When public_key_verify_signature() is called from
asymmetric_key_verify_signature(), the pkey_algo field of struct
public_key_signature will be NULL, which causes a NULL pointer dereference
in the strcmp() check. Fix this by adding a NULL check.
One visible manifestation of this is that userspace programs (such as the
'iwd' WiFi daemon) will be killed when trying to verify a TLS key using the
keyctl(2) interface.
Cc: stable(a)vger.kernel.org
Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification")
Signed-off-by: Toke Høiland-Jørgensen <toke(a)redhat.com>
---
crypto/asymmetric_keys/public_key.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 8892908ad58c..35b09e95a870 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -356,7 +356,7 @@ int public_key_verify_signature(const struct public_key *pkey,
if (ret)
goto error_free_key;
- if (strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) {
+ if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) {
ret = cert_sig_digest_update(sig, tfm);
if (ret)
goto error_free_key;
--
2.30.0
This is the start of the stable review cycle for the 4.14.217 release.
There are 50 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sun, 24 Jan 2021 13:57:23 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.217-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.14.217-rc1
Michael Hennerich <michael.hennerich(a)analog.com>
spi: cadence: cache reference clock rate during probe
Aya Levin <ayal(a)nvidia.com>
net: ipv6: Validate GSO SKB before finish IPv6 processing
Jason A. Donenfeld <Jason(a)zx2c4.com>
net: skbuff: disambiguate argument and member for skb_list_walk_safe helper
Jason A. Donenfeld <Jason(a)zx2c4.com>
net: introduce skb_list_walk_safe for skb segment walking
Edward Cree <ecree(a)solarflare.com>
net: use skb_list_del_init() to remove from RX sublists
Hoang Le <hoang.h.le(a)dektech.com.au>
tipc: fix NULL deref in tipc_link_xmit()
David Howells <dhowells(a)redhat.com>
rxrpc: Fix handling of an unsupported token type in rxrpc_read()
Eric Dumazet <edumazet(a)google.com>
net: avoid 32 x truesize under-estimation for tiny skbs
Jakub Kicinski <kuba(a)kernel.org>
net: sit: unregister_netdevice on newlink's error path
David Wu <david.wu(a)rock-chips.com>
net: stmmac: Fixed mtu channged by cache aligned
Petr Machata <petrm(a)nvidia.com>
net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
Petr Machata <me(a)pmachata.org>
net: dcb: Validate netlink message in DCB handler
Willem de Bruijn <willemb(a)google.com>
esp: avoid unneeded kmap_atomic call
Andrey Zhizhikin <andrey.zhizhikin(a)leica-geosystems.com>
rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
Manish Chopra <manishc(a)marvell.com>
netxen_nic: fix MSI/MSI-x interrupts
J. Bruce Fields <bfields(a)redhat.com>
nfsd4: readdirplus shouldn't return parent of export
Will Deacon <will(a)kernel.org>
compiler.h: Raise minimum version of GCC to 5.1 for arm64
Hamish Martin <hamish.martin(a)alliedtelesis.co.nz>
usb: ohci: Make distrust_firmware param default to false
Jesper Dangaard Brouer <brouer(a)redhat.com>
netfilter: conntrack: fix reading nf_conntrack_buckets
Geert Uytterhoeven <geert+renesas(a)glider.be>
ALSA: fireface: Fix integer overflow in transmit_midi_msg()
Geert Uytterhoeven <geert+renesas(a)glider.be>
ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
Mike Snitzer <snitzer(a)redhat.com>
dm: eliminate potential source of excessive kernel log noise
j.nixdorf(a)avm.de <j.nixdorf(a)avm.de>
net: sunrpc: interpret the return value of kstrtou32 correctly
Jann Horn <jannh(a)google.com>
mm, slub: consider rest of partial list if acquire_slab() fails
Dinghao Liu <dinghao.liu(a)zju.edu.cn>
RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
Jan Kara <jack(a)suse.cz>
ext4: fix superblock checksum failure when setting password salt
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: nfs_igrab_and_active must first reference the superblock
Trond Myklebust <trond.myklebust(a)hammerspace.com>
pNFS: Mark layout for return if return-on-close was not sent
Dave Wysochanski <dwysocha(a)redhat.com>
NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
Dan Carpenter <dan.carpenter(a)oracle.com>
ASoC: Intel: fix error code cnl_set_dsp_D0()
Al Viro <viro(a)zeniv.linux.org.uk>
dump_common_audit_data(): fix racy accesses to ->d_name
Arnd Bergmann <arnd(a)arndb.de>
ARM: picoxcell: fix missing interrupt-parent properties
Shawn Guo <shawn.guo(a)linaro.org>
ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
Michael Ellerman <mpe(a)ellerman.id.au>
net: ethernet: fs_enet: Add missing MODULE_LICENSE
Arnd Bergmann <arnd(a)arndb.de>
misdn: dsp: select CONFIG_BITREVERSE
Randy Dunlap <rdunlap(a)infradead.org>
arch/arc: add copy_user_page() to <asm/page.h> to fix build error on ARC
Rasmus Villemoes <rasmus.villemoes(a)prevas.dk>
ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan
Masahiro Yamada <masahiroy(a)kernel.org>
ARC: build: add boot_targets to PHONY
Masahiro Yamada <masahiroy(a)kernel.org>
ARC: build: add uImage.lzma to the top-level target
Masahiro Yamada <masahiroy(a)kernel.org>
ARC: build: remove non-existing bootpImage from KBUILD_IMAGE
yangerkun <yangerkun(a)huawei.com>
ext4: fix bug for rename with RENAME_WHITEOUT
Leon Schuermann <leon(a)is.currently.online>
r8152: Add Lenovo Powered USB-C Travel Hub
Akilesh Kailash <akailash(a)google.com>
dm snapshot: flush merged data before committing metadata
Miaohe Lin <linmiaohe(a)huawei.com>
mm/hugetlb: fix potential missing huge page size info
Dexuan Cui <decui(a)microsoft.com>
ACPI: scan: Harden acpi_device_add() against device ID overflows
Alexander Lobakin <alobakin(a)pm.me>
MIPS: relocatable: fix possible boot hangup with KASLR enabled
Al Viro <viro(a)zeniv.linux.org.uk>
MIPS: Fix malformed NT_FILE and NT_SIGINFO in 32bit coredumps
Paul Cercueil <paul(a)crapouillou.net>
MIPS: boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB
Thomas Hebb <tommyhebb(a)gmail.com>
ASoC: dapm: remove widget from dirty list on free
-------------
Diffstat:
Makefile | 4 +--
arch/arc/Makefile | 9 ++---
arch/arc/include/asm/page.h | 1 +
arch/arm/boot/dts/picoxcell-pc3x2.dtsi | 4 +++
arch/mips/boot/compressed/decompress.c | 3 +-
arch/mips/kernel/binfmt_elfn32.c | 7 ++++
arch/mips/kernel/binfmt_elfo32.c | 7 ++++
arch/mips/kernel/relocate.c | 10 ++++--
drivers/acpi/internal.h | 2 +-
drivers/acpi/scan.c | 15 +++++++-
drivers/infiniband/hw/usnic/usnic_ib_verbs.c | 3 ++
drivers/isdn/mISDN/Kconfig | 1 +
drivers/md/dm-snap.c | 24 +++++++++++++
drivers/md/dm.c | 2 +-
.../net/ethernet/freescale/fs_enet/mii-bitbang.c | 1 +
drivers/net/ethernet/freescale/fs_enet/mii-fec.c | 1 +
drivers/net/ethernet/freescale/ucc_geth.h | 9 ++++-
.../net/ethernet/qlogic/netxen/netxen_nic_main.c | 7 +---
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 +-
drivers/net/usb/cdc_ether.c | 7 ++++
drivers/net/usb/r8152.c | 1 +
drivers/net/usb/rndis_host.c | 2 +-
drivers/spi/spi-cadence.c | 6 ++--
drivers/usb/host/ohci-hcd.c | 2 +-
fs/btrfs/qgroup.c | 13 +++++--
fs/btrfs/super.c | 8 +++++
fs/ext4/ioctl.c | 3 ++
fs/ext4/namei.c | 16 +++++----
fs/nfs/internal.h | 12 ++++---
fs/nfs/nfs4proc.c | 2 +-
fs/nfs/pnfs.c | 6 ++++
fs/nfsd/nfs3xdr.c | 7 +++-
include/linux/acpi.h | 7 ++++
include/linux/compiler-gcc.h | 6 ++++
include/linux/skbuff.h | 16 +++++++++
mm/hugetlb.c | 2 +-
mm/slub.c | 2 +-
net/core/skbuff.c | 9 +++--
net/dcb/dcbnl.c | 2 ++
net/ipv4/esp4.c | 7 +---
net/ipv6/esp6.c | 7 +---
net/ipv6/ip6_output.c | 40 +++++++++++++++++++++-
net/ipv6/sit.c | 5 ++-
net/netfilter/nf_conntrack_standalone.c | 3 ++
net/rxrpc/key.c | 6 ++--
net/sunrpc/addr.c | 2 +-
net/tipc/link.c | 9 +++--
security/lsm_audit.c | 7 ++--
sound/firewire/fireface/ff-transaction.c | 2 +-
sound/firewire/tascam/tascam-transaction.c | 2 +-
sound/soc/intel/skylake/cnl-sst.c | 1 +
sound/soc/soc-dapm.c | 1 +
52 files changed, 263 insertions(+), 71 deletions(-)
The first four patches are fixes for XSA-332. The avoid WARN splats
and a performance issue with interdomain events.
Patches 5 and 6 are some additions to event handling in order to add
some per pv-device statistics to sysfs and the ability to have a per
backend device spurious event delay control.
Patches 7 and 8 are minor fixes I had lying around.
Juergen Gross (8):
xen/events: reset affinity of 2-level event when tearing it down
xen/events: don't unmask an event channel when an eoi is pending
xen/events: avoid handling the same event on two cpus at the same time
xen/netback: fix spurious event detection for common event case
xen/events: link interdomain events to associated xenbus device
xen/events: add per-xenbus device event statistics and settings
xen/evtchn: use smp barriers for user event ring
xen/evtchn: use READ/WRITE_ONCE() for accessing ring indices
.../ABI/testing/sysfs-devices-xenbus | 41 ++++
drivers/block/xen-blkback/xenbus.c | 2 +-
drivers/net/xen-netback/interface.c | 24 ++-
drivers/xen/events/events_2l.c | 22 +-
drivers/xen/events/events_base.c | 199 +++++++++++++-----
drivers/xen/events/events_fifo.c | 7 -
drivers/xen/events/events_internal.h | 14 +-
drivers/xen/evtchn.c | 29 ++-
drivers/xen/pvcalls-back.c | 4 +-
drivers/xen/xen-pciback/xenbus.c | 2 +-
drivers/xen/xen-scsiback.c | 2 +-
drivers/xen/xenbus/xenbus_probe.c | 66 ++++++
include/xen/events.h | 7 +-
include/xen/xenbus.h | 7 +
14 files changed, 327 insertions(+), 99 deletions(-)
create mode 100644 Documentation/ABI/testing/sysfs-devices-xenbus
--
2.26.2
Changes in v3
- drop the patch that introduces the new function tpm_chip_free()
- rework the commit messages for the patches (style, typos, etc.)
- add fixes tag to patch 2
- add James Bottomley to cc list
- add stable mailing list to cc list
Changes in v2:
- drop the patch that erroneously cleaned up after failed installation of
an action handler in tpmm_chip_alloc() (pointed out by Jarkko Sakkinen)
- make the commit message for patch 1 more detailed
- add fixes tags and kernel logs
Lino Sanfilippo (2):
tpm: fix reference counting for struct tpm_chip
tpm: in tpm2_del_space check if ops pointer is still valid
drivers/char/tpm/tpm-chip.c | 18 +++++++++++++++---
drivers/char/tpm/tpm2-space.c | 15 ++++++++++-----
drivers/char/tpm/tpm_ftpm_tee.c | 2 ++
drivers/char/tpm/tpm_vtpm_proxy.c | 1 +
4 files changed, 28 insertions(+), 8 deletions(-)
--
2.7.4
Commit 384d87ef2c95 ("block: Do not discard buffers under a mounted
filesystem") made paths issuing discard or zeroout requests to the
underlying device try to grab block device in exclusive mode. If that
failed we returned EBUSY to userspace. This however caused unexpected
fallout in userspace where e.g. FUSE filesystems issue discard requests
from userspace daemons although the device is open exclusively by the
kernel. Also shrinking of logical volume by LVM issues discard requests
to a device which may be claimed exclusively because there's another LV
on the same PV. So to avoid these userspace regressions, fall back to
invalidate_inode_pages2_range() instead of returning EBUSY to userspace
and return EBUSY only of that call fails as well (meaning that there's
indeed someone using the particular device range we are trying to
discard).
Link: https://bugzilla.kernel.org/show_bug.cgi?id=211167
Fixes: 384d87ef2c95 ("block: Do not discard buffers under a mounted filesystem")
CC: stable(a)vger.kernel.org
Signed-off-by: Jan Kara <jack(a)suse.cz>
---
fs/block_dev.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 235b5042672e..c33151020bcd 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -118,13 +118,22 @@ int truncate_bdev_range(struct block_device *bdev, fmode_t mode,
if (!(mode & FMODE_EXCL)) {
int err = bd_prepare_to_claim(bdev, truncate_bdev_range);
if (err)
- return err;
+ goto invalidate;
}
truncate_inode_pages_range(bdev->bd_inode->i_mapping, lstart, lend);
if (!(mode & FMODE_EXCL))
bd_abort_claiming(bdev, truncate_bdev_range);
return 0;
+
+invalidate:
+ /*
+ * Someone else has handle exclusively open. Try invalidating instead.
+ * The 'end' argument is inclusive so the rounding is safe.
+ */
+ return invalidate_inode_pages2_range(bdev->bd_inode->i_mapping,
+ lstart >> PAGE_SHIFT,
+ lend >> PAGE_SHIFT);
}
EXPORT_SYMBOL(truncate_bdev_range);
--
2.26.2
From: Borislav Petkov <bp(a)suse.de>
[ Upstream commit 6c13d7ff81e6d2f01f62ccbfa49d1b8d87f274d0 ]
Those were only laptops and are very very unlikely to have ECC memory.
Currently, when the driver attempts to load, it issues:
EDAC amd64: Error: F1 not found: device 0x1601 (broken BIOS?)
because the PCI device is the wrong one (it uses the F15h default one).
So do not load the driver on them as that is pointless.
Reported-by: Don Curtis <bugrprt21882(a)online.de>
Signed-off-by: Borislav Petkov <bp(a)suse.de>
Tested-by: Don Curtis <bugrprt21882(a)online.de>
Link: http://bugzilla.opensuse.org/show_bug.cgi?id=1179763
Link: https://lkml.kernel.org/r/20201218160622.20146-1-bp@alien8.de
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
drivers/edac/amd64_edac.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
index 620f7041db6b5..b36d5879b91e0 100644
--- a/drivers/edac/amd64_edac.c
+++ b/drivers/edac/amd64_edac.c
@@ -3350,10 +3350,13 @@ static struct amd64_family_type *per_family_init(struct amd64_pvt *pvt)
fam_type = &family_types[F15_M60H_CPUS];
pvt->ops = &family_types[F15_M60H_CPUS].ops;
break;
+ /* Richland is only client */
+ } else if (pvt->model == 0x13) {
+ return NULL;
+ } else {
+ fam_type = &family_types[F15_CPUS];
+ pvt->ops = &family_types[F15_CPUS].ops;
}
-
- fam_type = &family_types[F15_CPUS];
- pvt->ops = &family_types[F15_CPUS].ops;
break;
case 0x16:
@@ -3547,6 +3550,7 @@ static int probe_one_instance(unsigned int nid)
pvt->mc_node_id = nid;
pvt->F3 = F3;
+ ret = -ENODEV;
fam_type = per_family_init(pvt);
if (!fam_type)
goto err_enable;
--
2.27.0