April 2022 - Linux-stable-mirror

FAILED: patch "[PATCH] iwlwifi: yoyo: fix DBGI_SRAM ini dump header." failed to apply to 5.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 34bc27783a31a05d2fb987d8fa0f4f702efd0359 Mon Sep 17 00:00:00 2001 From: Rotem Saado <rotem.saado(a)intel.com> Date: Sat, 29 Jan 2022 13:16:12 +0200 Subject: [PATCH] iwlwifi: yoyo: fix DBGI_SRAM ini dump header. DBGI SRAM is new type of monitor, therefore it should be dump as monitor type with ini dump monitor header. Signed-off-by: Rotem Saado <rotem.saado(a)intel.com> Fixes: 89639e06d0f3 ("iwlwifi: yoyo: support for new DBGI_SRAM region") Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com> Link: https://lore.kernel.org/r/iwlwifi.20220129105618.6c31f6a2dcfc.If311c1d548bc… Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com> diff --git a/drivers/net/wireless/intel/iwlwifi/cfg/22000.c b/drivers/net/wireless/intel/iwlwifi/cfg/22000.c index 7fb209ec442d..22f33c074ac9 100644 --- a/drivers/net/wireless/intel/iwlwifi/cfg/22000.c +++ b/drivers/net/wireless/intel/iwlwifi/cfg/22000.c @@ -300,6 +300,12 @@ static const struct iwl_ht_params iwl_22000_ht_params = { .addr = DBGC_CUR_DBGBUF_STATUS, \ .mask = DBGC_CUR_DBGBUF_STATUS_IDX_MSK, \ }, \ + }, \ + .mon_dbgi_regs = { \ + .write_ptr = { \ + .addr = DBGI_SRAM_FIFO_POINTERS, \ + .mask = DBGI_SRAM_FIFO_POINTERS_WR_PTR_MSK, \ + }, \ } const struct iwl_cfg_trans_params iwl_qnj_trans_cfg = { diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c index 5c0d094887fc..101d9085e835 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c +++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c @@ -1696,6 +1696,17 @@ iwl_dump_ini_mon_smem_fill_header(struct iwl_fw_runtime *fwrt, &fwrt->trans->cfg->mon_smem_regs); } +static void * +iwl_dump_ini_mon_dbgi_fill_header(struct iwl_fw_runtime *fwrt, + struct iwl_dump_ini_region_data *reg_data, + void *data, u32 data_len) +{ + struct iwl_fw_ini_monitor_dump *mon_dump = (void *)data; + + return iwl_dump_ini_mon_fill_header(fwrt, reg_data, mon_dump, + &fwrt->trans->cfg->mon_dbgi_regs); +} + static void * iwl_dump_ini_err_table_fill_header(struct iwl_fw_runtime *fwrt, struct iwl_dump_ini_region_data *reg_data, @@ -1861,6 +1872,20 @@ iwl_dump_ini_mon_smem_get_size(struct iwl_fw_runtime *fwrt, return size; } +static u32 iwl_dump_ini_mon_dbgi_get_size(struct iwl_fw_runtime *fwrt, + struct iwl_dump_ini_region_data *reg_data) +{ + struct iwl_fw_ini_region_tlv *reg = (void *)reg_data->reg_tlv->data; + u32 size = le32_to_cpu(reg->dev_addr.size); + u32 ranges = iwl_dump_ini_mem_ranges(fwrt, reg_data); + + if (!size || !ranges) + return 0; + + return sizeof(struct iwl_fw_ini_monitor_dump) + ranges * + (size + sizeof(struct iwl_fw_ini_error_dump_range)); +} + static u32 iwl_dump_ini_txf_get_size(struct iwl_fw_runtime *fwrt, struct iwl_dump_ini_region_data *reg_data) { @@ -2285,8 +2310,8 @@ static const struct iwl_dump_ini_mem_ops iwl_dump_ini_region_ops[] = { }, [IWL_FW_INI_REGION_DBGI_SRAM] = { .get_num_of_ranges = iwl_dump_ini_mem_ranges, - .get_size = iwl_dump_ini_mem_get_size, - .fill_mem_hdr = iwl_dump_ini_mem_fill_header, + .get_size = iwl_dump_ini_mon_dbgi_get_size, + .fill_mem_hdr = iwl_dump_ini_mon_dbgi_fill_header, .fill_range = iwl_dump_ini_dbgi_sram_iter, }, }; diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-config.h b/drivers/net/wireless/intel/iwlwifi/iwl-config.h index f46ec44da1eb..2eb7f87672b4 100644 --- a/drivers/net/wireless/intel/iwlwifi/iwl-config.h +++ b/drivers/net/wireless/intel/iwlwifi/iwl-config.h @@ -408,6 +408,7 @@ struct iwl_cfg { u32 min_ba_txq_size; const struct iwl_fw_mon_regs mon_dram_regs; const struct iwl_fw_mon_regs mon_smem_regs; + const struct iwl_fw_mon_regs mon_dbgi_regs; }; #define IWL_CFG_ANY (~0) diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-prph.h b/drivers/net/wireless/intel/iwlwifi/iwl-prph.h index 95b3dae7b504..186e22c4e6c4 100644 --- a/drivers/net/wireless/intel/iwlwifi/iwl-prph.h +++ b/drivers/net/wireless/intel/iwlwifi/iwl-prph.h @@ -358,6 +358,8 @@ #define DBGI_SRAM_TARGET_ACCESS_CFG_RESET_ADDRESS_MSK 0x10000 #define DBGI_SRAM_TARGET_ACCESS_RDATA_LSB 0x00A2E154 #define DBGI_SRAM_TARGET_ACCESS_RDATA_MSB 0x00A2E158 +#define DBGI_SRAM_FIFO_POINTERS 0x00A2E148 +#define DBGI_SRAM_FIFO_POINTERS_WR_PTR_MSK 0x00000FFF enum { ENABLE_WFPM = BIT(31),

3 years

3
4
0 0

Fix issues caused by lack of x86 LPI support

by Limonciello, Mario

[Public] Hi, There are a variety of x86 systems that advertise LPI support and as part of negotiation with firmware they don't end up using C-states in certain circumstances. This leads to higher runtime power consumption and also failure to enter s2idle. In mainline there have been changes to block that behavior. Can you please backport these two commits from mainline? commit 01f6c7338ce267959975da65d86ba34f44d54220 ("cpuidle: PSCI: Move the `has_lpi` check to the beginning of the function") commit eb087f305919ee8169ad65665610313e74260463 ("ACPI: processor idle: Check for architectural support for LPI") This should go to 5.15.y and later stable kernels. Thanks,

3 years

2
1
0 0

CVE-2020-16120 and CVE-2021-3428

by achtol

Hello, It seems the fix commits for a couple of CVEs have not been cherry picked in the current linux-5.4.y branch (v5.4.188, currently): --- CVE-2020-16120: <https://nvd.nist.gov/vuln/detail/CVE-2020-16120> references the following mainline commits: d1d04ef8572bc8c22265057bd3d5a79f223f8f52 "ovl: stack file ops" (break commit) 56230d956739b9cb1cbde439d76227d77979a04d "ovl: verify permissions in ovl_path_open()" 48bd024b8a40d73ad6b086de2615738da0c7004f "ovl: switch to mounter creds in readdir" 05acefb4872dae89e772729efb194af754c877e8 "ovl: check permission to open real file" b6650dab404c701d7fe08a108b746542a934da84 "ovl: do not fail because of O_NOATIME" The CVE description says the last commit in the list above fixes a regression introduced by these two commits: 130fdbc3d1f9966dd4230709c30f3768bccd3065 "ovl: pass correct flags for opening real directory" 292f902a40c11f043a5ca1305a114da0e523eaa3 "ovl: call secutiry hook in ovl_real_ioctl()" --- CVE-2021-3428: According to <https://bugzilla.suse.com/show_bug.cgi?id=1173485>, the mainline fix commits are: d176b1f62f24 "ext4: handle error of ext4_setup_system_zone() on remount" bf9a379d0980 "ext4: don't allow overlapping system zones" ce9f24cccdc0 "ext4: check journal inode extents more carefully" Of these, only the first two have been cherry-picked. --- Half of these commits may be cherry-picked without a conflict. I wonder why they have not been applied and cannot find any discussion about them on this mailing list. Is it an oversight? Or because the v5.4 line is not affected? Some other reason? Regards, achtol

3 years

2
2
0 0

[PATCH 4.19 1/2] drm/amdgpu: Check if fd really is an amdgpu fd.

by Lee Jones

From: Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> [ Upstream commit 021830d24ba55a578f602979274965344c8e6284 ] Otherwise we interpret the file private data as drm & amdgpu data while it might not be, possibly allowing one to get memory corruption. Cc: Felix Kuehling <Felix.Kuehling(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: "Christian König" <christian.koenig(a)amd.com> Cc: David Airlie <airlied(a)linux.ie> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: amd-gfx(a)lists.freedesktop.org Cc: dri-devel(a)lists.freedesktop.org Signed-off-by: Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Lee Jones <lee.jones(a)linaro.org> --- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 16 ++++++++++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c | 10 +++++++--- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h index 447c4c7a36d68..acbd33fcb73d3 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h @@ -955,6 +955,8 @@ struct amdgpu_gfx { DECLARE_BITMAP (pipe_reserve_bitmap, AMDGPU_MAX_COMPUTE_QUEUES); }; +int amdgpu_file_to_fpriv(struct file *filp, struct amdgpu_fpriv **fpriv); + int amdgpu_ib_get(struct amdgpu_device *adev, struct amdgpu_vm *vm, unsigned size, struct amdgpu_ib *ib); void amdgpu_ib_free(struct amdgpu_device *adev, struct amdgpu_ib *ib, diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c index 63b1e325b45c5..b3b22a87b232b 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c @@ -1132,6 +1132,22 @@ static const struct file_operations amdgpu_driver_kms_fops = { #endif }; +int amdgpu_file_to_fpriv(struct file *filp, struct amdgpu_fpriv **fpriv) +{ + struct drm_file *file; + + if (!filp) + return -EINVAL; + + if (filp->f_op != &amdgpu_driver_kms_fops) { + return -EINVAL; + } + + file = filp->private_data; + *fpriv = file->driver_priv; + return 0; +} + static bool amdgpu_get_crtc_scanout_position(struct drm_device *dev, unsigned int pipe, bool in_vblank_irq, int *vpos, int *hpos, diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c index 1cafe8d83a4db..0b70410488b66 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c @@ -54,16 +54,20 @@ static int amdgpu_sched_process_priority_override(struct amdgpu_device *adev, enum drm_sched_priority priority) { struct file *filp = fget(fd); - struct drm_file *file; struct amdgpu_fpriv *fpriv; struct amdgpu_ctx *ctx; uint32_t id; + int r; if (!filp) return -EINVAL; - file = filp->private_data; - fpriv = file->driver_priv; + r = amdgpu_file_to_fpriv(filp, &fpriv); + if (r) { + fput(filp); + return r; + } + idr_for_each_entry(&fpriv->ctx_mgr.ctx_handles, ctx, id) amdgpu_ctx_priority_override(ctx, priority); -- 2.35.1.1178.g4f1659d476-goog

3 years

2
2
0 0

[PATCH 4.19] xfrm: policy: match with both mark and mask on user interfaces

by Tobias Brunner

From: Xin Long <lucien.xin(a)gmail.com> commit 4f47e8ab6ab796b5380f74866fa5287aca4dcc58 upstream. In commit ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list"), it would take 'priority' to make a policy unique, and allow duplicated policies with different 'priority' to be added, which is not expected by userland, as Tobias reported in strongswan. To fix this duplicated policies issue, and also fix the issue in commit ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list"), when doing add/del/get/update on user interfaces, this patch is to change to look up a policy with both mark and mask by doing: mark.v == pol->mark.v && mark.m == pol->mark.m and leave the check: (mark & pol->mark.m) == pol->mark.v for tx/rx path only. As the userland expects an exact mark and mask match to manage policies. v1->v2: - make xfrm_policy_mark_match inline and fix the changelog as Tobias suggested. Cc: <stable(a)vger.kernel.org> # 4.19.x Fixes: 295fae568885 ("xfrm: Allow user space manipulation of SPD mark") Fixes: ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list") Reported-by: Tobias Brunner <tobias(a)strongswan.org> Tested-by: Tobias Brunner <tobias(a)strongswan.org> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> --- This is a backport to 4.19.x of a fix that has already been applied to newer stable kernels. However, due to conflicts it was never included in the 4.x trees, which all contain backports of the problematic commit referenced above (ed17b8d377ea). So they all are prone to creating duplicate IPsec policies with priority updates. include/net/xfrm.h | 11 +++++++---- net/key/af_key.c | 4 ++-- net/xfrm/xfrm_policy.c | 32 +++++++++++++------------------- net/xfrm/xfrm_user.c | 18 +++++++++++------- 4 files changed, 33 insertions(+), 32 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index a8aa2bb74ad6..6b18cd0e511a 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1739,13 +1739,16 @@ int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk, void *); void xfrm_policy_walk_done(struct xfrm_policy_walk *walk, struct net *net); int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); -struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u32 if_id, - u8 type, int dir, +struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, + const struct xfrm_mark *mark, + u32 if_id, u8 type, int dir, struct xfrm_selector *sel, struct xfrm_sec_ctx *ctx, int delete, int *err); -struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u32 if_id, u8, - int dir, u32 id, int delete, int *err); +struct xfrm_policy *xfrm_policy_byid(struct net *net, + const struct xfrm_mark *mark, u32 if_id, + u8 type, int dir, u32 id, int delete, + int *err); int xfrm_policy_flush(struct net *net, u8 type, bool task_valid); void xfrm_policy_hash_rebuild(struct net *net); u32 xfrm_get_acqseq(void); diff --git a/net/key/af_key.c b/net/key/af_key.c index 388910cf0978..e252f7cf30ad 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -2413,7 +2413,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sa return err; } - xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, 0, XFRM_POLICY_TYPE_MAIN, + xp = xfrm_policy_bysel_ctx(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir - 1, &sel, pol_ctx, 1, &err); security_xfrm_policy_free(pol_ctx); @@ -2664,7 +2664,7 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_ return -EINVAL; delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2); - xp = xfrm_policy_byid(net, DUMMY_MARK, 0, XFRM_POLICY_TYPE_MAIN, + xp = xfrm_policy_byid(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id, delete, &err); if (xp == NULL) return -ENOENT; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index ab6d0c6576a6..bb1c94e20e82 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -727,14 +727,10 @@ static void xfrm_policy_requeue(struct xfrm_policy *old, spin_unlock_bh(&pq->hold_queue.lock); } -static bool xfrm_policy_mark_match(struct xfrm_policy *policy, - struct xfrm_policy *pol) +static inline bool xfrm_policy_mark_match(const struct xfrm_mark *mark, + struct xfrm_policy *pol) { - if (policy->mark.v == pol->mark.v && - policy->priority == pol->priority) - return true; - - return false; + return mark->v == pol->mark.v && mark->m == pol->mark.m; } int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) @@ -753,7 +749,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) if (pol->type == policy->type && pol->if_id == policy->if_id && !selector_cmp(&pol->selector, &policy->selector) && - xfrm_policy_mark_match(policy, pol) && + xfrm_policy_mark_match(&policy->mark, pol) && xfrm_sec_ctx_match(pol->security, policy->security) && !WARN_ON(delpol)) { if (excl) { @@ -803,11 +799,10 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) } EXPORT_SYMBOL(xfrm_policy_insert); -struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u32 if_id, - u8 type, int dir, - struct xfrm_selector *sel, - struct xfrm_sec_ctx *ctx, int delete, - int *err) +struct xfrm_policy * +xfrm_policy_bysel_ctx(struct net *net, const struct xfrm_mark *mark, u32 if_id, + u8 type, int dir, struct xfrm_selector *sel, + struct xfrm_sec_ctx *ctx, int delete, int *err) { struct xfrm_policy *pol, *ret; struct hlist_head *chain; @@ -819,7 +814,7 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u32 if_id, hlist_for_each_entry(pol, chain, bydst) { if (pol->type == type && pol->if_id == if_id && - (mark & pol->mark.m) == pol->mark.v && + xfrm_policy_mark_match(mark, pol) && !selector_cmp(sel, &pol->selector) && xfrm_sec_ctx_match(ctx, pol->security)) { xfrm_pol_hold(pol); @@ -844,9 +839,9 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u32 if_id, } EXPORT_SYMBOL(xfrm_policy_bysel_ctx); -struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u32 if_id, - u8 type, int dir, u32 id, int delete, - int *err) +struct xfrm_policy * +xfrm_policy_byid(struct net *net, const struct xfrm_mark *mark, u32 if_id, + u8 type, int dir, u32 id, int delete, int *err) { struct xfrm_policy *pol, *ret; struct hlist_head *chain; @@ -861,8 +856,7 @@ struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u32 if_id, ret = NULL; hlist_for_each_entry(pol, chain, byidx) { if (pol->type == type && pol->index == id && - pol->if_id == if_id && - (mark & pol->mark.m) == pol->mark.v) { + pol->if_id == if_id && xfrm_policy_mark_match(mark, pol)) { xfrm_pol_hold(pol); if (delete) { *err = security_xfrm_policy_delete( diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 3db5cd70b16a..94c7ebc26c48 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1862,7 +1862,6 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, struct km_event c; int delete; struct xfrm_mark m; - u32 mark = xfrm_mark_get(attrs, &m); u32 if_id = 0; p = nlmsg_data(nlh); @@ -1879,8 +1878,11 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, if (attrs[XFRMA_IF_ID]) if_id = nla_get_u32(attrs[XFRMA_IF_ID]); + xfrm_mark_get(attrs, &m); + if (p->index) - xp = xfrm_policy_byid(net, mark, if_id, type, p->dir, p->index, delete, &err); + xp = xfrm_policy_byid(net, &m, if_id, type, p->dir, + p->index, delete, &err); else { struct nlattr *rt = attrs[XFRMA_SEC_CTX]; struct xfrm_sec_ctx *ctx; @@ -1897,8 +1899,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, if (err) return err; } - xp = xfrm_policy_bysel_ctx(net, mark, if_id, type, p->dir, &p->sel, - ctx, delete, &err); + xp = xfrm_policy_bysel_ctx(net, &m, if_id, type, p->dir, + &p->sel, ctx, delete, &err); security_xfrm_policy_free(ctx); } if (xp == NULL) @@ -2165,7 +2167,6 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, u8 type = XFRM_POLICY_TYPE_MAIN; int err = -ENOENT; struct xfrm_mark m; - u32 mark = xfrm_mark_get(attrs, &m); u32 if_id = 0; err = copy_from_user_policy_type(&type, attrs); @@ -2179,8 +2180,11 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, if (attrs[XFRMA_IF_ID]) if_id = nla_get_u32(attrs[XFRMA_IF_ID]); + xfrm_mark_get(attrs, &m); + if (p->index) - xp = xfrm_policy_byid(net, mark, if_id, type, p->dir, p->index, 0, &err); + xp = xfrm_policy_byid(net, &m, if_id, type, p->dir, p->index, + 0, &err); else { struct nlattr *rt = attrs[XFRMA_SEC_CTX]; struct xfrm_sec_ctx *ctx; @@ -2197,7 +2201,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, if (err) return err; } - xp = xfrm_policy_bysel_ctx(net, mark, if_id, type, p->dir, + xp = xfrm_policy_bysel_ctx(net, &m, if_id, type, p->dir, &p->sel, ctx, 0, &err); security_xfrm_policy_free(ctx); } -- 2.25.1

3 years

2
1
0 0

[PATCH 4.14 0/3] cgroup: backports for CVE-2021-4197

by Ovidiu Panait

Backport summary ---------------- 1756d7994ad8 ("cgroup: Use open-time credentials for process migraton perm checks") * Cherry pick from 4.19-stable, no modifications. 0d2b5955b362 ("cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv") * Cherry-pick from 4.19-stable, minor contextual adjustement. e57457641613 ("cgroup: Use open-time cgroup namespace for process migration perm checks") * Cherry-pick from 4.19-stable, no modifications. Testing ------- There are no cgroup selftests in 4.14, but when running the ones from 4.19 on the 4.14 kernel, all selftests pass: root@intel-x86-64:~# ./test_core ok 1 test_cgcore_internal_process_constraint ok 2 test_cgcore_top_down_constraint_enable ok 3 test_cgcore_top_down_constraint_disable ok 4 test_cgcore_no_internal_process_constraint_on_threads ok 5 test_cgcore_parent_becomes_threaded ok 6 test_cgcore_invalid_domain ok 7 test_cgcore_populated ok 8 test_cgcore_lesser_euid_open ok 9 test_cgcore_lesser_ns_open Tejun Heo (3): cgroup: Use open-time credentials for process migraton perm checks cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv cgroup: Use open-time cgroup namespace for process migration perm checks kernel/cgroup/cgroup-internal.h | 19 ++++++++ kernel/cgroup/cgroup-v1.c | 33 ++++++++------ kernel/cgroup/cgroup.c | 81 +++++++++++++++++++++++---------- 3 files changed, 95 insertions(+), 38 deletions(-) -- 2.25.1

3 years

2
4
0 0

[PATCH 4.19 0/6] cgroup: backports for CVE-2021-4197

by Ovidiu Panait

Backport summary ---------------- 1756d7994ad8 ("cgroup: Use open-time credentials for process migraton perm checks") * Cherry pick for 5.4-stable, no modifications. 0d2b5955b362 ("cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv") * Cherry-pick from 5.4-stable. * Backport to v4.19: drop changes to cgroup_pressure_*() functions - psi monitor feature is not available in 4.19. e57457641613 ("cgroup: Use open-time cgroup namespace for process migration perm checks") * Cherry-pick from 5.4-stable, no modifications. b09c2baa5634 ("selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644") 613e040e4dc2 ("selftests: cgroup: Test open-time credential usage for migration checks") * Minor contextual adjustments. bf35a7879f1d ("selftests: cgroup: Test open-time cgroup namespace usage for migration checks") * Minor contextual adjustments and added wait.h and fcntl.h includes to fix compilation. Testing ------- The newly introduced selftests (test_cgcore_lesser_euid_open() and test_cgcore_lesser_ns_open()) pass with this series applied: root@intel-x86-64:~# ./test_core ok 1 test_cgcore_internal_process_constraint ok 2 test_cgcore_top_down_constraint_enable ok 3 test_cgcore_top_down_constraint_disable ok 4 test_cgcore_no_internal_process_constraint_on_threads ok 5 test_cgcore_parent_becomes_threaded ok 6 test_cgcore_invalid_domain ok 7 test_cgcore_populated ok 8 test_cgcore_lesser_euid_open ok 9 test_cgcore_lesser_ns_open Tejun Heo (6): cgroup: Use open-time credentials for process migraton perm checks cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv cgroup: Use open-time cgroup namespace for process migration perm checks selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 selftests: cgroup: Test open-time credential usage for migration checks selftests: cgroup: Test open-time cgroup namespace usage for migration checks kernel/cgroup/cgroup-internal.h | 19 +++ kernel/cgroup/cgroup-v1.c | 33 ++-- kernel/cgroup/cgroup.c | 81 ++++++--- tools/testing/selftests/cgroup/cgroup_util.c | 2 +- tools/testing/selftests/cgroup/test_core.c | 167 +++++++++++++++++++ 5 files changed, 263 insertions(+), 39 deletions(-) -- 2.25.1

3 years

2
7
0 0

[PATCH 5.4 0/6] cgroup: backports for CVE-2021-4197

by Ovidiu Panait

Backport summary ---------------- 1756d7994ad8 ("cgroup: Use open-time credentials for process migraton perm checks") * Cherry pick from 5.10-stable with minor contextual adjustments. 0d2b5955b362 ("cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv") * Cherry-pick from 5.10-stable, no modifications. e57457641613 ("cgroup: Use open-time cgroup namespace for process migration perm checks") * Cherry-pick from 5.10-stable. * Backport to 5.4: drop changes to cgroup_attach_permissions() and cgroup_css_set_fork() as the two functions are not present. Also, adjust cgroup_procs_write_permission() callsites directly in cgroup_procs_write() and cgroup_threads_write(). b09c2baa5634 ("selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644") * Clean cherry-pick. 613e040e4dc2 ("selftests: cgroup: Test open-time credential usage for migration checks") * Minor contextual adjustments. bf35a7879f1d ("selftests: cgroup: Test open-time cgroup namespace usage for migration checks") * Minor contextual adjustments and added wait.h and fcntl.h includes to fix compilation. Testing ------- The newly introduced selftests (test_cgcore_lesser_euid_open() and test_cgcore_lesser_ns_open()) pass with this series applied: root@intel-x86-64:~# ./test_core ok 1 test_cgcore_internal_process_constraint ok 2 test_cgcore_top_down_constraint_enable ok 3 test_cgcore_top_down_constraint_disable ok 4 test_cgcore_no_internal_process_constraint_on_threads ok 5 test_cgcore_parent_becomes_threaded ok 6 test_cgcore_invalid_domain ok 7 test_cgcore_populated ok 8 test_cgcore_lesser_euid_open ok 9 test_cgcore_lesser_ns_open Tejun Heo (6): cgroup: Use open-time credentials for process migraton perm checks cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv cgroup: Use open-time cgroup namespace for process migration perm checks selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 selftests: cgroup: Test open-time credential usage for migration checks selftests: cgroup: Test open-time cgroup namespace usage for migration checks kernel/cgroup/cgroup-internal.h | 19 +++ kernel/cgroup/cgroup-v1.c | 33 ++-- kernel/cgroup/cgroup.c | 93 ++++++++--- tools/testing/selftests/cgroup/cgroup_util.c | 2 +- tools/testing/selftests/cgroup/test_core.c | 167 +++++++++++++++++++ 5 files changed, 271 insertions(+), 43 deletions(-) -- 2.25.1

3 years

2
7
0 0

[RESEND][PATCH] omapdrm: fix missing check on list iterator

by Xiaomeng Tong

The bug is here: bus_flags = connector->display_info.bus_flags; The list iterator 'connector-' will point to a bogus position containing HEAD if the list is empty or no element is found. This case must be checked before any use of the iterator, otherwise it will lead to a invalid memory access. To fix this bug, add an check. Use a new value 'iter' as the list iterator, while use the old value 'connector' as a dedicated variable to point to the found element. Cc: stable(a)vger.kernel.org Fixes: ("drm/omap: Add support for drm_panel") Signed-off-by: Xiaomeng Tong <xiam0nd.tong(a)gmail.com> --- drivers/gpu/drm/omapdrm/omap_encoder.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/omapdrm/omap_encoder.c b/drivers/gpu/drm/omapdrm/omap_encoder.c index 4dd05bc732da..d648ab4223b1 100644 --- a/drivers/gpu/drm/omapdrm/omap_encoder.c +++ b/drivers/gpu/drm/omapdrm/omap_encoder.c @@ -76,14 +76,16 @@ static void omap_encoder_mode_set(struct drm_encoder *encoder, struct omap_encoder *omap_encoder = to_omap_encoder(encoder); struct omap_dss_device *output = omap_encoder->output; struct drm_device *dev = encoder->dev; - struct drm_connector *connector; + struct drm_connector *connector = NULL, *iter; struct drm_bridge *bridge; struct videomode vm = { 0 }; u32 bus_flags; - list_for_each_entry(connector, &dev->mode_config.connector_list, head) { - if (connector->encoder == encoder) + list_for_each_entry(iter, &dev->mode_config.connector_list, head) { + if (iter->encoder == encoder) { + connector = iter; break; + } } drm_display_mode_to_videomode(adjusted_mode, &vm); @@ -106,8 +108,10 @@ static void omap_encoder_mode_set(struct drm_encoder *encoder, omap_encoder_update_videomode_flags(&vm, bus_flags); } - bus_flags = connector->display_info.bus_flags; - omap_encoder_update_videomode_flags(&vm, bus_flags); + if (connector) { + bus_flags = connector->display_info.bus_flags; + omap_encoder_update_videomode_flags(&vm, bus_flags); + } /* Set timings for all devices in the display pipeline. */ dss_mgr_set_timings(output, &vm); -- 2.17.1

3 years

2
1
0 0

GOOD NATURE HOTEL KYOTO【お問い合わせありがとうございます。】

by GOOD NATURE HOTEL KYOTO

💌 Jean want to play with you! Start play: https://telegra.ph/insta-sex-04-14?7y20e8 💌 様この度はGOOD NATURE HOTEL KYOTOへお問い合わせいただき、誠にありがとうございます。お問い合わせ内容をご確認の上、改めてご連絡差し上げますので今しばらくお待ちくださいますようよろしくお願い申し上げます。以下、お問い合わせいただいた内容になります。 -- 【お名前】：💌 Jean want to play with you! Start play: https://telegra.ph/insta-sex-04-14?7y20e8 💌（bfgwdf）様【お電話番号】：902325069439 【メールアドレス】：stable(a)vger.kernel.org 【お問い合わせ内容】：その他【ご質問・ご意見】： y2rqvlq -- このメールは GOOD NATURE HOTEL KYOTO (https://goodnaturehotel.jp/) のお問い合わせフォームから送信されました

3 years

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror April 2022