5a7dc5ffbc
286 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
UtsavBalar1231
|
0ac5096a10 |
Merge tag 'ASB-2021-12-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common into android12-base
https://source.android.com/security/bulletin/2021-12-01 CVE-2021-33909 CVE-2021-38204 CVE-2021-0961 * tag 'ASB-2021-12-05_4.19-stable' of https://github.com/aosp-mirror/kernel_common: BACKPORT: arm64: vdso32: suppress error message for 'make mrproper' Linux 4.19.219 tty: hvc: replace BUG_ON() with negative return value xen/netfront: don't trust the backend response data blindly xen/netfront: disentangle tx_skb_freelist xen/netfront: don't read data from request on the ring page xen/netfront: read response from backend only once xen/blkfront: don't trust the backend response data blindly xen/blkfront: don't take local copy of a request from the ring page xen/blkfront: read response from backend only once xen: sync include/xen/interface/io/ring.h with Xen's newest version fuse: release pipe buf after last use NFC: add NCI_UNREG flag to eliminate the race hugetlbfs: flush TLBs correctly after huge_pmd_unshare s390/mm: validate VMA in PGSTE manipulation functions tracing: Check pid filtering when creating events vhost/vsock: fix incorrect used length reported to the guest net: hns3: fix VF RSS failed problem after PF enable multi-TCs net/smc: Don't call clcsock shutdown twice when smc shutdown MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows PM: hibernate: use correct mode for swsusp_close() net/smc: Ensure the active closing peer first closes clcsock ipv6: fix typos in __ip6_finish_output() drm/vc4: fix error code in vc4_create_object() scsi: mpt3sas: Fix kernel panic during drive powercycle test ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE NFSv42: Don't fail clone() unless the OP_CLONE operation failed firmware: arm_scmi: pm: Propagate return value to caller net: ieee802154: handle iftypes as u32 ASoC: topology: Add missing rwsem around snd_ctl_remove() calls ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer ARM: dts: BCM5301X: Add interrupt properties to GPIO node ARM: dts: BCM5301X: Fix I2C controller interrupt netfilter: ipvs: Fix reuse connection if RS weight is 0 arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function arm64: dts: marvell: armada-37xx: declare PCIe reset pin pinctrl: armada-37xx: Correct PWM pins definitions pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup pinctrl: armada-37xx: Correct mpp definitions PCI: aardvark: Fix checking for link up via LTSSM state PCI: aardvark: Fix link training PCI: aardvark: Fix PCIe Max Payload Size setting PCI: aardvark: Configure PCIe resources from 'ranges' DT property PCI: aardvark: Update comment about disabling link training PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() PCI: aardvark: Fix compilation on s390 PCI: aardvark: Don't touch PCIe registers if no card connected PCI: aardvark: Indicate error in 'val' when config read fails PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros PCI: aardvark: Issue PERST via GPIO PCI: aardvark: Improve link training PCI: aardvark: Train link immediately after enabling training PCI: aardvark: Wait for endpoint to be ready before training link PCI: aardvark: Fix a leaked reference by adding missing of_node_put() proc/vmcore: fix clearing user buffer by properly using clear_user() xtensa: use CONFIG_USE_OF instead of CONFIG_OF tracing: Fix pid filtering when triggers are attached xen: detect uninitialized xenbus in xenbus_init xen: don't continue xenstore initialization in case of errors fuse: fix page stealing staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts media: cec: copy sequence field for the reply ALSA: ctxfi: Fix out-of-range access binder: fix test regression due to sender_euid change usb: hub: Fix locking issues with address0_mutex usb: hub: Fix usb enumeration issue due to address0 race usb: dwc2: hcd_queue: Fix use of floating point literal USB: serial: option: add Fibocom FM101-GL variants USB: serial: option: add Telit LE910S1 0x9200 composition Revert "net: sched: update default qdisc visibility after Tx queue cnt changes" Revert "serial: core: Fix initializing and restoring termios speed" ANDROID: GKI: disable CONFIG_FORTIFY_SOURCE Linux 4.19.218 soc/tegra: pmc: Fix imbalanced clock disabling in error code path usb: max-3421: Use driver data instead of maintaining a list of bound devices ASoC: DAPM: Cover regression by kctl change notification fix RDMA/netlink: Add __maybe_unused to static inline in C file batman-adv: Don't always reallocate the fragmentation skb head batman-adv: Reserve needed_*room for fragments batman-adv: Consider fragmentation for needed_headroom batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN perf/core: Avoid put_page() when GUP fails drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors drm/udl: fix control-message timeout cfg80211: call cfg80211_stop_ap when switch from P2P_GO type parisc/sticon: fix reverse colors btrfs: fix memory ordering between normal and ordered work functions udf: Fix crash after seekdir x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag ipc: WARN if trying to remove ipc object which is absent hexagon: export raw I/O routines for modules tun: fix bonding active backup with arp monitoring perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server NFC: reorder the logic in nfc_{un,}register_device NFC: reorganize the functions in nci_request i40e: Fix display error code in dmesg i40e: Fix changing previously set num_queue_pairs for PFs i40e: Fix NULL ptr dereference on VSI filter sync i40e: Fix correct max_pkt_size on VF RX queue net: virtio_net_hdr_to_skb: count transport header in UFO platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' mips: lantiq: add support for clk_get_parent() mips: bcm63xx: add support for clk_get_parent() MIPS: generic/yamon-dt: fix uninitialized variable error iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset iavf: check for null in iavf_fix_features net: bnx2x: fix variable dereferenced before check drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set sh: define __BIG_ENDIAN for math-emu sh: fix kconfig unmet dependency warning for FRAME_POINTER f2fs: fix up f2fs_lookup tracepoints maple: fix wrong return value of maple_bus_init(). sh: check return code of request_irq powerpc/dcr: Use cmplwi instead of 3-argument cmpli ALSA: gus: fix null pointer dereference on pointer block powerpc/5200: dts: fix memory node unit name scsi: target: Fix alua_tg_pt_gps_count tracking scsi: target: Fix ordered tag handling MIPS: sni: Fix the build tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc ALSA: ISA: not for M68K usb: host: ohci-tmio: check return value after calling platform_get_resource() ARM: dts: omap: fix gpmc,mux-add-data type firmware_loader: fix pre-allocated buf built-in firmware use scsi: advansys: Fix kernel pointer leak ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect arm64: dts: freescale: fix arm,sp805 compatible string usb: typec: tipd: Remove WARN_ON in tps6598x_block_read usb: musb: tusb6010: check return value after calling platform_get_resource() arm64: dts: hisilicon: fix arm,sp805 compatible string scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() arm64: zynqmp: Fix serial compatible string arm64: zynqmp: Do not duplicate flash partition label property erofs: fix unsafe pagevec reuse of hooked pclusters erofs: remove the occupied parameter from z_erofs_pagevec_enqueue() PCI: Add MSI masking quirk for Nvidia ION AHCI PCI/MSI: Deal with devices lying about their MSI mask capability PCI/MSI: Destroy sysfs before freeing entries parisc/entry: fix trace test in syscall exit path fortify: Explicitly disable Clang support ext4: fix lazy initialization next schedule time computation in more granular unit x86/cpu: Fix migration safety with X86_BUG_NULL_SEL fuse: truncate pagecache on atomic_o_trunc PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros s390/tape: fix timer initialization in tape_std_assign() s390/cio: check the subchannel validity for dev_busid video: backlight: Drop maximum brightness override for brightness zero backlight: gpio-backlight: Correct initial power state handling mm, oom: do not trigger out_of_memory from the #PF mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC powerpc/security: Add a helper to query stf_barrier type powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 powerpc/bpf: Validate branch ranges powerpc/lib: Add helper to check if offset is within conditional branch range 9p/net: fix missing error check in p9_check_errors f2fs: should use GFP_NOFS for directory inodes ARM: 9156/1: drop cc-option fallbacks for architecture selection ARM: 9155/1: fix early early_iounmap() USB: chipidea: fix interrupt deadlock cxgb4: fix eeprom len when diagnostics not implemented vsock: prevent unnecessary refcnt inc for nonblocking connect arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails llc: fix out-of-bound array index in llc_sk_dev_hash() zram: off by one in read_block_state() mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses net: davinci_emac: Fix interrupt pacing disable xen-pciback: Fix return in pm_ctrl_init() i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' scsi: qla2xxx: Turn off target reset during issue_lip scsi: qla2xxx: Fix gnl list corruption ar7: fix kernel builds for compiler test watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT m68k: set a default value for MEMORY_RESERVE dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` netfilter: nfnetlink_queue: fix OOB when mac header was cleared auxdisplay: ht16k33: Fix frame buffer device blanking auxdisplay: ht16k33: Connect backlight to fbdev auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() fs: orangefs: fix error return code of orangefs_revalidate_lookup() NFS: Fix deadlocks in nfs_scan_commit_list() PCI: aardvark: Don't spam about PIO Response Status drm/plane-helper: fix uninitialized variable reference pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined apparmor: fix error check power: supply: bq27xxx: Fix kernel crash on IRQ handler register error mips: cm: Convert to bitfield API to fix out-of-bounds access serial: xilinx_uartps: Fix race condition causing stuck TX phy: qcom-qusb2: Fix a memory leak on probe ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER ASoC: cs42l42: Correct some register default values RDMA/mlx4: Return missed an error if device doesn't support steering scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() power: supply: rt5033_battery: Change voltage values to µV usb: gadget: hid: fix error code in do_config() serial: 8250_dw: Drop wrong use of ACPI_PTR() video: fbdev: chipsfb: use memset_io() instead of memset() memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe soc/tegra: Fix an error handling path in tegra_powergate_power_up() arm: dts: omap3-gta04a4: accelerometer irq fix ALSA: hda: Reduce udelay() at SKL+ position reporting JFS: fix memleak in jfs_mount MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT scsi: dc395: Fix error case unwinding ARM: dts: at91: tse850: the emac<->phy interface is rmii RDMA/bnxt_re: Fix query SRQ failure arm64: dts: rockchip: Fix GPU register width for RK3328 ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() RDMA/rxe: Fix wrong port_cap_flags ibmvnic: Process crqs after enabling interrupts selftests/bpf: Fix fclose/pclose mismatch in test_progs crypto: pcrypt - Delay write to padata->info net: phylink: avoid mvneta warning when setting pause parameters net: amd-xgbe: Toggle PLL settings during rate change wcn36xx: add proper DMA memory barriers in rx path libertas: Fix possible memory leak in probe and disconnect libertas_tf: Fix possible memory leak in probe and disconnect KVM: s390: Fix handle_sske page fault handling samples/kretprobes: Fix return value if register_kretprobe() failed tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() irq: mips: avoid nested irq_enter() s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi drm/msm: Fix potential NULL dereference in DPU SSPP clocksource/drivers/timer-ti-dm: Select TIMER_OF PM: hibernate: fix sparse warnings nvme-rdma: fix error code in nvme_rdma_setup_ctrl phy: micrel: ksz8041nl: do not use power down mode mwifiex: Send DELBA requests according to spec rsi: stop thread firstly in rsi_91x_init() error handling platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning mmc: mxs-mmc: disable regulator on error and in the remove function net: stream: don't purge sk_error_queue in sk_stream_kill_queues() drm/msm: uninitialized variable in msm_gem_import() ath10k: fix max antenna gain unit hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff hwmon: Fix possible memleak in __hwmon_device_register() memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() memstick: avoid out-of-range warning mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured b43: fix a lower bounds test b43legacy: fix a lower bounds test hwrng: mtk - Force runtime pm ops for sleep ops crypto: qat - disregard spurious PFVF interrupts crypto: qat - detect PFVF collision after ACK media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() ath9k: Fix potential interrupt storm on queue reset media: em28xx: Don't use ops->suspend if it is NULL cpuidle: Fix kobject memory leaks in error paths media: cx23885: Fix snd_card_free call on null card pointer media: si470x: Avoid card name truncation media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' media: dvb-usb: fix ununit-value in az6027_rc_query media: em28xx: add missing em28xx_close_extension drm/amdgpu: fix warning for overflow check net: dsa: rtl8366rb: Fix off-by-one bug cgroup: Make rebind_subsystems() disable v2 controllers all at once Bluetooth: fix init and cleanup of sco_conn.timeout_work parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling parisc/unwind: fix unwinder when CONFIG_64BIT is enabled task_stack: Fix end_of_stack() for architectures with upwards-growing stack parisc: fix warning in flush_tlb_all x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE ARM: clang: Do not rely on lr register for stacktrace smackfs: use __GFP_NOFAIL for smk_cipso_doi() iwlwifi: mvm: disable RX-diversity in powersave PM: hibernate: Get block device exclusively in swsusp_check() mwl8k: Fix use-after-free in mwl8k_fw_state_machine() tracing/cfi: Fix cmp_entries_* functions signature mismatch workqueue: make sysfs of unbound kworker cpumask more clever lib/xz: Validate the value before assigning it to an enum variable lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression memstick: r592: Fix a UAF bug when removing the driver leaking_addresses: Always print a trailing newline ACPI: battery: Accept charges over the design capacity as full ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() tracefs: Have tracefs directories not set OTH permission bits by default media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() ACPICA: Avoid evaluating methods too early during system resume media: rcar-csi2: Add checking to rcsi2_start_receiver() ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK media: mceusb: return without resubmitting URB in case of -EPROTO error. media: s5p-mfc: Add checking to s5p_mfc_probe(). media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() media: uvcvideo: Return -EIO for control errors media: uvcvideo: Set capability in s_param media: netup_unidvb: handle interrupt properly according to the firmware media: mt9p031: Fix corrupted frame after restarting stream mwifiex: Properly initialize private structure on interface type changes mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type x86: Increase exception stack sizes smackfs: Fix use-after-free in netlbl_catmap_walk() net: sched: update default qdisc visibility after Tx queue cnt changes locking/lockdep: Avoid RCU-induced noinstr fail MIPS: lantiq: dma: reset correct number of channel MIPS: lantiq: dma: add small delay after reset platform/x86: wmi: do not fail if disabling fails Bluetooth: fix use-after-free error in lock_sock_nested() Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 USB: iowarrior: fix control-message timeouts USB: serial: keyspan: fix memleak on probe errors iio: dac: ad5446: Fix ad5622_write() return value pinctrl: core: fix possible memory leak in pinctrl_enable() quota: correct error number in free_dqentry() quota: check block number when reading the block in quota file PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG PCI: aardvark: Fix return value of MSI domain .alloc() method PCI: aardvark: Do not unmask unused interrupts PCI: aardvark: Do not clear status bits of masked interrupts xen/balloon: add late_initcall_sync() for initial ballooning done ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume ALSA: mixer: oss: Fix racy access to slots serial: core: Fix initializing and restoring termios speed powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found power: supply: max17042_battery: use VFSOC for capacity when no rsns power: supply: max17042_battery: Prevent int underflow in set_soc_threshold signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT signal: Remove the bogus sigkill_pending in ptrace_stop RDMA/qedr: Fix NULL deref for query_qp on the GSI QP rsi: Fix module dev_oper_mode parameter description rsi: fix rate mask set leading to P2P failure rsi: fix key enabled check causing unwanted encryption for vap_id > 0 rsi: fix occasional initialisation failure with BT coex wcn36xx: handle connection loss indication libata: fix checking of DMA state mwifiex: Read a PCI register after writing the TX ring write pointer wcn36xx: Fix HT40 capability for 2Ghz band evm: mark evm_fixmode as __ro_after_init rtl8187: fix control-message timeouts PCI: Mark Atheros QCA6174 to avoid bus reset ath10k: fix division by zero in send path ath10k: fix control-message timeout ath6kl: fix control-message timeout ath6kl: fix division by zero in send path mwifiex: fix division by zero in fw download path EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled hwmon: (pmbus/lm25066) Add offset coefficients ia64: kprobes: Fix to pass correct trampoline address to the handler btrfs: call btrfs_check_rw_degradable only if there is a missing device btrfs: fix lost error handling when replaying directory deletes btrfs: clear MISSING device status bit in btrfs_close_one_device vmxnet3: do not stop tx queues after netif_device_detach() watchdog: Fix OMAP watchdog early handling spi: spl022: fix Microwire full duplex mode xen/netfront: stop tx queues during live migration bpf: Prevent increasing bpf_jit_limit above max drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 mmc: winbond: don't build on M68K hyperv/vmbus: include linux/bitops.h sfc: Don't use netif_info before net_device setup cavium: Fix return values of the probe function scsi: qla2xxx: Fix unmap of already freed sgl cavium: Return negative value when pci_alloc_irq_vectors() fails x86/irq: Ensure PI wakeup handler is unregistered before module unload x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c ALSA: timer: Unconditionally unlink slave instances, too ALSA: timer: Fix use-after-free problem ALSA: synth: missing check for possible NULL after the call to kstrdup ALSA: usb-audio: Add registration quirk for JBL Quantum 400 ALSA: line6: fix control and interrupt message timeouts ALSA: 6fire: fix control and bulk message timeouts ALSA: ua101: fix division by zero at probe ALSA: hda/realtek: Add quirk for Clevo PC70HS media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers media: ite-cir: IR receiver stop working after receive overflow crypto: s5p-sss - Add error handling in s5p_aes_probe() firmware/psci: fix application of sizeof to pointer tpm: Check for integer overflow in tpm2_map_response_body() parisc: Fix ptrace check on syscall return mmc: dw_mmc: Dont wait for DRTO on Write RSP error ocfs2: fix data corruption on truncate libata: fix read log timeout value Input: i8042 - Add quirk for Fujitsu Lifebook T725 Input: elantench - fix misreporting trackpoint coordinates binder: use cred instead of task for selinux checks binder: use euid from cred instead of using task xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay ANDROID: usb: gadget: f_accessory: Mitgate handling of non-existent USB request UPSTREAM: binder: use cred instead of task for getsecid FROMGIT: binder: fix test regression due to sender_euid change BACKPORT: binder: use cred instead of task for selinux checks UPSTREAM: binder: use euid from cred instead of using task ANDROID: setlocalversion: make KMI_GENERATION optional Linux 4.19.217 rsi: fix control-message timeout staging: rtl8192u: fix control-message timeouts staging: r8712u: fix control-message timeout comedi: vmk80xx: fix bulk and interrupt message timeouts comedi: vmk80xx: fix bulk-buffer overflow comedi: vmk80xx: fix transfer-buffer overflows comedi: ni_usb6501: fix NULL-deref in command paths comedi: dt9812: fix DMA buffers on stack isofs: Fix out of bound access for corrupted isofs image printk/console: Allow to disable console output by using console="" or console=null usb-storage: Add compatibility quirk flags for iODD 2531/2541 usb: musb: Balance list entry in musb_gadget_queue usb: gadget: Mark USB_FSL_QE broken on 64-bit usb: ehci: handshake CMD_RUN instead of STS_HALT Revert "x86/kvm: fix vcpu-id indexed array sizes" Linux 4.19.216 ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed sfc: Fix reading non-legacy supported link modes IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields IB/qib: Use struct_size() helper media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() scsi: core: Put LLD module refcnt after SCSI device is released UPSTREAM: security: selinux: allow per-file labeling for bpffs Linux 4.19.215 sctp: add vtag check in sctp_sf_ootb sctp: add vtag check in sctp_sf_do_8_5_1_E_sa sctp: add vtag check in sctp_sf_violation sctp: fix the processing for COOKIE_ECHO chunk sctp: use init_tag from inithdr for ABORT chunk net: nxp: lpc_eth.c: avoid hang when bringing interface down net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST net: Prevent infinite while loop in skb_tx_hash() net: batman-adv: fix error handling regmap: Fix possible double-free in regcache_rbtree_exit() arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node RDMA/mlx5: Set user priority for DCT net: lan78xx: fix division by zero in send path mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit mmc: sdhci: Map more voltage level to SDHCI_POWER_330 mmc: dw_mmc: exynos: fix the finding clock sample value mmc: cqhci: clear HALT state after CQE enable mmc: vub300: fix control-message timeouts ipv6: make exception cache less predictible ipv6: use siphash in rt6_exception_hash() ipv4: use siphash instead of Jenkins in fnhe_hashfun() Revert "net: mdiobus: Fix memory leak in __mdiobus_register" nfc: port100: fix using -ERRNO as command type mask ata: sata_mv: Fix the error handling of mv_chip_id() usbnet: fix error return code in usbnet_probe() usbnet: sanity check for maxpacket ARM: 8819/1: Remove '-p' from LDFLAGS arm64: Avoid premature usercopy failure powerpc/bpf: Fix BPF_MOD when imm == 1 ARM: 9141/1: only warn about XIP address when not compile testing ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype ARM: 9134/1: remove duplicate memcpy() definition ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned ANDROID: Incremental fs: Fix dentry get/put imbalance on vfs_mkdir() failure Linux 4.19.214 ARM: 9122/1: select HAVE_FUTEX_CMPXCHG tracing: Have all levels of checks prevent recursion net: mdiobus: Fix memory leak in __mdiobus_register scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() ALSA: hda: avoid write to STATESTS if controller is in reset platform/x86: intel_scu_ipc: Update timeout value in comment isdn: mISDN: Fix sleeping function called from invalid context ARM: dts: spear3xx: Fix gmac node net: stmmac: add support for dwmac 3.40a btrfs: deal with errors when checking if a dir entry exists during log replay gcc-plugins/structleak: add makefile var for disabling structleak netfilter: Kconfig: use 'default y' instead of 'm' for bool config option isdn: cpai: check ctr->cnr to avoid array index out of bound nfc: nci: fix the UAF of rf_conn_info object mm, slub: fix mismatch between reconstructed freelist depth and cnt ASoC: DAPM: Fix missing kctl change notifications ALSA: hda/realtek: Add quirk for Clevo PC50HS ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset vfs: check fd has read access in kernel_read_file_from_fd() elfcore: correct reference to CONFIG_UML ocfs2: mount fails with buffer overflow in strlen ocfs2: fix data corruption after conversion from inline format can: peak_pci: peak_pci_remove(): fix UAF can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification can: rcar_can: fix suspend/resume net: hns3: disable sriov before unload hclge layer net: hns3: add limit ets dwrr bandwidth cannot be 0 NIOS2: irqflags: rename a redefined register name lan78xx: select CRC32 netfilter: ipvs: make global sysctl readonly in non-init netns ASoC: wm8960: Fix clock configuration on slave mode dma-debug: fix sg checks in debug_dma_map_sg() NFSD: Keep existing listeners on portlist error xtensa: xtfpga: Try software restart before simulating CPU reset xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default UPSTREAM: crypto: arm/blake2s - fix for big endian ANDROID: gki_defconfig: enable BLAKE2b support BACKPORT: crypto: arm/blake2b - add NEON-accelerated BLAKE2b BACKPORT: crypto: blake2b - update file comment BACKPORT: crypto: blake2b - sync with blake2s implementation UPSTREAM: wireguard: Kconfig: select CRYPTO_BLAKE2S_ARM UPSTREAM: crypto: arm/blake2s - add ARM scalar optimized BLAKE2s UPSTREAM: crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h> UPSTREAM: crypto: blake2s - adjust include guard naming UPSTREAM: crypto: blake2s - add comment for blake2s_state fields UPSTREAM: crypto: blake2s - optimize blake2s initialization BACKPORT: crypto: blake2s - share the "shash" API boilerplate code UPSTREAM: crypto: blake2s - move update and final logic to internal/blake2s.h UPSTREAM: crypto: blake2s - remove unneeded includes UPSTREAM: crypto: x86/blake2s - define shash_alg structs using macros UPSTREAM: crypto: blake2s - define shash_alg structs using macros UPSTREAM: crypto: lib/blake2s - Move selftest prototype into header file UPSTREAM: crypto: blake2b - Fix clang optimization for ARMv7-M UPSTREAM: crypto: blake2b - rename tfm context and _setkey callback UPSTREAM: crypto: blake2b - merge _update to api callback UPSTREAM: crypto: blake2b - open code set last block helper UPSTREAM: crypto: blake2b - delete unused structs or members UPSTREAM: crypto: blake2b - simplify key init UPSTREAM: crypto: blake2b - merge blake2 init to api callback UPSTREAM: crypto: blake2b - merge _final implementation to callback BACKPORT: crypto: testmgr - add test vectors for blake2b BACKPORT: crypto: blake2b - add blake2b generic implementation Linux 4.19.213 r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 qed: Fix missing error code in qed_slowpath_start() mqprio: Correct stats in mqprio_dump_class_stats(). acpi/arm64: fix next_platform_timer() section mismatch error drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() drm/msm: Fix null pointer dereference on pointer edp platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call pata_legacy: fix a couple uninitialized variable bugs NFC: digital: fix possible memory leak in digital_in_send_sdd_req() NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() nfc: fix error handling of nfc_proto_register() ethernet: s2io: fix setting mac address during resume net: encx24j600: check error in devm_regmap_init_encx24j600 net: korina: select CRC32 net: arc: select CRC32 sctp: account stream padding length for reconf chunk iio: dac: ti-dac5571: fix an error code in probe() iio: ssp_sensors: fix error code in ssp_print_mcu_debug() iio: ssp_sensors: add more range checking in ssp_parse_dataframe() iio: light: opt3001: Fixed timeout error when 0 lux iio: adc128s052: Fix the error handling path of 'adc128_probe()' iio: adc: aspeed: set driver data when adc probe. x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells virtio: write back F_VERSION_1 before validate USB: serial: option: add prod. id for Quectel EG91 USB: serial: option: add Telit LE910Cx composition 0x1204 USB: serial: option: add Quectel EC200S-CN module support USB: serial: qcserial: add EM9191 QDL support Input: xpad - add support for another USB ID of Nacon GC-100 usb: musb: dsps: Fix the probe error path efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() efi/cper: use stack buffer for error record decoding cb710: avoid NULL pointer subtraction xhci: Enable trust tx length quirk for Fresco FL11 USB controller xhci: Fix command ring pointer corruption while aborting a command xhci: guard accesses to ep_state in xhci_endpoint_reset() mei: me: add Ice Lake-N device id. x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails btrfs: check for error when looking up inode during dir entry replay btrfs: deal with errors when adding inode reference during log replay btrfs: deal with errors when replaying dir entry during log replay s390: fix strrchr() implementation nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^' ALSA: hda/realtek - ALC236 headset MIC recording issue ALSA: hda/realtek: Add quirk for Clevo X170KM-G ALSA: hda/realtek: Complete partial device name to avoid ambiguity ALSA: seq: Fix a potential UAF by wrong private_free call order Linux 4.19.212 sched: Always inline is_percpu_thread() perf/x86: Reset destroy callback on event init failure scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" scsi: ses: Fix unsigned comparison with less than zero net: sun: SUNVNET_COMMON should depend on INET mac80211: check return value of rhashtable_init net: prevent user from passing illegal stab size m68k: Handle arrivals of multiple signals correctly mac80211: Drop frames from invalid MAC address in ad-hoc mode netfilter: ip6_tables: zero-initialize fragment offset HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS net: phy: bcm7xxx: Fixed indirect MMD operations Revert "lib/timerqueue: Rely on rbtree semantics for next timer" Linux 4.19.211 x86/Kconfig: Correct reference to MWINCHIP3D i2c: acpi: fix resource leak in reconfiguration device addition i40e: Fix freeing of uninitialized misc IRQ vector i40e: fix endless loop under rtnl rtnetlink: fix if_nlmsg_stats_size() under estimation drm/nouveau/debugfs: fix file release memory leak netlink: annotate data races around nlk->bound net: sfp: Fix typo in state machine debug string net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence ptp_pch: Load module automatically if ID matches powerpc/fsl/dts: Fix phy-connection-type for fm1mac3 net_sched: fix NULL deref in fifo_set_limit() phy: mdio: fix memory leak bpf: Fix integer overflow in prealloc_elems_and_freelist() bpf, arm: Fix register clobbering in div/mod implementation xtensa: call irqchip_init only when CONFIG_USE_OF is selected bpf, mips: Validate conditional branch offsets ARM: dts: qcom: apq8064: use compatible which contains chipid ARM: dts: omap3430-sdp: Fix NAND device node xen/balloon: fix cancelled balloon action nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero ovl: fix missing negative dentry check in ovl_rename() xen/privcmd: fix error handling in mmap-resource processing USB: cdc-acm: fix break reporting USB: cdc-acm: fix racy tty buffer accesses Partially revert "usb: Kconfig: using select for USB_COMMON dependency" ANDROID: Different fix for KABI breakage in 4.19.209 in struct sock ANDROID: GKI: update .xml file for struct sock change Linux 4.19.210 lib/timerqueue: Rely on rbtree semantics for next timer libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. tools/vm/page-types: remove dependency on opt_file for idle page tracking scsi: ses: Retry failed Send/Receive Diagnostic commands selftests: be sure to make khdr before other targets usb: dwc2: check return value after calling platform_get_resource() usb: testusb: Fix for showing the connection speed scsi: sd: Free scsi_disk device via put_device() ext2: fix sleeping in atomic bugs on error sparc64: fix pci_iounmap() when CONFIG_PCI is not set xen-netback: correct success/error reporting for the SKB-with-fraglist case net: mdio: introduce a shutdown method to mdio device drivers ANDROID: Fix up KABI breakage in 4.19.209 in struct sock FROMLIST: dm-verity: skip verity_handle_error on I/O errors Linux 4.19.209 cred: allow get_cred() and put_cred() to be given NULL. HID: usbhid: free raw_report buffers in usbhid_stop netfilter: ipset: Fix oversized kvmalloc() calls HID: betop: fix slab-out-of-bounds Write in betop_probe crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() usb: hso: remove the bailout parameter usb: hso: fix error handling code of hso_create_net_device hso: fix bailout in error case of probe ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE ARM: 9079/1: ftrace: Add MODULE_PLTS support ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() ARM: 9077/1: PLT: Move struct plt_entries definition to header EDAC/synopsys: Fix wrong value type assignment for edac_mode net: udp: annotate data race around udp_sk(sk)->corkflag ext4: fix potential infinite loop in ext4_dx_readdir() ipack: ipoctal: fix module reference leak ipack: ipoctal: fix missing allocation-failure check ipack: ipoctal: fix tty-registration error handling ipack: ipoctal: fix tty registration race ipack: ipoctal: fix stack information leak elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings af_unix: fix races in sk_peer_pid and sk_peer_cred accesses scsi: csiostor: Add module softdep on cxgb4 Revert "block, bfq: honor already-setup queue merges" e100: fix buffer overrun in e100_get_regs e100: fix length calculation in e100_get_regs_len hwmon: (tmp421) fix rounding for negative values hwmon: (tmp421) report /PVLD condition as fault hwmon: (tmp421) Replace S_<PERMS> with octal values sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 drm/amd/display: Pass PCI deviceid into DC x86/kvmclock: Move this_cpu_pvti into kvmclock.h mac80211: fix use-after-free in CCMP/GCMP RX cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory cpufreq: schedutil: Use kobject release() method to free sugov_tunables tty: Fix out-of-bound vmalloc access in imageblit qnx4: work around gcc false positive warning bug xen/balloon: fix balloon kthread freezing tcp: adjust rto_base in retransmits_timed_out() tcp: create a helper to model exponential backoff tcp: always set retrans_stamp on recovery tcp: address problems caused by EDT misshaps PCI: aardvark: Fix checking for PIO status arm64: dts: marvell: armada-37xx: Extend PCIe MEM space erofs: fix up erofs_lookup tracepoint spi: Fix tegra20 build with CONFIG_PM=n net: 6pack: Fix tx timeout and slot time alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile arm64: Mark __stack_chk_guard as __ro_after_init parisc: Use absolute_pointer() to define PAGE0 qnx4: avoid stringop-overread errors sparc: avoid stringop-overread errors net: i825xx: Use absolute_pointer for memcpy from fixed memory location compiler.h: Introduce absolute_pointer macro nvme-multipath: fix ANA state updates when a namespace is not present xen/balloon: use a kernel thread instead a workqueue m68k: Double cast io functions to unsigned long net: stmmac: allow CSR clock of 300MHz net: macb: fix use after free on rmmod blktrace: Fix uaf in blk_trace access after removing by sysfs md: fix a lock order reversal in md_alloc irqchip/gic-v3-its: Fix potential VPE leak on error irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build thermal/core: Potential buffer overflow in thermal_build_list_of_policies() fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() fpga: machxo2-spi: Return an error on failure tty: synclink_gt: rename a conflicting function name tty: synclink_gt, drop unneeded forward declarations scsi: iscsi: Adjust iface sysfs attr detection net/mlx4_en: Don't allow aRFS for encapsulated packets gpio: uniphier: Fix void functions to remove return value net/smc: add missing error check in smc_clc_prfx_set() bnxt_en: Fix TX timeout when TX ring size is set to the smallest net: hso: fix muxed tty registration serial: mvebu-uart: fix driver's tx_empty callback mcb: fix error handling in mcb_alloc_bus() USB: serial: option: add device id for Foxconn T99W265 USB: serial: option: remove duplicate USB device ID USB: serial: option: add Telit LN920 compositions USB: serial: mos7840: remove duplicated 0xac24 device ID Re-enable UAS for LaCie Rugged USB3-FW with fk quirk staging: greybus: uart: fix tty use after free USB: cdc-acm: fix minor-number release USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c xen/x86: fix PV trap handling on secondary processors cifs: fix incorrect check for null pointer in header_assemble usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA usb: gadget: r8a66597: fix a loop in set_feature() ocfs2: drop acl cache for directories too ANDROID: GKI: update ABI xml ANDROID: GKI: Update aarch64 cuttlefish symbol list ANDROID: GKI: rework the ANDROID_KABI_USE() macro to not use __UNIQUE() BACKPORT: loop: Set correct device size when using LOOP_CONFIGURE Linux 4.19.208 drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() pwm: stm32-lp: Don't modify HW state in .remove() callback pwm: rockchip: Don't modify HW state in .remove() callback pwm: img: Don't modify HW state in .remove() callback nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group nilfs2: fix NULL pointer in nilfs_##name##_attr_release nilfs2: fix memory leak in nilfs_sysfs_create_device_group ceph: lockdep annotations for try_nonblocking_invalidate dmaengine: xilinx_dma: Set DMA mask for coherent APIs dmaengine: ioat: depends on !UML dmaengine: sprd: Add missing MODULE_DEVICE_TABLE parisc: Move pci_dev_is_behind_card_dino to where it is used drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered profiling: fix shift-out-of-bounds bugs nilfs2: use refcount_dec_and_lock() to fix potential UAF prctl: allow to setup brk for et_dyn executables 9p/trans_virtio: Remove sysfs file on probe failure thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() dmaengine: acpi: Avoid comparison GSI with Linux vIRQ sctp: add param size validation for SCTP_PARAM_SET_PRIMARY sctp: validate chunk size in __rcv_asconf_lookup tracing/kprobe: Fix kprobe_on_func_entry() modification crypto: talitos - fix max key size for sha384 and sha512 apparmor: remove duplicate macro list_entry_is_head() rcu: Fix missed wakeup of exp_wq waiters KVM: remember position in kvm->vcpus array s390/bpf: Fix optimizing out zero-extensions Linux 4.19.207 s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant net: renesas: sh_eth: Fix freeing wrong tx descriptor ip_gre: validate csum_start only on pull qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom fq_codel: reject silly quantum parameters netfilter: socket: icmp6: fix use-after-scope net: dsa: b53: Fix calculating number of switch ports ARC: export clear_user_page() for modules mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n KVM: arm64: Handle PSCI resets before userspace touches vCPU state PCI: Fix pci_dev_str_match_path() alloc while atomic bug mfd: axp20x: Update AXP288 volatile ranges NTB: perf: Fix an error code in perf_setup_inbuf() ethtool: Fix an error code in cxgb2.c block, bfq: honor already-setup queue merges net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 PCI: Add ACS quirks for Cavium multi-function devices mfd: Don't use irq_create_mapping() to resolve a mapping dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation KVM: s390: index kvm->arch.idle_mask by vcpu_idx mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() net: hns3: pad the short tunnel frame before sending to hardware ibmvnic: check failover_pending in login response qed: Handle management FW error tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup net/af_unix: fix a data-race in unix_dgram_poll events: Reuse value read using READ_ONCE instead of re-reading it net/mlx5: Fix potential sleeping in atomic context perf machine: Initialize srcline string member in add_location struct tipc: increase timeout in tipc_sk_enqueue() r6040: Restore MDIO clock frequency after MAC reset net/l2tp: Fix reference count leak in l2tp_udp_recv_core dccp: don't duplicate ccid when cloning dccp sock ptp: dp83640: don't define PAGE0 net-caif: avoid user-triggerable WARN_ON(1) tipc: fix an use-after-free issue in tipc_recvmsg x86/mm: Fix kern_addr_valid() to cope with existing but not present entries PCI: Add AMD GPU multi-function power dependencies PM: base: power: don't try to use non-existing RTC for storing data arm64/sve: Use correct size when reinitialising SVE state bnx2x: Fix enabling network interfaces without VFs xen: reset legacy rtc flag for PV domU dm thin metadata: Fix use-after-free in dm_bm_set_read_only drm/amdgpu: Fix BUG_ON assert platform/chrome: cros_ec_proto: Send command again when timeout occurs memcg: enable accounting for pids in nested pid namespaces mm/hugetlb: initialize hugetlb_usage in mm_init cpufreq: powernv: Fix init_chip_info initialization in numa=off scsi: qla2xxx: Sync queue idx with queue_pair_map idx scsi: BusLogic: Fix missing pr_cont() use ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() parisc: fix crash with signals and alloca net: w5100: check return value after calling platform_get_resource() net: fix NULL pointer reference in cipso_v4_doi_free ath9k: fix sleeping in atomic context ath9k: fix OOB read ar9300_eeprom_restore_internal parport: remove non-zero check on count ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B ASoC: rockchip: i2s: Fix regmap_ops hang usbip:vhci_hcd USB port can get stuck in the disabled state usbip: give back URBs for unsent unlink requests during cleanup usb: musb: musb_dsps: request_irq() after initializing musb Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" cifs: fix wrong release in sess_alloc_buffer() failed path mmc: core: Return correct emmc response in case of ioctl error selftests/bpf: Enlarge select() timeout for test_maps mmc: rtsx_pci: Fix long reads when clock is prescaled mmc: sdhci-of-arasan: Check return value of non-void funtions of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS gfs2: Don't call dlm after protocol is unmounted staging: rts5208: Fix get_ms_information() heap buffer size rpc: fix gss_svc_init cleanup on failure tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD serial: sh-sci: fix break handling for sysrq Bluetooth: Fix handling of LE Enhanced Connection Complete ARM: tegra: tamonten: Fix UART pad setting gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() Bluetooth: avoid circular locks in sco_sock_connect Bluetooth: schedule SCO timeouts with delayed_work net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() arm64: dts: qcom: sdm660: use reg value for memory node ARM: dts: imx53-ppd: Fix ACHC entry media: tegra-cec: Handle errors of clk_prepare_enable() media: TDA1997x: fix tda1997x_query_dv_timings() return value media: v4l2-dv-timings.c: fix wrong condition in two for-loops media: imx258: Limit the max analogue gain to 480 media: imx258: Rectify mismatch of VTS value ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() Bluetooth: skip invalid hci_sync_conn_complete_evt ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() samples: bpf: Fix tracex7 error raised on the missing argument staging: ks7010: Fix the initialization of the 'sleep_status' structure serial: 8250_pci: make setup_port() parameters explicitly unsigned hvsi: don't panic on tty_register_driver failure xtensa: ISS: don't panic in rs_init serial: 8250: Define RX trigger levels for OxSemi 950 devices s390/jump_label: print real address in a case of a jump label bug flow_dissector: Fix out-of-bounds warnings ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() video: fbdev: riva: Error out if 'pixclock' equals zero video: fbdev: kyro: Error out if 'pixclock' equals zero video: fbdev: asiliantfb: Error out if 'pixclock' equals zero bpf/tests: Do not PASS tests without actually testing the result bpf/tests: Fix copy-and-paste error in double word test drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex tty: serial: jsm: hold port lock when reporting modem line changes staging: board: Fix uninitialized spinlock when attaching genpd usb: gadget: composite: Allow bMaxPower=0 if self-powered usb: gadget: u_ether: fix a potential null pointer dereference usb: host: fotg210: fix the actual_length of an iso packet usb: host: fotg210: fix the endpoint's transactional opportunities calculation Smack: Fix wrong semantics in smk_access_entry() netlink: Deal with ESRCH error in nlmsg_notify() video: fbdev: kyro: fix a DoS bug by restricting user input ARM: dts: qcom: apq8064: correct clock names iio: dac: ad5624r: Fix incorrect handling of an optional regulator. tipc: keep the skb in rcv queue until the whole data is read PCI: Use pci_update_current_state() in pci_enable_device_flags() crypto: mxs-dcp - Use sg_mapping_iter to copy data media: dib8000: rewrite the init prbs logic userfaultfd: prevent concurrent API initialization MIPS: Malta: fix alignment of the devicetree buffer f2fs: fix to unmap pages from userspace process in punch_hole() f2fs: fix to account missing .skipped_gc_rwsem fscache: Fix cookie key hashing platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call scsi: qedi: Fix error codes in qedi_alloc_global_queues() pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() openrisc: don't printk() unconditionally powerpc/stacktrace: Include linux/delay.h vfio: Use config not menuconfig for VFIO_NOIOMMU pinctrl: samsung: Fix pinctrl bank pin count docs: Fix infiniband uverbs minor number RDMA/iwcm: Release resources if iw_cm module initialization fails HID: input: do not report stylus battery state as "full" PCI: aardvark: Fix masking and unmasking legacy INTx interrupts PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response PCI: xilinx-nwl: Enable the clock through CCF PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported ARM: 9105/1: atags_to_fdt: don't warn about stack size libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs media: rc-loopback: return number of emitters rather than error media: uvc: don't do DMA on stack VMCI: fix NULL pointer dereference when unmapping queue pair dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() power: supply: max17042: handle fails of reading status register block: bfq: fix bfq_set_next_ioprio_data() crypto: public_key: fix overflow during implicit conversion arm64: head: avoid over-mapping in map_memory soc: aspeed: lpc-ctrl: Fix boundary check for mmap tools/thermal/tmon: Add cross compiling support bpf: Fix pointer arithmetic mask tightening under state pruning bpf: verifier: Allocate idmap scratch in verifier env bpf: Fix leakage due to insufficient speculative store bypass mitigation bpf: Introduce BPF nospec instruction for mitigating Spectre v4 selftests/bpf: fix tests due to const spill/fill bpf: track spill/fill of constants selftests/bpf: Test variable offset stack access bpf: Sanity check max value for var_off stack access bpf: Reject indirect var_off stack access in unpriv mode bpf: Reject indirect var_off stack access in raw mode bpf: Support variable offset stack access from helpers bpf: correct slot_type marking logic to allow more stack slot sharing bpf/verifier: per-register parent pointers 9p/xen: Fix end of loop tests for list_for_each_entry include/linux/list.h: add a macro to test if entry is pointing to the head xen: fix setting of max_pfn in shared_info powerpc/perf/hv-gpci: Fix counter value parsing PCI/MSI: Skip masking MSI-X on Xen PV blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN blk-zoned: allow zone management send operations without CAP_SYS_ADMIN btrfs: reset replace target device to allocation state on close rtc: tps65910: Correct driver module alias clk: kirkwood: Fix a clocking boot regression backlight: pwm_bl: Improve bootloader/kernel device handover fbmem: don't allow too huge resolutions IMA: remove the dependency on CRYPTO_MD5 IMA: remove -Wmissing-prototypes warning KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted x86/resctrl: Fix a maybe-uninitialized build warning treated as error tty: Fix data race between tiocsti() and flush_to_ldisc() ubifs: report correct st_size for encrypted symlinks f2fs: report correct st_size for encrypted symlinks ext4: report correct st_size for encrypted symlinks fscrypt: add fscrypt_symlink_getattr() for computing st_size netns: protect netns ID lookups with RCU ipv4: fix endianness issue in inet_rtm_getroute_build_skb() net: qualcomm: fix QCA7000 checksum handling net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed ipv4: make exception cache less predictible bcma: Fix memory leak for internally-handled cores ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() tty: serial: fsl_lpuart: fix the wrong mapbase value usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available usb: ehci-orion: Handle errors of clk_prepare_enable() in probe i2c: mt65xx: fix IRQ check CIFS: Fix a potencially linear read overflow mmc: moxart: Fix issue with uninitialized dma_slave_config mmc: dw_mmc: Fix issue with uninitialized dma_slave_config i2c: s3c2410: fix IRQ check i2c: iop3xx: fix deferred probing Bluetooth: add timeout sanity check to hci_inquiry usb: gadget: mv_u3d: request_irq() after initializing UDC mac80211: Fix insufficient headroom issue for AMSDU usb: phy: tahvo: add IRQ check usb: host: ohci-tmio: add IRQ check Bluetooth: Move shutdown callback before flushing tx and rx queue usb: phy: twl6030: add IRQ checks usb: phy: fsl-usb: add IRQ check usb: gadget: udc: at91: add IRQ check drm/msm/dsi: Fix some reference counted resource leaks Bluetooth: fix repeated calls to sco_sock_kill arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow soc: qcom: smsm: Fix missed interrupts if state changes while masked PCI: PM: Enable PME if it can be signaled from D3cold PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently media: venus: venc: Fix potential null pointer dereference on pointer fmt media: em28xx-input: fix refcount bug in em28xx_usb_disconnect i2c: highlander: add IRQ check net: cipso: fix warnings in netlbl_cipsov4_add_std tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos Bluetooth: sco: prevent information leak in sco_conn_defer_accept() media: go7007: remove redundant initialization media: dvb-usb: fix uninit-value in vp702x_read_mac_addr media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally media: TDA1997x: enable EDID support spi: sprd: Fix the wrong WDG_LOAD_VAL certs: Trigger creation of RSA module signing key if it's not an RSA key crypto: qat - use proper type for vf_mask clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel lib/mpi: use kcalloc in mpi_resize spi: spi-pic32: Fix issue with uninitialized dma_slave_config spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config m68k: emu: Fix invalid free in nfeth_cleanup() udf_get_extendedattr() had no boundary checks. fcntl: fix potential deadlock for &fasync_struct.fa_lock crypto: qat - do not export adf_iov_putmsg() crypto: qat - fix naming for init/shutdown VF to PF notifications crypto: qat - fix reuse of completion variable crypto: qat - handle both source of interrupt in VF ISR crypto: qat - do not ignore errors from enable_vf2pf_comms() libata: fix ata_host_start() s390/cio: add dev_busid sysfs entry for each subchannel power: supply: max17042_battery: fix typo in MAx17042_TOFF nvme-rdma: don't update queue count when failing to set io queues bcache: add proper error unwinding in bcache_device_init isofs: joliet: Fix iocharset=utf8 mount option udf: Check LVID earlier hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() sched/deadline: Fix missing clock update in migrate_task_rq_dl() crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors sched/deadline: Fix reset_on_fork reporting of DL tasks crypto: mxs-dcp - Check for DMA mapping errors regmap: fix the offset of register error log locking/mutex: Fix HANDOFF condition PCI: Call Max Payload Size-related fixup quirks early x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions usb: mtu3: fix the wrong HS mult value usb: mtu3: use @mult for HS isoc or intr usb: host: xhci-rcar: Don't reload firmware after the completion ALSA: usb-audio: Add registration quirk for JBL Quantum 800 Revert "btrfs: compression: don't try to compress if we don't have enough pages" mm/page_alloc: speed up the iteration of max_order net: ll_temac: Remove left-over debug message powerpc/boot: Delete unneeded .globl _zimage_start powerpc/module64: Fix comment in R_PPC64_ENTRY handling crypto: talitos - reduce max key size for SEC1 SUNRPC/nfs: Fix return value for nfs4_callback_compound() ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) USB: serial: mos7720: improve OOM-handling in read_mos_reg() igmp: Add ip_mc_list lock in ip_check_mc_rcu ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init ARM: imx: add missing clk_disable_unprepare() media: stkwebcam: fix memory leak in stk_camera_probe clk: fix build warning for orphan_list ALSA: pcm: fix divide error in snd_pcm_lib_ioctl ARM: 8918/2: only build return_address() if needed cryptoloop: add a deprecation warning perf/x86/amd/ibs: Work around erratum #1197 perf/x86/intel/pt: Fix mask of num_address_ranges qede: Fix memset corruption net: macb: Add a NULL check on desc_ptp qed: Fix the VF msix vectors flow gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG ext4: fix race writing to an inline_data file while its xattrs are changing Change-Id: I08884d5bddbf0379ea1fa1b8adea086f4fd5a87d Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> Conflicts: arch/arm/Makefile drivers/clk/clk.c drivers/nvmem/core.c include/trace/events/f2fs.h kernel/sched/cpufreq_schedutil.c kernel/time/hrtimer.c mm/page_alloc.c net/ipv4/tcp_timer.c |
||
Todd Kjos
|
2a4f6c6295 |
BACKPORT: binder: use cred instead of task for selinux checks
commit 52f88693378a58094c538662ba652aff0253c4fe upstream.
Since binder was integrated with selinux, it has passed
'struct task_struct' associated with the binder_proc
to represent the source and target of transactions.
The conversion of task to SID was then done in the hook
implementations. It turns out that there are race conditions
which can result in an incorrect security context being used.
Fix by using the 'struct cred' saved during binder_open and pass
it to the selinux subsystem.
Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables)
Fixes:
|
||
Greg Kroah-Hartman
|
9b733ddbfa |
Revert "ANDROID: sdcardfs: Enable modular sdcardfs"
This reverts commit c0dbfed5ff9fce7a701a33587ea5fea6a84f4dc3 as it is not needed now that sdcardfs is gone. Bug: 157700134 Cc: Daniel Rosenberg <drosen@google.com> Cc: Guenter Roeck <groeck@chromium.org> Cc: Alistair Strachan <astrachan@google.com> Cc: Yongqin Liu <yongqin.liu@linaro.org> Cc: Daniel Rosenberg <drosen@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ie7f7bd51fe7e6b9ddb27883d11d959cf69d0361c |
||
Will McVicker
|
0a2394dc5a |
ANDROID: GKI: export symbols from abi_gki_aarch64_qcom_whitelist
Run the script, $ ../build/gki/add_EXPORT_SYMBOL_GPL < abi_gki_aarch64_qcom_whitelist This will export all the required symbols that are in this kernel. Signed-off-by: Will McVicker <willmcvicker@google.com> Bug: 153886473 Test: compile Change-Id: I703509d75104cd86f472481346e3efbd235121ab |
||
|
Greg Kroah-Hartman
|
8cb4870403 |
This is the 4.19.98 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4pSYMACgkQONu9yGCS aT7Rkg/8C/AXaTp+2HxRj3ZO56uzpMBMb5duBzdzxnEnvFp+DIM7xxRX+NFI5CSK 4rjnxMd2tPsFtqiWo/bBCUcHh9gu5HJKOMFRZGaRYAXvJ/8hgahgzkBE00JiAB6r mrk9Y/pwcKxMFsAHtu3xM0oENeefXOmavVTHc9N3DQLd3hNuyTrPztBMFaDg8djR pSwh1uE2G+Z2UOdi2kXmHiEIG6NViIqp+qFYI5CUIyeKfvOEsR5nSQ97LyNQ+dUX qshARQFuk78+Ax+GNPTQXiWdzN7+SH5aw5frFtdhAN90F+XrRDj4ZXw+EkX+/M2J NZU9P/v41ESG8RWxbAZ6osAUkQ4Dgq2BQpdyRxNNjTchXc0Kr4K6BCKuhY6cGxS7 0PXPV7MsuAHYIrIvzG2lqif9gmknA0UrGVKuYJIZxBaWlHD2mEkFby0W0HIcBwir yKKK3fkFjmsGKYzh+VZVoGySWDbs7qYASWXHOCz0QCLb0CT8/ePbyxLdjY7u5KyX wDaDHXG9nm6Nu68HD/9CRnUkiK8dnsODZ0k+sBZfEa+xvHPJCdv3gnrf4SwU7dj7 ZyhO9XkFzncOJDoxYxiXTfI+zbU1ZhaDw7fk2PFvAI6P1xRS3m6rp8pDWp8iw/MX 92Sz1YzS68+otHLi+OBGxzu10PwMDtu2nUvqn68SYq6Rp0mZnnE= =2O94 -----END PGP SIGNATURE----- Merge 4.19.98 into android-4.19 Changes in 4.19.98 ARM: dts: meson8: fix the size of the PMU registers clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs dt-bindings: reset: meson8b: fix duplicate reset IDs ARM: dts: imx6q-dhcom: fix rtc compatible clk: Don't try to enable critical clocks if prepare failed ASoC: msm8916-wcd-digital: Reset RX interpolation path after use iio: buffer: align the size of scan bytes to size of the largest element USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx USB: serial: option: Add support for Quectel RM500Q USB: serial: opticon: fix control-message timeouts USB: serial: option: add support for Quectel RM500Q in QDL mode USB: serial: suppress driver bind attributes USB: serial: ch341: handle unbound port at reset_resume USB: serial: io_edgeport: handle unbound ports on URB completion USB: serial: io_edgeport: add missing active-port sanity check USB: serial: keyspan: handle unbound ports USB: serial: quatech2: handle unbound ports scsi: fnic: fix invalid stack access scsi: mptfusion: Fix double fetch bug in ioctl ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 ASoC: msm8916-wcd-analog: Fix MIC BIAS Internal1 ARM: dts: imx6q-dhcom: Fix SGTL5000 VDDIO regulator connection ALSA: dice: fix fallback from protocol extension into limited functionality ALSA: seq: Fix racy access for queue timer in proc read ALSA: usb-audio: fix sync-ep altsetting sanity check arm64: dts: allwinner: a64: olinuxino: Fix SDIO supply regulator Fix built-in early-load Intel microcode alignment block: fix an integer overflow in logical block size ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number LSM: generalize flag passing to security_capable ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() usb: core: hub: Improved device recognition on remote wakeup x86/resctrl: Fix an imbalance in domain_remove_cpu() x86/CPU/AMD: Ensure clearing of SME/SEV features is maintained x86/efistub: Disable paging at mixed mode entry drm/i915: Add missing include file <linux/math64.h> x86/resctrl: Fix potential memory leak perf hists: Fix variable name's inconsistency in hists__for_each() macro perf report: Fix incorrectly added dimensions as switch perf data file mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD alignment mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is valid btrfs: rework arguments of btrfs_unlink_subvol btrfs: fix invalid removal of root ref btrfs: do not delete mismatched root refs btrfs: fix memory leak in qgroup accounting mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() ARM: dts: imx6qdl: Add Engicam i.Core 1.5 MX6 ARM: dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL ARM: dts: imx7: Fix Toradex Colibri iMX7S 256MB NAND flash support net: stmmac: 16KB buffer must be 16 byte aligned net: stmmac: Enable 16KB buffer size mm/huge_memory.c: make __thp_get_unmapped_area static mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD alignment arm64: dts: agilex/stratix10: fix pmu interrupt numbers bpf: Fix incorrect verifier simulation of ARSH under ALU32 cfg80211: fix deadlocks in autodisconnect work cfg80211: fix memory leak in cfg80211_cqm_rssi_update cfg80211: fix page refcount issue in A-MSDU decap netfilter: fix a use-after-free in mtype_destroy() netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct netfilter: nft_tunnel: fix null-attribute check netfilter: nf_tables: remove WARN and add NLA_STRING upper limits netfilter: nf_tables: store transaction list locally while requesting module netfilter: nf_tables: fix flowtable list del corruption NFC: pn533: fix bulk-message timeout batman-adv: Fix DAT candidate selection on little endian systems macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() hv_netvsc: Fix memory leak when removing rndis device net: dsa: tag_qca: fix doubled Tx statistics net: hns: fix soft lockup when there is not enough memory net: usb: lan78xx: limit size of local TSO packets net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info ptp: free ptp device pin descriptors properly r8152: add missing endpoint sanity check tcp: fix marked lost packets not being retransmitted sh_eth: check sh_eth_cpu_data::dual_port when dumping registers mlxsw: spectrum: Wipe xstats.backlog of down ports mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk tcp: refine rule to allow EPOLLOUT generation under mem pressure irqchip: Place CONFIG_SIFIVE_PLIC into the menu cw1200: Fix a signedness bug in cw1200_load_firmware() arm64: dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node cfg80211: check for set_wiphy_params tick/sched: Annotate lockless access to last_jiffies_update arm64: dts: marvell: Fix CP110 NAND controller node multi-line comment alignment Revert "arm64: dts: juno: add dma-ranges property" mtd: devices: fix mchp23k256 read and write drm/nouveau/bar/nv50: check bar1 vmm return value drm/nouveau/bar/gf100: ensure BAR is mapped drm/nouveau/mmu: qualify vmm during dtor reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr scsi: esas2r: unlock on error in esas2r_nvram_read_direct() scsi: qla4xxx: fix double free bug scsi: bnx2i: fix potential use after free scsi: target: core: Fix a pr_debug() argument scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan scsi: core: scsi_trace: Use get_unaligned_be*() perf probe: Fix wrong address verification clk: sprd: Use IS_ERR() to validate the return value of syscon_regmap_lookup_by_phandle() regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id hwmon: (pmbus/ibm-cffps) Switch LEDs to blocking brightness call Linux 4.19.98 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I74a43a9e60734aec6d24b10374ba97de89172eca |
||
Micah Morton
|
87ca9aaf0c |
LSM: generalize flag passing to security_capable
[ Upstream commit c1a85a00ea66cb6f0bd0f14e47c28c2b0999799f ] This patch provides a general mechanism for passing flags to the security_capable LSM hook. It replaces the specific 'audit' flag that is used to tell security_capable whether it should log an audit message for the given capability check. The reason for generalizing this flag passing is so we can add an additional flag that signifies whether security_capable is being called by a setid syscall (which is needed by the proposed SafeSetID LSM). Signed-off-by: Micah Morton <mortonm@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Joel Fernandes (Google)
|
89ae5a7cad |
BACKPORT: perf_event: Add support for LSM and SELinux checks
In current mainline, the degree of access to perf_event_open(2) system call depends on the perf_event_paranoid sysctl. This has a number of limitations: 1. The sysctl is only a single value. Many types of accesses are controlled based on the single value thus making the control very limited and coarse grained. 2. The sysctl is global, so if the sysctl is changed, then that means all processes get access to perf_event_open(2) opening the door to security issues. This patch adds LSM and SELinux access checking which will be used in Android to access perf_event_open(2) for the purposes of attaching BPF programs to tracepoints, perf profiling and other operations from userspace. These operations are intended for production systems. 5 new LSM hooks are added: 1. perf_event_open: This controls access during the perf_event_open(2) syscall itself. The hook is called from all the places that the perf_event_paranoid sysctl is checked to keep it consistent with the systctl. The hook gets passed a 'type' argument which controls CPU, kernel and tracepoint accesses (in this context, CPU, kernel and tracepoint have the same semantics as the perf_event_paranoid sysctl). Additionally, I added an 'open' type which is similar to perf_event_paranoid sysctl == 3 patch carried in Android and several other distros but was rejected in mainline [1] in 2016. 2. perf_event_alloc: This allocates a new security object for the event which stores the current SID within the event. It will be useful when the perf event's FD is passed through IPC to another process which may try to read the FD. Appropriate security checks will limit access. 3. perf_event_free: Called when the event is closed. 4. perf_event_read: Called from the read(2) and mmap(2) syscalls for the event. 5. perf_event_write: Called from the ioctl(2) syscalls for the event. [1] https://lwn.net/Articles/696240/ Since Peter had suggest LSM hooks in 2016 [1], I am adding his Suggested-by tag below. To use this patch, we set the perf_event_paranoid sysctl to -1 and then apply selinux checking as appropriate (default deny everything, and then add policy rules to give access to domains that need it). In the future we can remove the perf_event_paranoid sysctl altogether. Suggested-by: Peter Zijlstra <peterz@infradead.org> Co-developed-by: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: James Morris <jmorris@namei.org> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: rostedt@goodmis.org Cc: Yonghong Song <yhs@fb.com> Cc: Kees Cook <keescook@chromium.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Alexei Starovoitov <ast@kernel.org> Cc: jeffv@google.com Cc: Jiri Olsa <jolsa@redhat.com> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: primiano@google.com Cc: Song Liu <songliubraving@fb.com> Cc: rsavitski@google.com Cc: Namhyung Kim <namhyung@kernel.org> Cc: Matthew Garrett <matthewgarrett@google.com> Link: https://lkml.kernel.org/r/20191014170308.70668-1-joel@joelfernandes.org (cherry picked from commit da97e18458fb42d7c00fac5fd1c56a3896ec666e) [ Ryan Savitski: Resolved conflicts with existing code, and folded in upstream ae79d5588a04 (perf/core: Fix !CONFIG_PERF_EVENTS build warnings and failures). This should fix the build errors from the previous backport attempt, where certain configurations would end up with functions referring to the perf_event struct prior to its declaration (and therefore declaring it with a different scope). ] Bug: 137092007 Signed-off-by: Ryan Savitski <rsavitski@google.com> Change-Id: Ief8c669083c81f4ea2fa75d5c0d947d19ea741b3 |
||
|
Greg Kroah-Hartman
|
58fd41cb2d |
Revert "BACKPORT: perf_event: Add support for LSM and SELinux checks"
This reverts commit
|
||
|
Joel Fernandes (Google)
|
8af21ac176 |
BACKPORT: perf_event: Add support for LSM and SELinux checks
In current mainline, the degree of access to perf_event_open(2) system call depends on the perf_event_paranoid sysctl. This has a number of limitations: 1. The sysctl is only a single value. Many types of accesses are controlled based on the single value thus making the control very limited and coarse grained. 2. The sysctl is global, so if the sysctl is changed, then that means all processes get access to perf_event_open(2) opening the door to security issues. This patch adds LSM and SELinux access checking which will be used in Android to access perf_event_open(2) for the purposes of attaching BPF programs to tracepoints, perf profiling and other operations from userspace. These operations are intended for production systems. 5 new LSM hooks are added: 1. perf_event_open: This controls access during the perf_event_open(2) syscall itself. The hook is called from all the places that the perf_event_paranoid sysctl is checked to keep it consistent with the systctl. The hook gets passed a 'type' argument which controls CPU, kernel and tracepoint accesses (in this context, CPU, kernel and tracepoint have the same semantics as the perf_event_paranoid sysctl). Additionally, I added an 'open' type which is similar to perf_event_paranoid sysctl == 3 patch carried in Android and several other distros but was rejected in mainline [1] in 2016. 2. perf_event_alloc: This allocates a new security object for the event which stores the current SID within the event. It will be useful when the perf event's FD is passed through IPC to another process which may try to read the FD. Appropriate security checks will limit access. 3. perf_event_free: Called when the event is closed. 4. perf_event_read: Called from the read(2) and mmap(2) syscalls for the event. 5. perf_event_write: Called from the ioctl(2) syscalls for the event. [1] https://lwn.net/Articles/696240/ Since Peter had suggest LSM hooks in 2016 [1], I am adding his Suggested-by tag below. To use this patch, we set the perf_event_paranoid sysctl to -1 and then apply selinux checking as appropriate (default deny everything, and then add policy rules to give access to domains that need it). In the future we can remove the perf_event_paranoid sysctl altogether. Suggested-by: Peter Zijlstra <peterz@infradead.org> Co-developed-by: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: James Morris <jmorris@namei.org> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: rostedt@goodmis.org Cc: Yonghong Song <yhs@fb.com> Cc: Kees Cook <keescook@chromium.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Alexei Starovoitov <ast@kernel.org> Cc: jeffv@google.com Cc: Jiri Olsa <jolsa@redhat.com> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: primiano@google.com Cc: Song Liu <songliubraving@fb.com> Cc: rsavitski@google.com Cc: Namhyung Kim <namhyung@kernel.org> Cc: Matthew Garrett <matthewgarrett@google.com> Link: https://lkml.kernel.org/r/20191014170308.70668-1-joel@joelfernandes.org Bug: 137092007 Change-Id: I591c6ad6c82ab9133409e51383d2c9b9f6ae4545 (cherry picked from commit da97e18458fb42d7c00fac5fd1c56a3896ec666e) [ Ryan Savitski: Resolved conflicts with existing code, no new functionality ] Signed-off-by: Ryan Savitski <rsavitski@google.com> |
||
|
Greg Kroah-Hartman
|
f6aa46fff8 |
ANDROID: properly export new symbols with _GPL tag
For new symbols that are exported based on non-upstream patches, the
exports must be _GPL in order to make sure nothing funny is happening
here.
This fixes up
|
||
|
Greg Kroah-Hartman
|
73dc755ee0 |
This is the 4.19.17 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxHf8cACgkQONu9yGCS aT71Mg/9FnDYja+AD9hj01kFsh6+C4K/QLZY69kLgzmNvr1htsWLRvxSta0dIKc0 In4rianKMhOHekGub6ufO0Ne1jPV9ZCF61cZ/oENISB5D/oVZJL+baR92zeodSg9 XFBPRu9eKPQV+UFPliyyKEJtyWEmLHvJMOQkKft0reduZgPy0xonkQ97K48QmF9G b/Ly6E8c/qfQThIqn0wfPQ2DUYET9cCE667iw8+Mwzr2HYuLoltyp9ODyMW2fuNT vyKve8s+IQ8wCKy1fkwyIJD7CjV0mJMJfUYx1Ax+ewU6MtBDrhEyfcfA9sJfsyRH k/BydK4aQJqcejp8ajOVQjZFZtGMnuTM38n3SpJnyNLWz6JvCTQr8dl2A5Y5/iph Q1FQH9BHKWCCJO8JVjfMYhCewvdo47mjE1gUfs9HyyW4SjJxhJCn07u2LU1YCRHW G9NqRb208UZw7O6prCsdZRlZPJjon1Fln7ym/esKjuMRyNNycV093ysPaqzhKrJq 2Dxgt+fYBaP63BawAZUC+kQ0iX4OcSja78F4txbVBeksqskNAPHreMbcd5PDid/h bN89kPVCIV0eFJa0AMuKHdrbljRH/I6wbKmz3KvyjoRgq8KGc2PvrSe4DTJfax3W gOEnESLn7r58oUQ0OmfSv7U4zU700tuH9wOpFZyb5vqVvdXcQzA= =NSqX -----END PGP SIGNATURE----- Merge 4.19.17 into android-4.19 Changes in 4.19.17 tty/ldsem: Wake up readers after timed out down_write() tty: Hold tty_ldisc_lock() during tty_reopen() tty: Simplify tty->count math in tty_reopen() tty: Don't hold ldisc lock in tty_reopen() if ldisc present can: gw: ensure DLC boundaries after CAN frame modification netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS netfilter: nf_conncount: don't skip eviction when age is negative netfilter: nf_conncount: split gc in two phases netfilter: nf_conncount: restart search when nodes have been erased netfilter: nf_conncount: merge lookup and add functions netfilter: nf_conncount: move all list iterations under spinlock netfilter: nf_conncount: speculative garbage collection on empty lists netfilter: nf_conncount: fix argument order to find_next_bit mmc: sdhci-msm: Disable CDR function on TX Revert "scsi: target: iscsi: cxgbit: fix csk leak" scsi: target: iscsi: cxgbit: fix csk leak scsi: target: iscsi: cxgbit: fix csk leak arm64/kvm: consistently handle host HCR_EL2 flags arm64: Don't trap host pointer auth use to EL2 ipv6: fix kernel-infoleak in ipv6_local_error() net: bridge: fix a bug on using a neighbour cache entry without checking its state packet: Do not leak dev refcounts on error exit tcp: change txhash on SYN-data timeout tun: publish tfile after it's fully initialized lan743x: Remove phy_read from link status change function smc: move unhash as early as possible in smc_release() r8169: don't try to read counters if chip is in a PCI power-save state bonding: update nest level on unlink ip: on queued skb use skb_header_pointer instead of pskb_may_pull r8169: load Realtek PHY driver module before r8169 crypto: sm3 - fix undefined shift by >= width of value crypto: caam - fix zero-length buffer DMA mapping crypto: authencesn - Avoid twice completion call in decrypt path crypto: ccree - convert to use crypto_authenc_extractkeys() crypto: bcm - convert to use crypto_authenc_extractkeys() crypto: authenc - fix parsing key with misaligned rta_len crypto: talitos - reorder code in talitos_edesc_alloc() crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK xen: Fix x86 sched_clock() interface for xen Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io" btrfs: wait on ordered extents on abort cleanup Yama: Check for pid death before checking ancestry scsi: core: Synchronize request queue PM status only on successful resume scsi: sd: Fix cache_type_store() mips: fix n32 compat_ipc_parse_version MIPS: BCM47XX: Setup struct device for the SoC MIPS: lantiq: Fix IPI interrupt handling drm/i915/gvt: Fix mmap range check OF: properties: add missing of_node_put mfd: tps6586x: Handle interrupts on suspend media: v4l: ioctl: Validate num_planes for debug messages RDMA/nldev: Don't expose unsafe global rkey to regular user RDMA/vmw_pvrdma: Return the correct opcode when creating WR kbuild: Disable LD_DEAD_CODE_DATA_ELIMINATION with ftrace & GCC <= 4.7 net: dsa: realtek-smi: fix OF child-node lookup pstore/ram: Avoid allocation and leak of platform data arm64: kaslr: ensure randomized quantities are clean to the PoC arm64: dts: marvell: armada-ap806: reserve PSCI area Disable MSI also when pcie-octeon.pcie_disable on fix int_sqrt64() for very large numbers omap2fb: Fix stack memory disclosure media: vivid: fix error handling of kthread_run media: vivid: set min width/height to a value > 0 bpf: in __bpf_redirect_no_mac pull mac only if present ipv6: make icmp6_send() robust against null skb->dev LSM: Check for NULL cred-security on free media: vb2: vb2_mmap: move lock up sunrpc: handle ENOMEM in rpcb_getport_async netfilter: ebtables: account ebt_table_info to kmemcg block: use rcu_work instead of call_rcu to avoid sleep in softirq selinux: fix GPF on invalid policy blockdev: Fix livelocks on loop device sctp: allocate sctp_sockaddr_entry with kzalloc tipc: fix uninit-value in in tipc_conn_rcv_sub tipc: fix uninit-value in tipc_nl_compat_link_reset_stats tipc: fix uninit-value in tipc_nl_compat_bearer_enable tipc: fix uninit-value in tipc_nl_compat_link_set tipc: fix uninit-value in tipc_nl_compat_name_table_dump tipc: fix uninit-value in tipc_nl_compat_doit block/loop: Don't grab "struct file" for vfs_getattr() operation. block/loop: Use global lock for ioctl() operation. loop: Fold __loop_release into loop_release loop: Get rid of loop_index_mutex loop: Push lo_ctl_mutex down into individual ioctls loop: Split setting of lo_state from loop_clr_fd loop: Push loop_ctl_mutex down into loop_clr_fd() loop: Push loop_ctl_mutex down to loop_get_status() loop: Push loop_ctl_mutex down to loop_set_status() loop: Push loop_ctl_mutex down to loop_set_fd() loop: Push loop_ctl_mutex down to loop_change_fd() loop: Move special partition reread handling in loop_clr_fd() loop: Move loop_reread_partitions() out of loop_ctl_mutex loop: Fix deadlock when calling blkdev_reread_part() loop: Avoid circular locking dependency between loop_ctl_mutex and bd_mutex loop: Get rid of 'nested' acquisition of loop_ctl_mutex loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() loop: drop caches if offset or block_size are changed drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock selftests: Fix test errors related to lib.mk khdr target media: vb2: be sure to unlock mutex on errors nbd: Use set_blocksize() to set device blocksize Linux 4.19.17 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
James Morris
|
a19aedf1a7 |
LSM: Check for NULL cred-security on free
commit a5795fd38ee8194451ba3f281f075301a3696ce2 upstream. From: Casey Schaufler <casey@schaufler-ca.com> Check that the cred security blob has been set before trying to clean it up. There is a case during credential initialization that could result in this. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.morris@microsoft.com> Reported-by: syzbot+69ca07954461f189e808@syzkaller.appspotmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Daniel Rosenberg
|
50f0dd432b |
ANDROID: sdcardfs: Enable modular sdcardfs
Export the following symbols:
- copy_fs_struct
- free_fs_struct
- security_path_chown
- set_fs_pwd
- vfs_read
- vfs_write
These are needed to build sdcardfs as a module.
Bug: 35142419
Bug: 120446149
Change-Id: If6e14f0b3bdc858a9f684e6c209927a9232091f0
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
[astrachan: Folded the following changes into this patch:
e19f69662df5 ("ANDROID: Revert "fs: unexport vfs_read and vfs_write"")
17071a8e1e7d ("ANDROID: fs: Export free_fs_struct and set_fs_pwd")
2e9a639597cd ("ANDROID: export security_path_chown")]
Signed-off-by: Alistair Strachan <astrachan@google.com>
|
||
Ard Biesheuvel
|
1b1eeca7e4 |
init: allow initcall tables to be emitted using relative references
Allow the initcall tables to be emitted using relative references that are only half the size on 64-bit architectures and don't require fixups at runtime on relocatable kernels. Link: http://lkml.kernel.org/r/20180704083651.24360-5-ard.biesheuvel@linaro.org Acked-by: James Morris <james.morris@microsoft.com> Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Acked-by: Petr Mladek <pmladek@suse.com> Acked-by: Michael Ellerman <mpe@ellerman.id.au> Acked-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Bjorn Helgaas <bhelgaas@google.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: James Morris <jmorris@namei.org> Cc: Jessica Yu <jeyu@kernel.org> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Nicolas Pitre <nico@linaro.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Russell King <linux@armlinux.org.uk> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Thomas Garnier <thgarnie@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Will Deacon <will.deacon@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Linus Torvalds
|
f91e654474 |
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris: "This adds support for EVM signatures based on larger digests, contains a new audit record AUDIT_INTEGRITY_POLICY_RULE to differentiate the IMA policy rules from the IMA-audit messages, addresses two deadlocks due to either loading or searching for crypto algorithms, and cleans up the audit messages" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: EVM: fix return value check in evm_write_xattrs() integrity: prevent deadlock during digsig verification. evm: Allow non-SHA1 digital signatures evm: Don't deadlock if a crypto algorithm is unavailable integrity: silence warning when CONFIG_SECURITYFS is not enabled ima: Differentiate auditing policy rules from "audit" actions ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set ima: Use audit_log_format() rather than audit_log_string() ima: Call audit_log_string() rather than logging it untrusted |
||
|
Linus Torvalds
|
92d4a03674 |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: - kstrdup() return value fix from Eric Biggers - Add new security_load_data hook to differentiate security checking of kernel-loaded binaries in the case of there being no associated file descriptor, from Mimi Zohar. - Add ability to IMA to specify a policy at build-time, rather than just via command line params or by loading a custom policy, from Mimi. - Allow IMA and LSMs to prevent sysfs firmware load fallback (e.g. if using signed firmware), from Mimi. - Allow IMA to deny loading of kexec kernel images, as they cannot be measured by IMA, from Mimi. * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: security: check for kstrdup() failure in lsm_append() security: export security_kernel_load_data function ima: based on policy warn about loading firmware (pre-allocated buffer) module: replace the existing LSM hook in init_module ima: add build time policy ima: based on policy require signed firmware (sysfs fallback) firmware: add call to LSM hook before firmware sysfs fallback ima: based on policy require signed kexec kernel images kexec: add call to LSM hook in original kexec_load syscall security: define new LSM hook named security_kernel_load_data MAINTAINERS: remove the outdated "LINUX SECURITY MODULE (LSM) FRAMEWORK" entry |
||
Mikhail Kurinnoi
|
6eb864c1d9 |
integrity: prevent deadlock during digsig verification.
This patch aimed to prevent deadlock during digsig verification.The point of issue - user space utility modprobe and/or it's dependencies (ld-*.so, libz.so.*, libc-*.so and /lib/modules/ files) that could be used for kernel modules load during digsig verification and could be signed by digsig in the same time. First at all, look at crypto_alloc_tfm() work algorithm: crypto_alloc_tfm() will first attempt to locate an already loaded algorithm. If that fails and the kernel supports dynamically loadable modules, it will then attempt to load a module of the same name or alias. If that fails it will send a query to any loaded crypto manager to construct an algorithm on the fly. We have situation, when public_key_verify_signature() in case of RSA algorithm use alg_name to store internal information in order to construct an algorithm on the fly, but crypto_larval_lookup() will try to use alg_name in order to load kernel module with same name. 1) we can't do anything with crypto module work, since it designed to work exactly in this way; 2) we can't globally filter module requests for modprobe, since it designed to work with any requests. In this patch, I propose add an exception for "crypto-pkcs1pad(rsa,*)" module requests only in case of enabled integrity asymmetric keys support. Since we don't have any real "crypto-pkcs1pad(rsa,*)" kernel modules for sure, we are safe to fail such module request from crypto_larval_lookup(). In this way we prevent modprobe execution during digsig verification and avoid possible deadlock if modprobe and/or it's dependencies also signed with digsig. Requested "crypto-pkcs1pad(rsa,*)" kernel module name formed by: 1) "pkcs1pad(rsa,%s)" in public_key_verify_signature(); 2) "crypto-%s" / "crypto-%s-all" in crypto_larval_lookup(). "crypto-pkcs1pad(rsa," part of request is a constant and unique and could be used as filter. Signed-off-by: Mikhail Kurinnoi <viewizard@viewizard.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> include/linux/integrity.h | 13 +++++++++++++ security/integrity/digsig_asymmetric.c | 23 +++++++++++++++++++++++ security/security.c | 7 ++++++- 3 files changed, 42 insertions(+), 1 deletion(-) |
||
Eric Biggers
|
87ea584332 |
security: check for kstrdup() failure in lsm_append()
lsm_append() should return -ENOMEM if memory allocation failed.
Fixes:
|
||
Arnd Bergmann
|
83a68a0679 |
security: export security_kernel_load_data function
The firmware_loader can be built as a loadable module, which now
fails when CONFIG_SECURITY is enabled, because a call to the
security_kernel_load_data() function got added, and this is
not exported to modules:
ERROR: "security_kernel_load_data" [drivers/base/firmware_loader/firmware_class.ko] undefined!
Add an EXPORT_SYMBOL_GPL() to make it available here.
Fixes:
|
||
Mimi Zohar
|
16c267aac8 |
ima: based on policy require signed kexec kernel images
The original kexec_load syscall can not verify file signatures, nor can the kexec image be measured. Based on policy, deny the kexec_load syscall. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Eric Biederman <ebiederm@xmission.com> Cc: Kees Cook <keescook@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> |
||
|
Mimi Zohar
|
377179cd28 |
security: define new LSM hook named security_kernel_load_data
Differentiate between the kernel reading a file specified by userspace from the kernel loading a buffer containing data provided by userspace. This patch defines a new LSM hook named security_kernel_load_data(). Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Eric Biederman <ebiederm@xmission.com> Cc: Luis R. Rodriguez <mcgrof@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Serge Hallyn <serge@hallyn.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> |
||
Al Viro
|
9481769208 |
->file_open(): lose cred argument
Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Al Viro
|
e3f20ae210 |
security_file_open(): lose cred argument
Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
David Herrmann
|
aae7cfcbb7 |
security: add hook for socketpair()
Right now the LSM labels for socketpairs are always uninitialized, since there is no security hook for the socketpair() syscall. This patch adds the required hooks so LSMs can properly label socketpairs. This allows SO_PEERSEC to return useful information on those sockets. Note that the behavior of socketpair() can be emulated by creating a listener socket, connecting to it, and then discarding the initial listener socket. With this workaround, SO_PEERSEC would return the caller's security context. However, with socketpair(), the uninitialized context is returned unconditionally. This is unexpected and makes socketpair() less useful in situations where the security context is crucial to the application. With the new socketpair-hook this disparity can be solved by making socketpair() return the expected security context. Acked-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: Tom Gundersen <teg@jklm.no> Signed-off-by: David Herrmann <dh.herrmann@gmail.com> Signed-off-by: James Morris <james.morris@microsoft.com> |
||
|
Linus Torvalds
|
2a56bb596b |
New features:
- Tom Zanussi's extended histogram work
This adds the synthetic events to have histograms from multiple event data
Adds triggers "onmatch" and "onmax" to call the synthetic events
Several updates to the histogram code from this
- Allow way to nest ring buffer calls in the same context
- Allow absolute time stamps in ring buffer
- Rewrite of filter code parsing based on Al Viro's suggestions
- Setting of trace_clock to global if TSC is unstable (on boot)
- Better OOM handling when allocating large ring buffers
- Added initcall tracepoints (consolidated initcall_debug code with them)
And other various fixes and clean ups
-----BEGIN PGP SIGNATURE-----
iQHIBAABCgAyFiEEPm6V/WuN2kyArTUe1a05Y9njSUkFAlrLoCAUHHJvc3RlZHRA
Z29vZG1pcy5vcmcACgkQ1a05Y9njSUks/QwAn/ky8WgfjcRdjKmBYuEwDedvm9iI
V9G5kpv5JMw5dLz4l1pS3tA3M9Lyuc5z3Shw92FTy36vdU1wxEjQgHa7viB1xk9x
KsiTyNjTsgrRd7GVHMy/8Be2RRiTRLaXKAsLCoj/c7QWzagV1P8XWlWK5mojYkh/
DrSXyg9Avkp30+sU1bvcLWnmmZUFqMxs+bWipD9uFc98USMMyeP25nrnhrj0gDTg
Q93cjXUuyVRC4lJ2YTW0GCSKhMKEw5f/ltEOT1hwScqYkCJj1EubKqS53R/9h21z
IPUrYcqLnMRu0j2ejR+UAy5Vsy3gJUrPMQb0F6hlu1DwbMd0d/9SGh1c+Sm+zorh
yftWTdCZsYrXkaOuB6V5M30X+KBwbWO0Xc9VCvgJ/IU5vMlgLSt5itTWbT/Fmfhb
ll5/RXP7zhSXRv5sdl/BP3/4dd6F8jpyKyaR2Rk2+XjBOGIq5mvqNGr4Vj9AzxW8
E0nvq7l7e0dbxZNM42gEm3cht1VUg7Zz0Y0+
=91oN
-----END PGP SIGNATURE-----
Merge tag 'trace-v4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing updates from Steven Rostedt:
"New features:
- Tom Zanussi's extended histogram work.
This adds the synthetic events to have histograms from multiple
event data Adds triggers "onmatch" and "onmax" to call the
synthetic events Several updates to the histogram code from this
- Allow way to nest ring buffer calls in the same context
- Allow absolute time stamps in ring buffer
- Rewrite of filter code parsing based on Al Viro's suggestions
- Setting of trace_clock to global if TSC is unstable (on boot)
- Better OOM handling when allocating large ring buffers
- Added initcall tracepoints (consolidated initcall_debug code with
them)
And other various fixes and clean ups"
* tag 'trace-v4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: (68 commits)
init: Have initcall_debug still work without CONFIG_TRACEPOINTS
init, tracing: Have printk come through the trace events for initcall_debug
init, tracing: instrument security and console initcall trace events
init, tracing: Add initcall trace events
tracing: Add rcu dereference annotation for test func that touches filter->prog
tracing: Add rcu dereference annotation for filter->prog
tracing: Fixup logic inversion on setting trace_global_clock defaults
tracing: Hide global trace clock from lockdep
ring-buffer: Add set/clear_current_oom_origin() during allocations
ring-buffer: Check if memory is available before allocation
lockdep: Add print_irqtrace_events() to __warn
vsprintf: Do not preprocess non-dereferenced pointers for bprintf (%px and %pK)
tracing: Uninitialized variable in create_tracing_map_fields()
tracing: Make sure variable string fields are NULL-terminated
tracing: Add action comparisons when testing matching hist triggers
tracing: Don't add flag strings when displaying variable references
tracing: Fix display of hist trigger expressions containing timestamps
ftrace: Drop a VLA in module_exists()
tracing: Mention trace_clock=global when warning about unstable clocks
tracing: Default to using trace_global_clock if sched_clock is unstable
...
|
||
|
Linus Torvalds
|
f8cf2f16a7 |
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris:
"A mixture of bug fixes, code cleanup, and continues to close
IMA-measurement, IMA-appraisal, and IMA-audit gaps.
Also note the addition of a new cred_getsecid LSM hook by Matthew
Garrett:
For IMA purposes, we want to be able to obtain the prepared secid
in the bprm structure before the credentials are committed. Add a
cred_getsecid hook that makes this possible.
which is used by a new CREDS_CHECK target in IMA:
In ima_bprm_check(), check with both the existing process
credentials and the credentials that will be committed when the new
process is started. This will not change behaviour unless the
system policy is extended to include CREDS_CHECK targets -
BPRM_CHECK will continue to check the same credentials that it did
previously"
* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
ima: Fallback to the builtin hash algorithm
ima: Add smackfs to the default appraise/measure list
evm: check for remount ro in progress before writing
ima: Improvements in ima_appraise_measurement()
ima: Simplify ima_eventsig_init()
integrity: Remove unused macro IMA_ACTION_RULE_FLAGS
ima: drop vla in ima_audit_measurement()
ima: Fix Kconfig to select TPM 2.0 CRB interface
evm: Constify *integrity_status_msg[]
evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.c
fuse: define the filesystem as untrusted
ima: fail signature verification based on policy
ima: clear IMA_HASH
ima: re-evaluate files on privileged mounted filesystems
ima: fail file signature verification on non-init mounted filesystems
IMA: Support using new creds in appraisal policy
security: Add a cred_getsecid hook
|
||
|
Linus Torvalds
|
3612605a5a |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull general security layer updates from James Morris: - Convert security hooks from list to hlist, a nice cleanup, saving about 50% of space, from Sargun Dhillon. - Only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill (as the secid can be determined from the cred), from Stephen Smalley. - Close a potential race in kernel_read_file(), by making the file unwritable before calling the LSM check (vs after), from Kees Cook. * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: security: convert security hooks to use hlist exec: Set file unwritable before LSM check usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill |
||
|
Linus Torvalds
|
9eda2d2dca |
selinux/stable-4.17 PR 20180403
-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEEcQCq365ubpQNLgrWVeRaWujKfIoFAlrD6XoUHHBhdWxAcGF1
bC1tb29yZS5jb20ACgkQVeRaWujKfIpy9RAAjwhkNBNJhw1UlGggVvst8lzJBdMp
XxL7cg+1TcZkB12yrghILg+gY4j5PzY4GJo1gvllWIHsT8Ud6cQTI/AzeYR2OfZ3
mHv3gtyzmHsPGBdqhmgC7R10tpyXFXwDc3VLMtuuDiUl/seFEaJWOMYP7zj+tRil
XoOCyoV9bb1wb7vNAzQikK8yhz3fu72Y5QOODLfaYeYojMKs8Q8pMZgi68oVQUXk
SmS2mj0k2P3UqeOSk+8phJQhilm32m0tE0YnLvzAhblJLqeS2DUNnWORP1j4oQ/Q
aOOu4ZQ9PA1N7VAIGceuf2HZHhnrFzWdvggp2bxegcRSIfUZ84FuZbrj60RUz2ja
V6GmKYACnyd28TAWdnzjKEd4dc36LSPxnaj8hcrvyO2V34ozVEsvIEIJREoXRUJS
heJ9HT+VIvmguzRCIPPeC1ZYopIt8M1kTRrszigU80TuZjIP0VJHLGQn/rgRQzuO
cV5gmJ6TSGn1l54H13koBzgUCo0cAub8Nl+288qek+jLWoHnKwzLB+1HCWuyeCHt
2q6wdFfenYH0lXdIzCeC7NNHRKCrPNwkZ/32d4ZQf4cu5tAn8bOk8dSHchoAfZG8
p7N6jPPoxmi2F/GRKrTiUNZvQpyvgX3hjtJS6ljOTSYgRhjeNYeCP8U+BlOpLVQy
U4KzB9wOAngTEpo=
=p2Sh
-----END PGP SIGNATURE-----
Merge tag 'selinux-pr-20180403' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull SELinux updates from Paul Moore:
"A bigger than usual pull request for SELinux, 13 patches (lucky!)
along with a scary looking diffstat.
Although if you look a bit closer, excluding the usual minor
tweaks/fixes, there are really only two significant changes in this
pull request: the addition of proper SELinux access controls for SCTP
and the encapsulation of a lot of internal SELinux state.
The SCTP changes are the result of a multi-month effort (maybe even a
year or longer?) between the SELinux folks and the SCTP folks to add
proper SELinux controls. A special thanks go to Richard for seeing
this through and keeping the effort moving forward.
The state encapsulation work is a bit of janitorial work that came out
of some early work on SELinux namespacing. The question of namespacing
is still an open one, but I believe there is some real value in the
encapsulation work so we've split that out and are now sending that up
to you"
* tag 'selinux-pr-20180403' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: wrap AVC state
selinux: wrap selinuxfs state
selinux: fix handling of uninitialized selinux state in get_bools/classes
selinux: Update SELinux SCTP documentation
selinux: Fix ltp test connect-syscall failure
selinux: rename the {is,set}_enforcing() functions
selinux: wrap global selinux state
selinux: fix typo in selinux_netlbl_sctp_sk_clone declaration
selinux: Add SCTP support
sctp: Add LSM hooks
sctp: Add ip option support
security: Add support for SCTP security hooks
netlabel: If PF_INET6, check sk_buff ip header version
|
||
Abderrahmane Benbachir
|
58eacfffc4 |
init, tracing: instrument security and console initcall trace events
Trace events have been added around the initcall functions defined in init/main.c. But console and security have their own initcalls. This adds the trace events associated for those initcall functions. Link: http://lkml.kernel.org/r/1521765208.19745.2.camel@polymtl.ca Cc: Ingo Molnar <mingo@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Abderrahmane Benbachir <abderrahmane.benbachir@polymtl.ca> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> |
||
Sargun Dhillon
|
df0ce17331 |
security: convert security hooks to use hlist
This changes security_hook_heads to use hlist_heads instead of the circular doubly-linked list heads. This should cut down the size of the struct by about half. In addition, it allows mutation of the hooks at the tail of the callback list without having to modify the head. The longer-term purpose of this is to enable making the heads read only. Signed-off-by: Sargun Dhillon <sargun@sargun.me> Reviewed-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <james.morris@microsoft.com> |
||
Matthew Garrett
|
3ec3011326 |
security: Add a cred_getsecid hook
For IMA purposes, we want to be able to obtain the prepared secid in the bprm structure before the credentials are committed. Add a cred_getsecid hook that makes this possible. Signed-off-by: Matthew Garrett <mjg59@google.com> Acked-by: Paul Moore <paul@paul-moore.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> |
||
Eric W. Biederman
|
d8c6e85432 |
msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks
All of the implementations of security hooks that take msg_queue only access q_perm the struct kern_ipc_perm member. This means the dependencies of the msg_queue security hooks can be simplified by passing the kern_ipc_perm member of msg_queue. Making this change will allow struct msg_queue to become private to ipc/msg.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Eric W. Biederman
|
7191adff2a |
shm/security: Pass kern_ipc_perm not shmid_kernel into the shm security hooks
All of the implementations of security hooks that take shmid_kernel only access shm_perm the struct kern_ipc_perm member. This means the dependencies of the shm security hooks can be simplified by passing the kern_ipc_perm member of shmid_kernel.. Making this change will allow struct shmid_kernel to become private to ipc/shm.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Eric W. Biederman
|
aefad9593e |
sem/security: Pass kern_ipc_perm not sem_array into the sem security hooks
All of the implementations of security hooks that take sem_array only access sem_perm the struct kern_ipc_perm member. This means the dependencies of the sem security hooks can be simplified by passing the kern_ipc_perm member of sem_array. Making this change will allow struct sem and struct sem_array to become private to ipc/sem.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
Stephen Smalley
|
6b4f3d0105 |
usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill
commit
|
||
Richard Haines
|
72e89f5008 |
security: Add support for SCTP security hooks
The SCTP security hooks are explained in: Documentation/security/LSM-sctp.rst Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
Chenbo Feng
|
afdb09c720 |
security: bpf: Add LSM hooks for bpf object related syscall
Introduce several LSM hooks for the syscalls that will allow the userspace to access to eBPF object such as eBPF programs and eBPF maps. The security check is aimed to enforce a per object security protection for eBPF object so only processes with the right priviliges can read/write to a specific map or use a specific eBPF program. Besides that, a general security hook is added before the multiplexer of bpf syscall to check the cmd and the attribute used for the command. The actual security module can decide which command need to be checked and how the cmd should be checked. Signed-off-by: Chenbo Feng <fengc@google.com> Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Linus Torvalds
|
7f85565a3f |
selinux/stable-4.14 PR 20170831
-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEEcQCq365ubpQNLgrWVeRaWujKfIoFAlmoS/wUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQVeRaWujKfIqubxAAhkcmOgf+bh881VOWjkrl0MpO6n30 LAyLHNpa95xYw7AuxSrx+XP21hZHVWOSPEZdDjC+BOTToqv025XyYUAh+vvhm1pc HgT7oNOyfEnGdXG8VtluC2zhSunw/gDz7uoUh7+dHpVqa+NayRqaopNY+4tgtVjT 6/DMwfvonTD5GWaNxraFZLaOENXAjbdVBcqoHhnY9cp4w5uGQ3rt6dFpLpW/gW7n /fUzsjnLTztrsRx3nyEkwJuo/pxugbmZU5sjVgCFd7P729CfBVKqoToIh0CqJfj6 s4RIb//XmRxxiTF1EO7N1suPaqnESjT+Ua3moIuEixs4QjiEu25TNZy8K0b2zLsL sTt40F5KAbKYXH/WyZxEtPf0HOUwL68oFZ+c4VYcCK6LwJmBLnfhan4BSZgH0/EO rBIlb5O1znyfuGmLnjUfn+BlPuP35PhRpZVWP2eLZtOC4lY+yaVqzauFIEY/wY96 dYM6YwtJYuZ3C8sQxjT6UWuOYyj/02EgPbvlS7nv4zp1pZNnZ0dx8sfEu6FNeakY QZAaI4oDvkpj7x4a0biNinacCYIUacRDF63jcKQnaNp3F3Nf1Vh4DKQWbFLfMidN luWsEsVrPfLynUMZLq3KVUg825bTQw1MapqzlADmOyX6Dq/87/a+nY9IXWOH9TSm fJjuSsMAtnui1/k= =/6oy -----END PGP SIGNATURE----- Merge tag 'selinux-pr-20170831' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull selinux updates from Paul Moore: "A relatively quiet period for SELinux, 11 patches with only two/three having any substantive changes. These noteworthy changes include another tweak to the NNP/nosuid handling, per-file labeling for cgroups, and an object class fix for AF_UNIX/SOCK_RAW sockets; the rest of the changes are minor tweaks or administrative updates (Stephen's email update explains the file explosion in the diffstat). Everything passes the selinux-testsuite" [ Also a couple of small patches from the security tree from Tetsuo Handa for Tomoyo and LSM cleanup. The separation of security policy updates wasn't all that clean - Linus ] * tag 'selinux-pr-20170831' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: constify nf_hook_ops selinux: allow per-file labeling for cgroupfs lsm_audit: update my email address selinux: update my email address MAINTAINERS: update the NetLabel and Labeled Networking information selinux: use GFP_NOWAIT in the AVC kmem_caches selinux: Generalize support for NNP/nosuid SELinux domain transitions selinux: genheaders should fail if too many permissions are defined selinux: update the selinux info in MAINTAINERS credits: update Paul Moore's info selinux: Assign proper class to PF_UNIX/SOCK_RAW sockets tomoyo: Update URLs in Documentation/admin-guide/LSM/tomoyo.rst LSM: Remove security_task_create() hook. |
||
Kees Cook
|
2af6228026 |
LSM: drop bprm_secureexec hook
This removes the bprm_secureexec hook since the logic has been folded into the bprm_set_creds hook for all LSMs now. Cc: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> |
||
Tetsuo Handa
|
3cf2993145 |
LSM: Remove security_task_create() hook.
Since commit
|
||
Scott Mayhew
|
0b4d3452b8 |
security/selinux: allow security_sb_clone_mnt_opts to enable/disable native labeling behavior
When an NFSv4 client performs a mount operation, it first mounts the NFSv4 root and then does path walk to the exported path and performs a submount on that, cloning the security mount options from the root's superblock to the submount's superblock in the process. Unless the NFS server has an explicit fsid=0 export with the "security_label" option, the NFSv4 root superblock will not have SBLABEL_MNT set, and neither will the submount superblock after cloning the security mount options. As a result, setxattr's of security labels over NFSv4.2 will fail. In a similar fashion, NFSv4.2 mounts mounted with the context= mount option will not show the correct labels because the nfs_server->caps flags of the cloned superblock will still have NFS_CAP_SECURITY_LABEL set. Allowing the NFSv4 client to enable or disable SECURITY_LSM_NATIVE_LABELS behavior will ensure that the SBLABEL_MNT flag has the correct value when the client traverses from an exported path without the "security_label" option to one with the "security_label" option and vice versa. Similarly, checking to see if SECURITY_LSM_NATIVE_LABELS is set upon return from security_sb_clone_mnt_opts() and clearing NFS_CAP_SECURITY_LABEL if necessary will allow the correct labels to be displayed for NFSv4.2 mounts mounted with the context= mount option. Resolves: https://github.com/SELinuxProject/selinux-kernel/issues/35 Signed-off-by: Scott Mayhew <smayhew@redhat.com> Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> Tested-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
Daniel Jurgens
|
47a2b338fe |
IB/core: Enforce security on management datagrams
Allocate and free a security context when creating and destroying a MAD agent. This context is used for controlling access to PKeys and sending and receiving SMPs. When sending or receiving a MAD check that the agent has permission to access the PKey for the Subnet Prefix of the port. During MAD and snoop agent registration for SMI QPs check that the calling process has permission to access the manage the subnet and register a callback with the LSM to be notified of policy changes. When notificaiton of a policy change occurs recheck permission and set a flag indicating sending and receiving SMPs is allowed. When sending and receiving MADs check that the agent has access to the SMI if it's on an SMI QP. Because security policy can change it's possible permission was allowed when creating the agent, but no longer is. Signed-off-by: Daniel Jurgens <danielj@mellanox.com> Acked-by: Doug Ledford <dledford@redhat.com> [PM: remove the LSM hook init code] Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
|
Daniel Jurgens
|
8f408ab64b |
selinux lsm IB/core: Implement LSM notification system
Add a generic notificaiton mechanism in the LSM. Interested consumers can register a callback with the LSM and security modules can produce events. Because access to Infiniband QPs are enforced in the setup phase of a connection security should be enforced again if the policy changes. Register infiniband devices for policy change notification and check all QPs on that device when the notification is received. Add a call to the notification mechanism from SELinux when the AVC cache changes or setenforce is cleared. Signed-off-by: Daniel Jurgens <danielj@mellanox.com> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Doug Ledford <dledford@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
|
Daniel Jurgens
|
d291f1a652 |
IB/core: Enforce PKey security on QPs
Add new LSM hooks to allocate and free security contexts and check for permission to access a PKey. Allocate and free a security context when creating and destroying a QP. This context is used for controlling access to PKeys. When a request is made to modify a QP that changes the port, PKey index, or alternate path, check that the QP has permission for the PKey in the PKey table index on the subnet prefix of the port. If the QP is shared make sure all handles to the QP also have access. Store which port and PKey index a QP is using. After the reset to init transition the user can modify the port, PKey index and alternate path independently. So port and PKey settings changes can be a merge of the previous settings and the new ones. In order to maintain access control if there are PKey table or subnet prefix change keep a list of all QPs are using each PKey index on each port. If a change occurs all QPs using that device and port must have access enforced for the new cache settings. These changes add a transaction to the QP modify process. Association with the old port and PKey index must be maintained if the modify fails, and must be removed if it succeeds. Association with the new port and PKey index must be established prior to the modify and removed if the modify fails. 1. When a QP is modified to a particular Port, PKey index or alternate path insert that QP into the appropriate lists. 2. Check permission to access the new settings. 3. If step 2 grants access attempt to modify the QP. 4a. If steps 2 and 3 succeed remove any prior associations. 4b. If ether fails remove the new setting associations. If a PKey table or subnet prefix changes walk the list of QPs and check that they have permission. If not send the QP to the error state and raise a fatal error event. If it's a shared QP make sure all the QPs that share the real_qp have permission as well. If the QP that owns a security structure is denied access the security structure is marked as such and the QP is added to an error_list. Once the moving the QP to error is complete the security structure mark is cleared. Maintaining the lists correctly turns QP destroy into a transaction. The hardware driver for the device frees the ib_qp structure, so while the destroy is in progress the ib_qp pointer in the ib_qp_security struct is undefined. When the destroy process begins the ib_qp_security structure is marked as destroying. This prevents any action from being taken on the QP pointer. After the QP is destroyed successfully it could still listed on an error_list wait for it to be processed by that flow before cleaning up the structure. If the destroy fails the QPs port and PKey settings are reinserted into the appropriate lists, the destroying flag is cleared, and access control is enforced, in case there were any cache changes during the destroy flow. To keep the security changes isolated a new file is used to hold security related functionality. Signed-off-by: Daniel Jurgens <danielj@mellanox.com> Acked-by: Doug Ledford <dledford@redhat.com> [PM: merge fixup in ib_verbs.h and uverbs_cmd.c] Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
James Morris
|
d68c51e0b3 | Sync to mainline for security submaintainers to work against | ||
Mickaël Salaün
|
3bb857e47e |
LSM: Enable multiple calls to security_add_hooks() for the same LSM
The commit
|
||
|
Linus Torvalds
|
0302e28dee |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Highlights:
IMA:
- provide ">" and "<" operators for fowner/uid/euid rules
KEYS:
- add a system blacklist keyring
- add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction
functionality to userland via keyctl()
LSM:
- harden LSM API with __ro_after_init
- add prlmit security hook, implement for SELinux
- revive security_task_alloc hook
TPM:
- implement contextual TPM command 'spaces'"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits)
tpm: Fix reference count to main device
tpm_tis: convert to using locality callbacks
tpm: fix handling of the TPM 2.0 event logs
tpm_crb: remove a cruft constant
keys: select CONFIG_CRYPTO when selecting DH / KDF
apparmor: Make path_max parameter readonly
apparmor: fix parameters so that the permission test is bypassed at boot
apparmor: fix invalid reference to index variable of iterator line 836
apparmor: use SHASH_DESC_ON_STACK
security/apparmor/lsm.c: set debug messages
apparmor: fix boolreturn.cocci warnings
Smack: Use GFP_KERNEL for smk_netlbl_mls().
smack: fix double free in smack_parse_opts_str()
KEYS: add SP800-56A KDF support for DH
KEYS: Keyring asymmetric key restrict method with chaining
KEYS: Restrict asymmetric key linkage using a specific keychain
KEYS: Add a lookup_restriction function for the asymmetric key type
KEYS: Add KEYCTL_RESTRICT_KEYRING
KEYS: Consistent ordering for __key_link_begin and restrict check
KEYS: Add an optional lookup_restriction hook to key_type
...
|
||
mchehab@s-opensource.com
|
0e056eb553 |
kernel-api.rst: fix a series of errors when parsing C files
./lib/string.c:134: WARNING: Inline emphasis start-string without end-string. ./mm/filemap.c:522: WARNING: Inline interpreted text or phrase reference start-string without end-string. ./mm/filemap.c:1283: ERROR: Unexpected indentation. ./mm/filemap.c:3003: WARNING: Inline interpreted text or phrase reference start-string without end-string. ./mm/vmalloc.c:1544: WARNING: Inline emphasis start-string without end-string. ./mm/page_alloc.c:4245: ERROR: Unexpected indentation. ./ipc/util.c:676: ERROR: Unexpected indentation. ./drivers/pci/irq.c:35: WARNING: Block quote ends without a blank line; unexpected unindent. ./security/security.c:109: ERROR: Unexpected indentation. ./security/security.c:110: WARNING: Definition list ends without a blank line; unexpected unindent. ./block/genhd.c:275: WARNING: Inline strong start-string without end-string. ./block/genhd.c:283: WARNING: Inline strong start-string without end-string. ./include/linux/clk.h:134: WARNING: Inline emphasis start-string without end-string. ./include/linux/clk.h:134: WARNING: Inline emphasis start-string without end-string. ./ipc/util.c:477: ERROR: Unknown target name: "s". Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> Acked-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net> |
||
|
Tetsuo Handa
|
e4e55b47ed |
LSM: Revive security_task_alloc() hook and per "struct task_struct" security blob.
We switched from "struct task_struct"->security to "struct cred"->security in Linux 2.6.29. But not all LSM modules were happy with that change. TOMOYO LSM module is an example which want to use per "struct task_struct" security blob, for TOMOYO's security context is defined based on "struct task_struct" rather than "struct cred". AppArmor LSM module is another example which want to use it, for AppArmor is currently abusing the cred a little bit to store the change_hat and setexeccon info. Although security_task_free() hook was revived in Linux 3.4 because Yama LSM module wanted to release per "struct task_struct" security blob, security_task_alloc() hook and "struct task_struct"->security field were not revived. Nowadays, we are getting proposals of lightweight LSM modules which want to use per "struct task_struct" security blob. We are already allowing multiple concurrent LSM modules (up to one fully armored module which uses "struct cred"->security field or exclusive hooks like security_xfrm_state_pol_flow_match(), plus unlimited number of lightweight modules which do not use "struct cred"->security nor exclusive hooks) as long as they are built into the kernel. But this patch does not implement variable length "struct task_struct"->security field which will become needed when multiple LSM modules want to use "struct task_struct"-> security field. Although it won't be difficult to implement variable length "struct task_struct"->security field, let's think about it after we merged this patch. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serge@hallyn.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Tested-by: Djalal Harouni <tixxdz@gmail.com> Acked-by: José Bollo <jobol@nonadev.net> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@parisplace.org> Cc: Kees Cook <keescook@chromium.org> Cc: James Morris <james.l.morris@oracle.com> Cc: José Bollo <jobol@nonadev.net> Signed-off-by: James Morris <james.l.morris@oracle.com> |
||
|
Tetsuo Handa
|
3dfc9b0286 |
LSM: Initialize security_hook_heads upon registration.
"struct security_hook_heads" is an array of "struct list_head" where elements can be initialized just before registration. There is no need to waste 350+ lines for initialization. Let's initialize "struct security_hook_heads" just before registration. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Kees Cook <keescook@chromium.org> Cc: John Johansen <john.johansen@canonical.com> Cc: Kees Cook <keescook@chromium.org> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: James Morris <james.l.morris@oracle.com> Signed-off-by: James Morris <james.l.morris@oracle.com> |