix loading discard bitset dm zoned: Fix zone report handling dm delay: fix a crash when invalid device is specified xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module vti4: ipip tunnel deregistration fixes. esp4: add length check for UDP encapsulation xfrm4: Fix uninitialized memory read in _decode_session4 power: supply: cpcap-battery: Fix division by zero securityfs: fix use-after-free on symlink traversal apparmorfs: fix use-after-free on symlink traversal mac80211: Fix kernel panic due to use of txq after free KVM: arm/arm64: Ensure vcpu target is unset on reset failure power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() sched/cpufreq: Fix kobject memleak x86/mm/mem_encrypt: Disable all instrumentation for early SME setup ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour perf bench numa: Add define for RUSAGE_THREAD if not present Revert "Don't jump to compute_result state from check_result state" md/raid: raid5 preserve the writeback action after the parity check driver core: Postpone DMA tear-down until after devres release for probe failure bpf: add map_lookup_elem_sys_only for lookups from syscall side bpf, lru: avoid messing with eviction heuristics upon syscall lookup btrfs: Honour FITRIM range constraints during free space trim fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough Linux 4.14.122 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Al Viro
|
ffbbe8e8bd |
apparmorfs: fix use-after-free on symlink traversal
[ Upstream commit f51dcd0f621caac5380ce90fbbeafc32ce4517ae ] symlink body shouldn't be freed without an RCU delay. Switch apparmorfs to ->destroy_inode() and use of call_rcu(); free both the inode and symlink body in the callback. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
8ed9bc6e64 |
Merge 4.14.106 into android-4.14
Changes in 4.14.106
cpufreq: Use struct kobj_attribute instead of struct global_attr
USB: serial: option: add Telit ME910 ECM composition
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
staging: comedi: ni_660x: fix missing break in switch statement
staging: wilc1000: fix to set correct value for 'vif_num'
staging: android: ion: fix sys heap pool's gfp_flags
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex
net-sysfs: Fix mem leak in netdev_register_kobject
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
team: Free BPF filter when unregistering netdev
tipc: fix RDM/DGRAM connect() regression
bnxt_en: Drop oversize TX packets to prevent errors.
geneve: correctly handle ipv6.disable module parameter
hv_netvsc: Fix IP header checksum for coalesced packets
net: dsa: mv88e6xxx: Fix u64 statistics
netlabel: fix out-of-bounds memory accesses
net: netem: fix skb length BUG_ON in __skb_to_sgvec
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
net: phy: phylink: fix uninitialized variable in phylink_get_mac_state
net: sit: fix memory leak in sit_init_net()
net: socket: set sock->sk to NULL after calling proto_ops::release()
xen-netback: don't populate the hash cache on XenBus disconnect
xen-netback: fix occasional leak of grant ref mappings under memory pressure
net: Add __icmp_send helper.
net: avoid use IPCB in cipso_v4_error
ipv4: Return error for RTA_VIA attribute
ipv6: Return error for RTA_VIA attribute
mpls: Return error for RTA_GATEWAY attribute
tun: fix blocking read
tun: remove unnecessary memory barrier
net: phy: Micrel KSZ8061: link failure after cable connect
net: dsa: mv88e6xxx: Fix statistics on mv88e6161
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
applicom: Fix potential Spectre v1 vulnerabilities
MIPS: irq: Allocate accurate order pages for irq stack
hugetlbfs: fix races and page leaks during migration
xtensa: fix get_wchan
Bluetooth: Fix locking in bt_accept_enqueue() for BH context
exec: Fix mem leak in kernel_read_file
scsi: core: reset host byte in DID_NEXUS_FAILURE case
media: uvcvideo: Fix 'type' check leading to overflow
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
perf core: Fix perf_proc_update_handler() bug
perf tools: Handle TOPOLOGY headers with no CPU
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
iommu/amd: Call free_iova_fast with pfn in map_sg
iommu/amd: Unmap all mapped pages in error path of map_sg
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Fix IOMMU page flush when detach device from a domain
xtensa: SMP: fix ccount_timer_shutdown
selftests: cpu-hotplug: fix case where CPUs offline > CPUs present
xtensa: SMP: fix secondary CPU initialization
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: mark each possible CPU as present
xtensa: SMP: limit number of possible CPUs by NR_CPUS
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
net: hns: Fix for missing of_node_put() after of_parse_phandle()
net: hns: Restart autoneg need return failed when autoneg off
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
gpio: vf610: Mask all GPIO interrupts
selftests: timers: use LDLIBS instead of LDFLAGS
nfs: Fix NULL pointer dereference of dev_name
qed: Fix bug in tx promiscuous mode settings
qed: Fix LACP pdu drops for VFs
qed: Fix VF probe failure while FLR
qed: Fix system crash in ll2 xmit
qed: Fix stack out of bounds bug
scsi: libfc: free skb when receiving invalid flogi resp
scsi: 53c700: pass correct "dev" to dma_alloc_attrs()
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
cifs: fix computation for MAX_SMB2_HDR_SIZE
x86/microcode/amd: Don't falsely trick the late loading mechanism
arm64: kprobe: Always blacklist the KVM world-switch code
apparmor: Fix aa_label_build() error handling for failed merges
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
x86_64: increase stack size for KASAN_EXTRA
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
lib/test_kmod.c: potential double free in error handling
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
autofs: drop dentry reference only when it is never used
autofs: fix error return in autofs_fill_super()
ARM: dts: omap4-droid4: Fix typo in cpcap IRQ flags
arm64: dts: renesas: r8a7796: Enable DMA for SCIF2
soc: fsl: qbman: avoid race in clearing QMan interrupt
bpf: sock recvbuff must be limited by rmem_max in bpf_setsockopt()
ARM: pxa: ssp: unneeded to free devm_ allocated data
arm64: dts: add msm8996 compatible to gicv3
DTS: CI20: Fix bugs in ci20's device tree.
usb: phy: fix link errors
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
net: stmmac: Fallback to Platform Data clock in Watchdog conversion
net: stmmac: Send TSO packets always from Queue 0
net: stmmac: Disable EEE mode earlier in XMIT callback
irqchip/gic-v3-its: Fix ITT_entry_size accessor
relay: check return of create_buf_file() properly
bpf, selftests: fix handling of sparse CPU allocations
bpf: fix lockdep false positive in percpu_freelist
drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
vsock/virtio: fix kernel panic after device hot-unplug
vsock/virtio: reset connected sockets on device removal
dmaengine: dmatest: Abort test in case of mapping error
selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET
selftests: netfilter: add simple masq/redirect test cases
netfilter: nf_nat: skip nat clash resolution for same-origin entries
s390/qeth: fix use-after-free in error path
perf symbols: Filter out hidden symbols from labels
perf trace: Support multiple "vfs_getname" probes
MIPS: Remove function size check in get_frame_info()
i2c: omap: Use noirq system sleep pm ops to idle device for suspend
fs: ratelimit __find_get_block_slow() failure message.
qed: Fix EQ full firmware assert.
qed: Consider TX tcs while deriving the max num_queues for PF.
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
iscsi_ibft: Fix missing break in switch statement
scsi: aacraid: Fix missing break in switch statement
arm64: dts: hikey: Give wifi some time after power-on
ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
drm: disable uncached DMA optimization for ARM and arm64
ARM: 8781/1: Fix Thumb-2 syscall return for binutils 2.29+
gfs2: Fix missed wakeups in find_insert_glock
ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom
driver core: Postpone DMA tear-down until after devres release
perf/x86/intel: Make cpuc allocations consistent
perf/x86/intel: Generalize dynamic constraint creation
x86: Add TSX Force Abort CPUID/MSR
perf/x86/intel: Implement support for TSX Force Abort
Linux 4.14.106
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
John Johansen
|
865c798a37 |
apparmor: Fix aa_label_build() error handling for failed merges
[ Upstream commit d6d478aee003e19ef90321176552a8ad2929a47f ] aa_label_merge() can return NULL for memory allocations failures make sure to handle and set the correct error in this case. Reported-by: Peng Hao <peng.hao2@zte.com.cn> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
0e1d81608a |
Merge 4.14.84 into android-4.14
Changes in 4.14.84 cifs: don't dereference smb_file_target before null check cifs: fix return value for cifs_listxattr arm64: kprobe: make page to RO mode when allocate it ixgbe: fix MAC anti-spoofing filter after VFLR reiserfs: propagate errors from fill_with_dentries() properly hfs: prevent btree data loss on root split hfsplus: prevent btree data loss on root split um: Give start_idle_thread() a return code drm/edid: Add 6 bpc quirk for BOE panel. platform/x86: intel_telemetry: report debugfs failure clk: fixed-rate: fix of_node_get-put imbalance perf symbols: Set PLT entry/header sizes properly on Sparc fs/exofs: fix potential memory leak in mount option parsing clk: samsung: exynos5420: Enable PERIS clocks for suspend apparmor: Fix uninitialized value in aa_split_fqname x86/earlyprintk: Add a force option for pciserial device platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 arm64: percpu: Initialize ret in the default case s390/vdso: add missing FORCE to build targets netfilter: ipset: list:set: Decrease refcount synchronously on deletion and replace netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net s390/mm: Fix ERROR: "__node_distance" undefined! netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() netfilter: xt_IDLETIMER: add sysfs filename checking routine s390/qeth: fix HiperSockets sniffer hwmon: (ibmpowernv) Remove bogus __init annotations Revert "drm/exynos/decon5433: implement frame counter" clk: fixed-factor: fix of_node_get-put imbalance lib/raid6: Fix arm64 test build s390/perf: Change CPUM_CF return code in event init function sched/core: Take the hotplug lock in sched_init_smp() perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so i40e: restore NETIF_F_GSO_IPXIP[46] to netdev features qed: Fix memory/entry leak in qed_init_sp_request() qed: Fix blocking/unlimited SPQ entries leak qed: Fix potential memory corruption net: stmmac: Fix RX packet size > 8191 zram: close udev startup race condition as default groups SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM perf machine: Add machine__is() to identify machine arch perf tools: Fix kernel_start for PTI on x86 perf machine: Add nr_cpus_avail() perf machine: Workaround missing maps for x86 PTI entry trampolines perf test code-reading: Fix perf_env setup for PTI entry trampolines x86/mm: Move LDT remap out of KASLR region on 5-level paging x86/ldt: Unmap PTEs for the slot before freeing LDT pages media: v4l: event: Add subscription to list before calling "add" operation MIPS: OCTEON: cavium_octeon_defconfig: re-enable OCTEON USB driver uio: Fix an Oops on load usb: cdc-acm: add entry for Hiro (Conexant) modem USB: quirks: Add no-lpm quirk for Raydium touchscreens usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data USB: misc: appledisplay: add 20" Apple Cinema Display drivers/misc/sgi-gru: fix Spectre v1 vulnerability ACPI / platform: Add SMB0001 HID to forbidden_id_list HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges libceph: fall back to sendmsg for slab pages Linux 4.14.84 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Zubin Mithra
|
d0a636aa44 |
apparmor: Fix uninitialized value in aa_split_fqname
[ Upstream commit 250f2da49cb8e582215a65c03f50e8ddf5cd119c ]
Syzkaller reported a OOB-read with the stacktrace below. This occurs
inside __aa_lookupn_ns as `n` is not initialized. `n` is obtained from
aa_splitn_fqname. In cases where `name` is invalid, aa_splitn_fqname
returns without initializing `ns_name` and `ns_len`.
Fix this by always initializing `ns_name` and `ns_len`.
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412
__asan_report_load1_noabort+0x14/0x20 mm/kasan/report.c:430
memcmp+0xe3/0x160 lib/string.c:861
strnstr+0x4b/0x70 lib/string.c:934
__aa_lookupn_ns+0xc1/0x570 security/apparmor/policy_ns.c:209
aa_lookupn_ns+0x88/0x1e0 security/apparmor/policy_ns.c:240
aa_fqlookupn_profile+0x1b9/0x1010 security/apparmor/policy.c:468
fqlookupn_profile+0x80/0xc0 security/apparmor/label.c:1844
aa_label_strn_parse+0xa3a/0x1230 security/apparmor/label.c:1908
aa_label_parse+0x42/0x50 security/apparmor/label.c:1943
aa_change_profile+0x513/0x3510 security/apparmor/domain.c:1362
apparmor_setprocattr+0xaa4/0x1150 security/apparmor/lsm.c:658
security_setprocattr+0x66/0xc0 security/security.c:1298
proc_pid_attr_write+0x301/0x540 fs/proc/base.c:2555
__vfs_write+0x119/0x9f0 fs/read_write.c:485
vfs_write+0x1fc/0x560 fs/read_write.c:549
ksys_write+0x101/0x260 fs/read_write.c:598
__do_sys_write fs/read_write.c:610 [inline]
__se_sys_write fs/read_write.c:607 [inline]
__x64_sys_write+0x73/0xb0 fs/read_write.c:607
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes:
|
||
|
Kees Cook
|
549b203743 |
UPSTREAM: treewide: Fix function prototypes for module_param_call()
Several function prototypes for the set/get functions defined by
module_param_call() have a slightly wrong argument types. This fixes
those in an effort to clean up the calls when running under type-enforced
compiler instrumentation for CFI. This is the result of running the
following semantic patch:
@match_module_param_call_function@
declarer name module_param_call;
identifier _name, _set_func, _get_func;
expression _arg, _mode;
@@
module_param_call(_name, _set_func, _get_func, _arg, _mode);
@fix_set_prototype
depends on match_module_param_call_function@
identifier match_module_param_call_function._set_func;
identifier _val, _param;
type _val_type, _param_type;
@@
int _set_func(
-_val_type _val
+const char * _val
,
-_param_type _param
+const struct kernel_param * _param
) { ... }
@fix_get_prototype
depends on match_module_param_call_function@
identifier match_module_param_call_function._get_func;
identifier _val, _param;
type _val_type, _param_type;
@@
int _get_func(
-_val_type _val
+char * _val
,
-_param_type _param
+const struct kernel_param * _param
) { ... }
Two additional by-hand changes are included for places where the above
Coccinelle script didn't notice them:
drivers/platform/x86/thinkpad_acpi.c
fs/lockd/svc.c
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Bug: 67506682
Change-Id: I2c9c0ee8ed28065e63270a52c155e5e7d2791295
(cherry picked from commit e4dca7b7aa08b22893c45485d222b5807c1375ae)
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
|
||
|
John Johansen
|
54b990ede4 |
apparmor: fix resource audit messages when auditing peer
commit b5beb07ad32ab533027aa988d96a44965ec116f7 upstream.
Resource auditing is using the peer field which is not available
when the rlim data struct is used, because it is a different element
of the same union. Accessing peer during resource auditing could
cause garbage log entries or even oops the kernel.
Move the rlim data block into the same struct as the peer field
so they can be used together.
CC: <stable@vger.kernel.org>
Fixes:
|
||
|
John Johansen
|
a0358f6052 |
apparmor: fix display of .ns_name for containers
commit 040d9e2bce0a5b321c402b79ee43a8e8d2fd3b06 upstream.
The .ns_name should not be virtualized by the current ns view. It
needs to report the ns base name as that is being used during startup
as part of determining apparmor policy namespace support.
BugLink: http://bugs.launchpad.net/bugs/1746463
Fixes:
|
||
|
John Johansen
|
1d0d8beb35 |
apparmor: fix logging of the existence test for signals
commit 98cf5bbff413eadf1b9cb195a7b80cc61c72a50e upstream.
The existence test is not being properly logged as the signal mapping
maps it to the last entry in the named signal table. This is done
to help catch bugs by making the 0 mapped signal value invalid so
that we can catch the signal value not being filled in.
When fixing the off-by-one comparision logic the reporting of the
existence test was broken, because the logic behind the mapped named
table was hidden. Fix this by adding a define for the name lookup
and using it.
Cc: Stable <stable@vger.kernel.org>
Fixes:
|
||
|
John Johansen
|
233363fd02 |
apparmor: fix ptrace label match when matching stacked labels
commit 0dda0b3fb255048a221f736c8a2a24c674da8bf3 upstream.
Given a label with a profile stack of
A//&B or A//&C ...
A ptrace rule should be able to specify a generic trace pattern with
a rule like
ptrace trace A//&**,
however this is failing because while the correct label match routine
is called, it is being done post label decomposition so it is always
being done against a profile instead of the stacked label.
To fix this refactor the cross check to pass the full peer label in to
the label_match.
Fixes:
|
||
|
John Johansen
|
f5edee88ad |
apparmor: fix regression in mount mediation when feature set is pinned
commit 5b9f57cf47b87f07210875d6a24776b4496b818d upstream.
When the mount code was refactored for Labels it was not correctly
updated to check whether policy supported mediation of the mount
class. This causes a regression when the kernel feature set is
reported as supporting mount and policy is pinned to a feature set
that does not support mount mediation.
BugLink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882697#41
Fixes:
|
||
|
John Johansen
|
897088926c |
apparmor: fix leak of null profile name if profile allocation fails
[ Upstream commit 4633307e5ed6128975595df43f796a10c41d11c1 ]
Fixes:
|
||
|
John Johansen
|
69af22696b |
apparmor: fix oops in audit_signal_cb hook
commit b12cbb21586277f72533769832c24cc6c1d60ab3 upstream. The apparmor_audit_data struct ordering got messed up during a merge conflict, resulting in the signal integer and peer pointer being in a union instead of a struct. For most of the 4.13 and 4.14 life cycle, this was hidden by commit |
||
|
John Johansen
|
f7dc4c9a85 |
apparmor: fix off-by-one comparison on MAXMAPPED_SIG
This came in yesterday, and I have verified our regression tests
were missing this and it can cause an oops. Please apply.
There is a an off-by-one comparision on sig against MAXMAPPED_SIG
that can lead to a read outside the sig_map array if sig
is MAXMAPPED_SIG. Fix this.
Verified that the check is an out of bounds case that can cause an oops.
Revised: add comparison fix to second case
Fixes:
|
||
|
Linus Torvalds
|
ead751507d |
Merge tag 'spdx_identifiers-4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Pull initial SPDX identifiers from Greg KH:
"License cleanup: add SPDX license identifiers to some files
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the
'GPL-2.0' SPDX license identifier. The SPDX identifier is a legally
binding shorthand, which can be used instead of the full boiler plate
text.
This patch is based on work done by Thomas Gleixner and Kate Stewart
and Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset
of the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to
license had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied
to a file was done in a spreadsheet of side by side results from of
the output of two independent scanners (ScanCode & Windriver)
producing SPDX tag:value files created by Philippe Ombredanne.
Philippe prepared the base worksheet, and did an initial spot review
of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537
files assessed. Kate Stewart did a file by file comparison of the
scanner results in the spreadsheet to determine which SPDX license
identifier(s) to be applied to the file. She confirmed any
determination that was not immediately clear with lawyers working with
the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained
>5 lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that
was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that
became the concluded license(s).
- when there was disagreement between the two scanners (one detected
a license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply
(and which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases,
confirmation by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights.
The Windriver scanner is based on an older version of FOSSology in
part, so they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot
checks in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect
the correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial
patch version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch
license was not GPL-2.0 WITH Linux-syscall-note to ensure that the
applied SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
* tag 'spdx_identifiers-4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
License cleanup: add SPDX license identifier to uapi header files with a license
License cleanup: add SPDX license identifier to uapi header files with no license
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
|
||
|
Greg Kroah-Hartman
|
b24413180f |
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which makes it harder for compliance tools to determine the correct license. By default all files without license information are under the default license of the kernel, which is GPL version 2. Update the files which contain no license information with the 'GPL-2.0' SPDX license identifier. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. This patch is based on work done by Thomas Gleixner and Kate Stewart and Philippe Ombredanne. How this work was done: Patches were generated and checked against linux-4.14-rc6 for a subset of the use cases: - file had no licensing information it it. - file was a */uapi/* one with no licensing information in it, - file was a */uapi/* one with existing licensing information, Further patches will be generated in subsequent months to fix up cases where non-standard license headers were used, and references to license had to be inferred by heuristics based on keywords. The analysis to determine which SPDX License Identifier to be applied to a file was done in a spreadsheet of side by side results from of the output of two independent scanners (ScanCode & Windriver) producing SPDX tag:value files created by Philippe Ombredanne. Philippe prepared the base worksheet, and did an initial spot review of a few 1000 files. The 4.13 kernel was the starting point of the analysis with 60,537 files assessed. Kate Stewart did a file by file comparison of the scanner results in the spreadsheet to determine which SPDX license identifier(s) to be applied to the file. She confirmed any determination that was not immediately clear with lawyers working with the Linux Foundation. Criteria used to select files for SPDX license identifier tagging was: - Files considered eligible had to be source code files. - Make and config files were included as candidates if they contained >5 lines of source - File already had some variant of a license header in it (even if <5 lines). All documentation files were explicitly excluded. The following heuristics were used to determine which SPDX license identifiers to apply. - when both scanners couldn't find any license traces, file was considered to have no license information in it, and the top level COPYING file license applied. For non */uapi/* files that summary was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 11139 and resulted in the first patch in this series. If that file was a */uapi/* path one, it was "GPL-2.0 WITH Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 WITH Linux-syscall-note 930 and resulted in the second patch in this series. - if a file had some form of licensing information in it, and was one of the */uapi/* ones, it was denoted with the Linux-syscall-note if any GPL family license was found in the file or had no licensing in it (per prior point). Results summary: SPDX license identifier # files ---------------------------------------------------|------ GPL-2.0 WITH Linux-syscall-note 270 GPL-2.0+ WITH Linux-syscall-note 169 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17 LGPL-2.1+ WITH Linux-syscall-note 15 GPL-1.0+ WITH Linux-syscall-note 14 ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5 LGPL-2.0+ WITH Linux-syscall-note 4 LGPL-2.1 WITH Linux-syscall-note 3 ((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3 ((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1 and that resulted in the third patch in this series. - when the two scanners agreed on the detected license(s), that became the concluded license(s). - when there was disagreement between the two scanners (one detected a license but the other didn't, or they both detected different licenses) a manual inspection of the file occurred. - In most cases a manual inspection of the information in the file resulted in a clear resolution of the license that should apply (and which scanner probably needed to revisit its heuristics). - When it was not immediately clear, the license identifier was confirmed with lawyers working with the Linux Foundation. - If there was any question as to the appropriate license identifier, the file was flagged for further research and to be revisited later in time. In total, over 70 hours of logged manual review was done on the spreadsheet to determine the SPDX license identifiers to apply to the source files by Kate, Philippe, Thomas and, in some cases, confirmation by lawyers working with the Linux Foundation. Kate also obtained a third independent scan of the 4.13 code base from FOSSology, and compared selected files where the other two scanners disagreed against that SPDX file, to see if there was new insights. The Windriver scanner is based on an older version of FOSSology in part, so they are related. Thomas did random spot checks in about 500 files from the spreadsheets for the uapi headers and agreed with SPDX license identifier in the files he inspected. For the non-uapi files Thomas did random spot checks in about 15000 files. In initial set of patches against 4.14-rc6, 3 files were found to have copy/paste license identifier errors, and have been fixed to reflect the correct identifier. Additionally Philippe spent 10 hours this week doing a detailed manual inspection and review of the 12,461 patched files from the initial patch version early this week with: - a full scancode scan run, collecting the matched texts, detected license ids and scores - reviewing anything where there was a license detected (about 500+ files) to ensure that the applied SPDX license was correct - reviewing anything where there was no detection but the patch license was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied SPDX license was correct This produced a worksheet with 20 files needing minor correction. This worksheet was then exported into 3 different .csv files for the different types of files to be modified. These .csv files were then reviewed by Greg. Thomas wrote a script to parse the csv files and add the proper SPDX tag to the file, in the format that the file expected. This script was further refined by Greg based on the output to detect more types of files automatically and to distinguish between header and source .c files (which need different comment types.) Finally Greg ran the script using the .csv files to generate the patches. Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Linus Torvalds
|
80c094a47d |
Revert "apparmor: add base infastructure for socket mediation"
This reverts commit
|
||
|
Linus Torvalds
|
79444df4e7 |
Merge tag 'apparmor-pr-2017-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
Pull apparmor updates from John Johansen:
"This is the apparmor pull request, similar to SELinux and seccomp.
It's the same series that I was sent to James' security tree + one
regression fix that was found after the series was sent to James and
would have been sent for v4.14-rc2.
Features:
- in preparation for secid mapping add support for absolute root view
based labels
- add base infastructure for socket mediation
- add mount mediation
- add signal mediation
minor cleanups and changes:
- be defensive, ensure unconfined profiles have dfas initialized
- add more debug asserts to apparmorfs
- enable policy unpacking to audit different reasons for failure
- cleanup conditional check for label in label_print
- Redundant condition: prev_ns. in [label.c:1498]
Bug Fixes:
- fix regression in apparmorfs DAC access permissions
- fix build failure on sparc caused by undeclared signals
- fix sparse report of incorrect type assignment when freeing label proxies
- fix race condition in null profile creation
- Fix an error code in aafs_create()
- Fix logical error in verify_header()
- Fix shadowed local variable in unpack_trans_table()"
* tag 'apparmor-pr-2017-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
apparmor: fix apparmorfs DAC access permissions
apparmor: fix build failure on sparc caused by undeclared signals
apparmor: fix incorrect type assignment when freeing proxies
apparmor: ensure unconfined profiles have dfas initialized
apparmor: fix race condition in null profile creation
apparmor: move new_null_profile to after profile lookup fns()
apparmor: add base infastructure for socket mediation
apparmor: add more debug asserts to apparmorfs
apparmor: make policy_unpack able to audit different info messages
apparmor: add support for absolute root view based labels
apparmor: cleanup conditional check for label in label_print
apparmor: add mount mediation
apparmor: add the ability to mediate signals
apparmor: Redundant condition: prev_ns. in [label.c:1498]
apparmor: Fix an error code in aafs_create()
apparmor: Fix logical error in verify_header()
apparmor: Fix shadowed local variable in unpack_trans_table()
|
||
|
John Johansen
|
bf81100f63 |
apparmor: fix apparmorfs DAC access permissions
The DAC access permissions for several apparmorfs files are wrong.
.access - needs to be writable by all tasks to perform queries
the others in the set only provide a read fn so should be read only.
With policy namespace virtualization all apparmor needs to control
the permission and visibility checks directly which means DAC
access has to be allowed for all user, group, and other.
BugLink: http://bugs.launchpad.net/bugs/1713103
Fixes:
|
||
|
John Johansen
|
b1545dba09 |
apparmor: fix build failure on sparc caused by undeclared signals
In file included from security/apparmor/ipc.c:23:0:
security/apparmor/include/sig_names.h:26:3: error: 'SIGSTKFLT' undeclared here (not in a function)
[SIGSTKFLT] = 16, /* -, 16, - */
^
security/apparmor/include/sig_names.h:26:3: error: array index in initializer not of integer type
security/apparmor/include/sig_names.h:26:3: note: (near initialization for 'sig_map')
security/apparmor/include/sig_names.h:51:3: error: 'SIGUNUSED' undeclared here (not in a function)
[SIGUNUSED] = 34, /* -, 31, - */
^
security/apparmor/include/sig_names.h:51:3: error: array index in initializer not of integer type
security/apparmor/include/sig_names.h:51:3: note: (near initialization for 'sig_map')
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Fixes: c6bf1adaecaa ("apparmor: add the ability to mediate signals")
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
||
|
John Johansen
|
bc4d82fb94 |
apparmor: fix incorrect type assignment when freeing proxies
sparse reports poisoning the proxy->label before freeing the struct is resulting in a sparse build warning. ../security/apparmor/label.c:52:30: warning: incorrect type in assignment (different address spaces) ../security/apparmor/label.c:52:30: expected struct aa_label [noderef] <asn:4>*label ../security/apparmor/label.c:52:30: got struct aa_label *<noident> fix with RCU_INIT_POINTER as this is one of those cases where rcu_assign_pointer() is not needed. Signed-off-by: John Johansen <john.johansen@canonical.com> |
||
|
John Johansen
|
15372b97aa |
apparmor: ensure unconfined profiles have dfas initialized
Generally unconfined has early bailout tests and does not need the dfas initialized, however if an early bailout test is ever missed it will result in an oops. Be defensive and initialize the unconfined profile to have null dfas (no permission) so if an early bailout test is missed we fail closed (no perms granted) instead of oopsing. Signed-off-by: John Johansen <john.johansen@canonical.com> |
||
|
John Johansen
|
290638a52a |
apparmor: fix race condition in null profile creation
There is a race when null- profile is being created between the initial lookup/creation of the profile and lock/addition of the profile. This could result in multiple version of a profile being added to the list which need to be removed/replaced. Since these are learning profile their is no affect on mediation. Signed-off-by: John Johansen <john.johansen@canonical.com> |
||
|
John Johansen
|
d07881d2ed |
apparmor: move new_null_profile to after profile lookup fns()
new_null_profile will need to use some of the profile lookup fns() so move instead of doing forward fn declarations. Signed-off-by: John Johansen <john.johansen@canonical.com> |
||
|
John Johansen
|
651e28c553 |
apparmor: add base infastructure for socket mediation
Provide a basic mediation of sockets. This is not a full net mediation
but just whether a spcific family of socket can be used by an
application, along with setting up some basic infrastructure for
network mediation to follow.
the user space rule hav the basic form of
NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
[ TYPE | PROTOCOL ]
DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
'vsock' | 'mpls' | 'ib' | 'kcm' ) ','
TYPE = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' |
'packet' )
PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )
eg.
network,
network inet,
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
||
|
John Johansen
|
cbf2d0e1a9 |
apparmor: add more debug asserts to apparmorfs
Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> |
||
|
John Johansen
|
2410aa96d6 |
apparmor: make policy_unpack able to audit different info messages
Switch unpack auditing to using the generic name field in the audit struct and make it so we can start adding new info messages about why an unpack failed. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> |
||
|
John Johansen
|
26b7899510 |
apparmor: add support for absolute root view based labels
With apparmor policy virtualization based on policy namespace View's we don't generally want/need absolute root based views, however there are cases like debugging and some secid based conversions where using a root based view is important. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> |
||
|
John Johansen
|
f872af75d3 |
apparmor: cleanup conditional check for label in label_print
Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> |
||
|
John Johansen
|
2ea3ffb778 |
apparmor: add mount mediation
Add basic mount mediation. That allows controlling based on basic
mount parameters. It does not include special mount parameters for
apparmor, super block labeling, or any triggers for apparmor namespace
parameter modifications on pivot root.
default userspace policy rules have the form of
MOUNT RULE = ( MOUNT | REMOUNT | UMOUNT )
MOUNT = [ QUALIFIERS ] 'mount' [ MOUNT CONDITIONS ] [ SOURCE FILEGLOB ]
[ '->' MOUNTPOINT FILEGLOB ]
REMOUNT = [ QUALIFIERS ] 'remount' [ MOUNT CONDITIONS ]
MOUNTPOINT FILEGLOB
UMOUNT = [ QUALIFIERS ] 'umount' [ MOUNT CONDITIONS ] MOUNTPOINT FILEGLOB
MOUNT CONDITIONS = [ ( 'fstype' | 'vfstype' ) ( '=' | 'in' )
MOUNT FSTYPE EXPRESSION ]
[ 'options' ( '=' | 'in' ) MOUNT FLAGS EXPRESSION ]
MOUNT FSTYPE EXPRESSION = ( MOUNT FSTYPE LIST | MOUNT EXPRESSION )
MOUNT FSTYPE LIST = Comma separated list of valid filesystem and
virtual filesystem types (eg ext4, debugfs, etc)
MOUNT FLAGS EXPRESSION = ( MOUNT FLAGS LIST | MOUNT EXPRESSION )
MOUNT FLAGS LIST = Comma separated list of MOUNT FLAGS.
MOUNT FLAGS = ( 'ro' | 'rw' | 'nosuid' | 'suid' | 'nodev' | 'dev' |
'noexec' | 'exec' | 'sync' | 'async' | 'remount' |
'mand' | 'nomand' | 'dirsync' | 'noatime' | 'atime' |
'nodiratime' | 'diratime' | 'bind' | 'rbind' | 'move' |
'verbose' | 'silent' | 'loud' | 'acl' | 'noacl' |
'unbindable' | 'runbindable' | 'private' | 'rprivate' |
'slave' | 'rslave' | 'shared' | 'rshared' |
'relatime' | 'norelatime' | 'iversion' | 'noiversion' |
'strictatime' | 'nouser' | 'user' )
MOUNT EXPRESSION = ( ALPHANUMERIC | AARE ) ...
PIVOT ROOT RULE = [ QUALIFIERS ] pivot_root [ oldroot=OLD PUT FILEGLOB ]
[ NEW ROOT FILEGLOB ]
SOURCE FILEGLOB = FILEGLOB
MOUNTPOINT FILEGLOB = FILEGLOB
eg.
mount,
mount /dev/foo,
mount options=ro /dev/foo -> /mnt/,
mount options in (ro,atime) /dev/foo -> /mnt/,
mount options=ro options=atime,
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
||
|
John Johansen
|
cd1dbf76b2 |
apparmor: add the ability to mediate signals
Add signal mediation where the signal can be mediated based on the
signal, direction, or the label or the peer/target. The signal perms
are verified on a cross check to ensure policy consistency in the case
of incremental policy load/replacement.
The optimization of skipping the cross check when policy is guaranteed
to be consistent (single compile unit) remains to be done.
policy rules have the form of
SIGNAL_RULE = [ QUALIFIERS ] 'signal' [ SIGNAL ACCESS PERMISSIONS ]
[ SIGNAL SET ] [ SIGNAL PEER ]
SIGNAL ACCESS PERMISSIONS = SIGNAL ACCESS | SIGNAL ACCESS LIST
SIGNAL ACCESS LIST = '(' Comma or space separated list of SIGNAL
ACCESS ')'
SIGNAL ACCESS = ( 'r' | 'w' | 'rw' | 'read' | 'write' | 'send' |
'receive' )
SIGNAL SET = 'set' '=' '(' SIGNAL LIST ')'
SIGNAL LIST = Comma or space separated list of SIGNALS
SIGNALS = ( 'hup' | 'int' | 'quit' | 'ill' | 'trap' | 'abrt' |
'bus' | 'fpe' | 'kill' | 'usr1' | 'segv' | 'usr2' |
'pipe' | 'alrm' | 'term' | 'stkflt' | 'chld' | 'cont' |
'stop' | 'stp' | 'ttin' | 'ttou' | 'urg' | 'xcpu' |
'xfsz' | 'vtalrm' | 'prof' | 'winch' | 'io' | 'pwr' |
'sys' | 'emt' | 'exists' | 'rtmin+0' ... 'rtmin+32'
)
SIGNAL PEER = 'peer' '=' AARE
eg.
signal, # allow all signals
signal send set=(hup, kill) peer=foo,
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
||
|
John Johansen
|
c5561700c9 |
apparmor: Redundant condition: prev_ns. in [label.c:1498]
Reported-by: David Binderman <dcb314@hotmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com> |
||
|
Dan Carpenter
|
5d314a81ec |
apparmor: Fix an error code in aafs_create()
We accidentally forgot to set the error code on this path. It means we return NULL instead of an error pointer. I looked through a bunch of callers and I don't think it really causes a big issue, but the documentation says we're supposed to return error pointers here. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: John Johansen <john.johansen@canonical.com> |
||
|
Christos Gkekas
|
86aea56f14 |
apparmor: Fix logical error in verify_header()
verify_header() is currently checking whether interface version is less than 5 *and* greater than 7, which always evaluates to false. Instead it should check whether it is less than 5 *or* greater than 7. Signed-off-by: Christos Gkekas <chris.gekas@gmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com> |