Eric Lee / smarc-fsl-linux-kernel

14 Apr, 2022

1 commit

  • eb0e7173d   netlabel: fix out-of-bounds memory accesses ... Browse Code »

    [ Upstream commit f22881de730ebd472e15bcc2c0d1d46e36a87b9c ]

    In calipso_map_cat_ntoh(), in the for loop, if the return value of
    netlbl_bitmap_walk() is equal to (net_clen_bits - 1), when
    netlbl_bitmap_walk() is called next time, out-of-bounds memory accesses
    of bitmap[byte_offset] occurs.

    The bug was found during fuzzing. The following is the fuzzing report
    BUG: KASAN: slab-out-of-bounds in netlbl_bitmap_walk+0x3c/0xd0
    Read of size 1 at addr ffffff8107bf6f70 by task err_OH/252

    CPU: 7 PID: 252 Comm: err_OH Not tainted 5.17.0-rc7+ #17
    Hardware name: linux,dummy-virt (DT)
    Call trace:
    dump_backtrace+0x21c/0x230
    show_stack+0x1c/0x60
    dump_stack_lvl+0x64/0x7c
    print_address_description.constprop.0+0x70/0x2d0
    __kasan_report+0x158/0x16c
    kasan_report+0x74/0x120
    __asan_load1+0x80/0xa0
    netlbl_bitmap_walk+0x3c/0xd0
    calipso_opt_getattr+0x1a8/0x230
    calipso_sock_getattr+0x218/0x340
    calipso_sock_getattr+0x44/0x60
    netlbl_sock_getattr+0x44/0x80
    selinux_netlbl_socket_setsockopt+0x138/0x170
    selinux_socket_setsockopt+0x4c/0x60
    security_socket_setsockopt+0x4c/0x90
    __sys_setsockopt+0xbc/0x2b0
    __arm64_sys_setsockopt+0x6c/0x84
    invoke_syscall+0x64/0x190
    el0_svc_common.constprop.0+0x88/0x200
    do_el0_svc+0x88/0xa0
    el0_svc+0x128/0x1b0
    el0t_64_sync_handler+0x9c/0x120
    el0t_64_sync+0x16c/0x170

    Reported-by: Hulk Robot
    Signed-off-by: Wang Yufen
    Acked-by: Paul Moore
    Signed-off-by: David S. Miller
    Signed-off-by: Sasha Levin

    Wang Yufen
     

30 Aug, 2021

1 commit

  • e842cb60e   net: fix NULL pointer reference in cipso_v4_doi_free ... Browse Code »

    In netlbl_cipsov4_add_std() when 'doi_def->map.std' alloc
    failed, we sometime observe panic:

    BUG: kernel NULL pointer dereference, address:
    ...
    RIP: 0010:cipso_v4_doi_free+0x3a/0x80
    ...
    Call Trace:
    netlbl_cipsov4_add_std+0xf4/0x8c0
    netlbl_cipsov4_add+0x13f/0x1b0
    genl_family_rcv_msg_doit.isra.15+0x132/0x170
    genl_rcv_msg+0x125/0x240

    This is because in cipso_v4_doi_free() there is no check
    on 'doi_def->map.std' when doi_def->type got value 1, which
    is possibe, since netlbl_cipsov4_add_std() haven't initialize
    it before alloc 'doi_def->map.std'.

    This patch just add the check to prevent panic happen in similar
    cases.

    Reported-by: Abaci
    Signed-off-by: Michael Wang
    Signed-off-by: David S. Miller

    王贇
     

05 Aug, 2021

1 commit

28 Jul, 2021

1 commit

  • 8ca34a13f   net: cipso: fix warnings in netlbl_cipsov4_add_std ... Browse Code »

    Syzbot reported warning in netlbl_cipsov4_add(). The
    problem was in too big doi_def->map.std->lvl.local_size
    passed to kcalloc(). Since this value comes from userpace there is
    no need to warn if value is not correct.

    The same problem may occur with other kcalloc() calls in
    this function, so, I've added __GFP_NOWARN flag to all
    kcalloc() calls there.

    Reported-and-tested-by: syzbot+cdd51ee2e6b0b2e18c0d@syzkaller.appspotmail.com
    Fixes: 96cb8e3313c7 ("[NetLabel]: CIPSOv4 and Unlabeled packet integration")
    Acked-by: Paul Moore
    Signed-off-by: Pavel Skripkin
    Signed-off-by: David S. Miller

    Pavel Skripkin
     

16 Jun, 2021

1 commit

  • b8f6b0522   netlabel: Fix memory leak in netlbl_mgmt_add_common ... Browse Code »

    Hulk Robot reported memory leak in netlbl_mgmt_add_common.
    The problem is non-freed map in case of netlbl_domhsh_add() failed.

    BUG: memory leak
    unreferenced object 0xffff888100ab7080 (size 96):
    comm "syz-executor537", pid 360, jiffies 4294862456 (age 22.678s)
    hex dump (first 32 bytes):
    05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
    fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ................
    backtrace:
    [] netlbl_mgmt_add_common.isra.0+0xb2a/0x1b40
    [] netlbl_mgmt_add+0x271/0x3c0
    [] genl_family_rcv_msg_doit.isra.0+0x20e/0x320
    [] genl_rcv_msg+0x2bf/0x4f0
    [] netlink_rcv_skb+0x134/0x3d0
    [] genl_rcv+0x24/0x40
    [] netlink_unicast+0x4a0/0x6a0
    [] netlink_sendmsg+0x789/0xc70
    [] sock_sendmsg+0x139/0x170
    [] ____sys_sendmsg+0x658/0x7d0
    [] ___sys_sendmsg+0xf8/0x170
    [] __sys_sendmsg+0xd3/0x190
    [] do_syscall_64+0x37/0x90
    [] entry_SYSCALL_64_after_hwframe+0x44/0xae

    Fixes: 63c416887437 ("netlabel: Add network address selectors to the NetLabel/LSM domain mapping")
    Reported-by: Hulk Robot
    Signed-off-by: Liu Shixin
    Signed-off-by: David S. Miller

    Liu Shixin
     

08 Jun, 2021

1 commit

20 May, 2021

1 commit

30 Apr, 2021

1 commit

  • 9d31d2338   Merge tag 'net-next-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next ... Browse Code »

    Pull networking updates from Jakub Kicinski:
    "Core:

    - bpf:
    - allow bpf programs calling kernel functions (initially to
    reuse TCP congestion control implementations)
    - enable task local storage for tracing programs - remove the
    need to store per-task state in hash maps, and allow tracing
    programs access to task local storage previously added for
    BPF_LSM
    - add bpf_for_each_map_elem() helper, allowing programs to walk
    all map elements in a more robust and easier to verify fashion
    - sockmap: support UDP and cross-protocol BPF_SK_SKB_VERDICT
    redirection
    - lpm: add support for batched ops in LPM trie
    - add BTF_KIND_FLOAT support - mostly to allow use of BTF on
    s390 which has floats in its headers files
    - improve BPF syscall documentation and extend the use of kdoc
    parsing scripts we already employ for bpf-helpers
    - libbpf, bpftool: support static linking of BPF ELF files
    - improve support for encapsulation of L2 packets

    - xdp: restructure redirect actions to avoid a runtime lookup,
    improving performance by 4-8% in microbenchmarks

    - xsk: build skb by page (aka generic zerocopy xmit) - improve
    performance of software AF_XDP path by 33% for devices which don't
    need headers in the linear skb part (e.g. virtio)

    - nexthop: resilient next-hop groups - improve path stability on
    next-hops group changes (incl. offload for mlxsw)

    - ipv6: segment routing: add support for IPv4 decapsulation

    - icmp: add support for RFC 8335 extended PROBE messages

    - inet: use bigger hash table for IP ID generation

    - tcp: deal better with delayed TX completions - make sure we don't
    give up on fast TCP retransmissions only because driver is slow in
    reporting that it completed transmitting the original

    - tcp: reorder tcp_congestion_ops for better cache locality

    - mptcp:
    - add sockopt support for common TCP options
    - add support for common TCP msg flags
    - include multiple address ids in RM_ADDR
    - add reset option support for resetting one subflow

    - udp: GRO L4 improvements - improve 'forward' / 'frag_list'
    co-existence with UDP tunnel GRO, allowing the first to take place
    correctly even for encapsulated UDP traffic

    - micro-optimize dev_gro_receive() and flow dissection, avoid
    retpoline overhead on VLAN and TEB GRO

    - use less memory for sysctls, add a new sysctl type, to allow using
    u8 instead of "int" and "long" and shrink networking sysctls

    - veth: allow GRO without XDP - this allows aggregating UDP packets
    before handing them off to routing, bridge, OvS, etc.

    - allow specifing ifindex when device is moved to another namespace

    - netfilter:
    - nft_socket: add support for cgroupsv2
    - nftables: add catch-all set element - special element used to
    define a default action in case normal lookup missed
    - use net_generic infra in many modules to avoid allocating
    per-ns memory unnecessarily

    - xps: improve the xps handling to avoid potential out-of-bound
    accesses and use-after-free when XPS change race with other
    re-configuration under traffic

    - add a config knob to turn off per-cpu netdev refcnt to catch
    underflows in testing

    Device APIs:

    - add WWAN subsystem to organize the WWAN interfaces better and
    hopefully start driving towards more unified and vendor-
    independent APIs

    - ethtool:
    - add interface for reading IEEE MIB stats (incl. mlx5 and bnxt
    support)
    - allow network drivers to dump arbitrary SFP EEPROM data,
    current offset+length API was a poor fit for modern SFP which
    define EEPROM in terms of pages (incl. mlx5 support)

    - act_police, flow_offload: add support for packet-per-second
    policing (incl. offload for nfp)

    - psample: add additional metadata attributes like transit delay for
    packets sampled from switch HW (and corresponding egress and
    policy-based sampling in the mlxsw driver)

    - dsa: improve support for sandwiched LAGs with bridge and DSA

    - netfilter:
    - flowtable: use direct xmit in topologies with IP forwarding,
    bridging, vlans etc.
    - nftables: counter hardware offload support

    - Bluetooth:
    - improvements for firmware download w/ Intel devices
    - add support for reading AOSP vendor capabilities
    - add support for virtio transport driver

    - mac80211:
    - allow concurrent monitor iface and ethernet rx decap
    - set priority and queue mapping for injected frames

    - phy: add support for Clause-45 PHY Loopback

    - pci/iov: add sysfs MSI-X vector assignment interface to distribute
    MSI-X resources to VFs (incl. mlx5 support)

    New hardware/drivers:

    - dsa: mv88e6xxx: add support for Marvell mv88e6393x - 11-port
    Ethernet switch with 8x 1-Gigabit Ethernet and 3x 10-Gigabit
    interfaces.

    - dsa: support for legacy Broadcom tags used on BCM5325, BCM5365 and
    BCM63xx switches

    - Microchip KSZ8863 and KSZ8873; 3x 10/100Mbps Ethernet switches

    - ath11k: support for QCN9074 a 802.11ax device

    - Bluetooth: Broadcom BCM4330 and BMC4334

    - phy: Marvell 88X2222 transceiver support

    - mdio: add BCM6368 MDIO mux bus controller

    - r8152: support RTL8153 and RTL8156 (USB Ethernet) chips

    - mana: driver for Microsoft Azure Network Adapter (MANA)

    - Actions Semi Owl Ethernet MAC

    - can: driver for ETAS ES58X CAN/USB interfaces

    Pure driver changes:

    - add XDP support to: enetc, igc, stmmac

    - add AF_XDP support to: stmmac

    - virtio:
    - page_to_skb() use build_skb when there's sufficient tailroom
    (21% improvement for 1000B UDP frames)
    - support XDP even without dedicated Tx queues - share the Tx
    queues with the stack when necessary

    - mlx5:
    - flow rules: add support for mirroring with conntrack, matching
    on ICMP, GTP, flex filters and more
    - support packet sampling with flow offloads
    - persist uplink representor netdev across eswitch mode changes
    - allow coexistence of CQE compression and HW time-stamping
    - add ethtool extended link error state reporting

    - ice, iavf: support flow filters, UDP Segmentation Offload

    - dpaa2-switch:
    - move the driver out of staging
    - add spanning tree (STP) support
    - add rx copybreak support
    - add tc flower hardware offload on ingress traffic

    - ionic:
    - implement Rx page reuse
    - support HW PTP time-stamping

    - octeon: support TC hardware offloads - flower matching on ingress
    and egress ratelimitting.

    - stmmac:
    - add RX frame steering based on VLAN priority in tc flower
    - support frame preemption (FPE)
    - intel: add cross time-stamping freq difference adjustment

    - ocelot:
    - support forwarding of MRP frames in HW
    - support multiple bridges
    - support PTP Sync one-step timestamping

    - dsa: mv88e6xxx, dpaa2-switch: offload bridge port flags like
    learning, flooding etc.

    - ipa: add IPA v4.5, v4.9 and v4.11 support (Qualcomm SDX55, SM8350,
    SC7280 SoCs)

    - mt7601u: enable TDLS support

    - mt76:
    - add support for 802.3 rx frames (mt7915/mt7615)
    - mt7915 flash pre-calibration support
    - mt7921/mt7663 runtime power management fixes"

    * tag 'net-next-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next: (2451 commits)
    net: selftest: fix build issue if INET is disabled
    net: netrom: nr_in: Remove redundant assignment to ns
    net: tun: Remove redundant assignment to ret
    net: phy: marvell: add downshift support for M88E1240
    net: dsa: ksz: Make reg_mib_cnt a u8 as it never exceeds 255
    net/sched: act_ct: Remove redundant ct get and check
    icmp: standardize naming of RFC 8335 PROBE constants
    bpf, selftests: Update array map tests for per-cpu batched ops
    bpf: Add batched ops support for percpu array
    bpf: Implement formatted output helpers with bstr_printf
    seq_file: Add a seq_bprintf function
    sfc: adjust efx->xdp_tx_queue_count with the real number of initialized queues
    net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
    net: fix a concurrency bug in l2tp_tunnel_register()
    net/smc: Remove redundant assignment to rc
    mpls: Remove redundant assignment to err
    llc2: Remove redundant assignment to rc
    net/tls: Remove redundant initialization of record
    rds: Remove redundant assignment to nr_sig
    dt-bindings: net: mdio-gpio: add compatible for microchip,mdio-smi0
    ...

    Linus Torvalds
     

28 Apr, 2021

1 commit

  • f1c921fb7   Merge tag 'selinux-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux ... Browse Code »

    Pull selinux updates from Paul Moore:

    - Add support for measuring the SELinux state and policy capabilities
    using IMA.

    - A handful of SELinux/NFS patches to compare the SELinux state of one
    mount with a set of mount options. Olga goes into more detail in the
    patch descriptions, but this is important as it allows more
    flexibility when using NFS and SELinux context mounts.

    - Properly differentiate between the subjective and objective LSM
    credentials; including support for the SELinux and Smack. My clumsy
    attempt at a proper fix for AppArmor didn't quite pass muster so John
    is working on a proper AppArmor patch, in the meantime this set of
    patches shouldn't change the behavior of AppArmor in any way. This
    change explains the bulk of the diffstat beyond security/.

    - Fix a problem where we were not properly terminating the permission
    list for two SELinux object classes.

    * tag 'selinux-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
    selinux: add proper NULL termination to the secclass_map permissions
    smack: differentiate between subjective and objective task credentials
    selinux: clarify task subjective and objective credentials
    lsm: separate security_task_getsecid() into subjective and objective variants
    nfs: account for selinux security context when deciding to share superblock
    nfs: remove unneeded null check in nfs_fill_super()
    lsm,selinux: add new hook to compare new mount to an existing mount
    selinux: fix misspellings using codespell tool
    selinux: fix misspellings using codespell tool
    selinux: measure state and policy capabilities
    selinux: Allow context mounts for unpriviliged overlayfs

    Linus Torvalds
     

29 Mar, 2021

1 commit

23 Mar, 2021

1 commit

  • 4ebd7651b   lsm: separate security_task_getsecid() into subjective and objective variants ... Browse Code »

    Of the three LSMs that implement the security_task_getsecid() LSM
    hook, all three LSMs provide the task's objective security
    credentials. This turns out to be unfortunate as most of the hook's
    callers seem to expect the task's subjective credentials, although
    a small handful of callers do correctly expect the objective
    credentials.

    This patch is the first step towards fixing the problem: it splits
    the existing security_task_getsecid() hook into two variants, one
    for the subjective creds, one for the objective creds.

    void security_task_getsecid_subj(struct task_struct *p,
    u32 *secid);
    void security_task_getsecid_obj(struct task_struct *p,
    u32 *secid);

    While this patch does fix all of the callers to use the correct
    variant, in order to keep this patch focused on the callers and to
    ease review, the LSMs continue to use the same implementation for
    both hooks. The net effect is that this patch should not change
    the behavior of the kernel in any way, it will be up to the latter
    LSM specific patches in this series to change the hook
    implementations and return the correct credentials.

    Acked-by: Mimi Zohar (IMA)
    Acked-by: Casey Schaufler
    Reviewed-by: Richard Guy Briggs
    Signed-off-by: Paul Moore

    Paul Moore
     

05 Mar, 2021

1 commit

  • ad5d07f4a   cipso,calipso: resolve a number of problems with the DOI refcounts ... Browse Code »

    The current CIPSO and CALIPSO refcounting scheme for the DOI
    definitions is a bit flawed in that we:

    1. Don't correctly match gets/puts in netlbl_cipsov4_list().
    2. Decrement the refcount on each attempt to remove the DOI from the
    DOI list, only removing it from the list once the refcount drops
    to zero.

    This patch fixes these problems by adding the missing "puts" to
    netlbl_cipsov4_list() and introduces a more conventional, i.e.
    not-buggy, refcounting mechanism to the DOI definitions. Upon the
    addition of a DOI to the DOI list, it is initialized with a refcount
    of one, removing a DOI from the list removes it from the list and
    drops the refcount by one; "gets" and "puts" behave as expected with
    respect to refcounts, increasing and decreasing the DOI's refcount by
    one.

    Fixes: b1edeb102397 ("netlabel: Replace protocol/NetLabel linking with refrerence counts")
    Fixes: d7cce01504a0 ("netlabel: Add support for removing a CALIPSO DOI.")
    Reported-by: syzbot+9ec037722d2603a9f52e@syzkaller.appspotmail.com
    Signed-off-by: Paul Moore
    Signed-off-by: David S. Miller

    Paul Moore
     

20 Nov, 2020

1 commit

17 Nov, 2020

1 commit

15 Nov, 2020

1 commit

  • 1ba86d436   netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist() ... Browse Code »

    Static checking revealed that a previous fix to
    netlbl_unlabel_staticlist() leaves a stack variable uninitialized,
    this patches fixes that.

    Fixes: 866358ec331f ("netlabel: fix our progress tracking in netlbl_unlabel_staticlist()")
    Reported-by: Dan Carpenter
    Signed-off-by: Paul Moore
    Reviewed-by: James Morris
    Link: https://lore.kernel.org/r/160530304068.15651.18355773009751195447.stgit@sifl
    Signed-off-by: Jakub Kicinski

    Paul Moore
     

13 Nov, 2020

1 commit

11 Nov, 2020

1 commit

  • 866358ec3   netlabel: fix our progress tracking in netlbl_unlabel_staticlist() ... Browse Code »

    The current NetLabel code doesn't correctly keep track of the netlink
    dump state in some cases, in particular when multiple interfaces with
    large configurations are loaded. The problem manifests itself by not
    reporting the full configuration to userspace, even though it is
    loaded and active in the kernel. This patch fixes this by ensuring
    that the dump state is properly reset when necessary inside the
    netlbl_unlabel_staticlist() function.

    Fixes: 8cc44579d1bd ("NetLabel: Introduce static network labels for unlabeled connections")
    Signed-off-by: Paul Moore
    Link: https://lore.kernel.org/r/160484450633.3752.16512718263560813473.stgit@sifl
    Signed-off-by: Jakub Kicinski

    Paul Moore
     

31 Oct, 2020

1 commit

  • 294ea2911   net: netlabel: Fix kerneldoc warnings ... Browse Code »

    net/netlabel/netlabel_calipso.c:376: warning: Function parameter or member 'ops' not described in 'netlbl_calipso_ops_register'

    Signed-off-by: Andrew Lunn
    Acked-by: Paul Moore
    Link: https://lore.kernel.org/r/20201028005350.930299-1-andrew@lunn.ch
    Signed-off-by: Jakub Kicinski

    Andrew Lunn
     

03 Oct, 2020

1 commit

09 Sep, 2020

1 commit

  • 8c70b2681   netlabel: Fix some kernel-doc warnings ... Browse Code »

    Fixes the following W=1 kernel build warning(s):

    net/netlabel/netlabel_calipso.c:438: warning: Excess function parameter 'audit_secid' description in 'calipso_doi_remove'
    net/netlabel/netlabel_calipso.c:605: warning: Excess function parameter 'reg' description in 'calipso_req_delattr'

    Reported-by: Hulk Robot
    Signed-off-by: Wang Hai
    Acked-by: Paul Moore
    Signed-off-by: David S. Miller

    Wang Hai
     

05 Sep, 2020

1 commit

  • 44a8c4f33   Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net ... Browse Code »

    We got slightly different patches removing a double word
    in a comment in net/ipv4/raw.c - picked the version from net.

    Simple conflict in drivers/net/ethernet/ibm/ibmvnic.c. Use cached
    values instead of VNIC login response buffer (following what
    commit 507ebe6444a4 ("ibmvnic: Fix use-after-free of VNIC login
    response buffer") did).

    Signed-off-by: Jakub Kicinski

    Jakub Kicinski
     

29 Aug, 2020

1 commit

  • 0f091e433   netlabel: remove unused param from audit_log_format() ... Browse Code »

    Commit d3b990b7f327 ("netlabel: fix problems with mapping removal")
    added a check to return an error if ret_val != 0, before ret_val is
    later used in a log message. Now it will unconditionally print "...
    res=1". So just drop the check.

    Addresses-Coverity: ("Dead code")
    Fixes: d3b990b7f327 ("netlabel: fix problems with mapping removal")
    Signed-off-by: Alex Dewar
    Acked-by: Paul Moore
    Signed-off-by: David S. Miller

    Alex Dewar
     

25 Aug, 2020

1 commit

  • d3b990b7f   netlabel: fix problems with mapping removal ... Browse Code »

    This patch fixes two main problems seen when removing NetLabel
    mappings: memory leaks and potentially extra audit noise.

    The memory leaks are caused by not properly free'ing the mapping's
    address selector struct when free'ing the entire entry as well as
    not properly cleaning up a temporary mapping entry when adding new
    address selectors to an existing entry. This patch fixes both these
    problems such that kmemleak reports no NetLabel associated leaks
    after running the SELinux test suite.

    The potentially extra audit noise was caused by the auditing code in
    netlbl_domhsh_remove_entry() being called regardless of the entry's
    validity. If another thread had already marked the entry as invalid,
    but not removed/free'd it from the list of mappings, then it was
    possible that an additional mapping removal audit record would be
    generated. This patch fixes this by returning early from the removal
    function when the entry was previously marked invalid. This change
    also had the side benefit of improving the code by decreasing the
    indentation level of large chunk of code by one (accounting for most
    of the diffstat).

    Fixes: 63c416887437 ("netlabel: Add network address selectors to the NetLabel/LSM domain mapping")
    Reported-by: Stephen Smalley
    Signed-off-by: Paul Moore
    Signed-off-by: David S. Miller

    Paul Moore
     

14 Jul, 2020

1 commit

14 Jun, 2020

1 commit

  • a7f7f6248   treewide: replace '---help---' in Kconfig files with 'help' ... Browse Code »

    Since commit 84af7a6194e4 ("checkpatch: kconfig: prefer 'help' over
    '---help---'"), the number of '---help---' has been gradually
    decreasing, but there are still more than 2400 instances.

    This commit finishes the conversion. While I touched the lines,
    I also fixed the indentation.

    There are a variety of indentation styles found.

    a) 4 spaces + '---help---'
    b) 7 spaces + '---help---'
    c) 8 spaces + '---help---'
    d) 1 space + 1 tab + '---help---'
    e) 1 tab + '---help---' (correct indentation)
    f) 1 tab + 1 space + '---help---'
    g) 1 tab + 2 spaces + '---help---'

    In order to convert all of them to 1 tab + 'help', I ran the
    following commend:

    $ find . -name 'Kconfig*' | xargs sed -i 's/^[[:space:]]*---help---/\thelp/'

    Signed-off-by: Masahiro Yamada

    Masahiro Yamada
     

13 May, 2020

1 commit

  • eead1c2ea   netlabel: cope with NULL catmap ... Browse Code »

    The cipso and calipso code can set the MLS_CAT attribute on
    successful parsing, even if the corresponding catmap has
    not been allocated, as per current configuration and external
    input.

    Later, selinux code tries to access the catmap if the MLS_CAT flag
    is present via netlbl_catmap_getlong(). That may cause null ptr
    dereference while processing incoming network traffic.

    Address the issue setting the MLS_CAT flag only if the catmap is
    really allocated. Additionally let netlbl_catmap_getlong() cope
    with NULL catmap.

    Reported-by: Matthew Sheets
    Fixes: 4b8feff251da ("netlabel: fix the horribly broken catmap functions")
    Fixes: ceba1832b1b2 ("calipso: Set the calipso socket label to match the secattr.")
    Signed-off-by: Paolo Abeni
    Acked-by: Paul Moore
    Signed-off-by: David S. Miller

    Paolo Abeni
     

23 Apr, 2020

1 commit

19 Feb, 2020

2 commits

02 Sep, 2019

1 commit

21 May, 2019

2 commits

  • 1ccea77e2   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 ... Browse Code »

    Based on 2 normalized pattern(s):

    this program is free software you can redistribute it and or modify
    it under the terms of the gnu general public license as published by
    the free software foundation either version 2 of the license or at
    your option any later version this program is distributed in the
    hope that it will be useful but without any warranty without even
    the implied warranty of merchantability or fitness for a particular
    purpose see the gnu general public license for more details you
    should have received a copy of the gnu general public license along
    with this program if not see http www gnu org licenses

    this program is free software you can redistribute it and or modify
    it under the terms of the gnu general public license as published by
    the free software foundation either version 2 of the license or at
    your option any later version this program is distributed in the
    hope that it will be useful but without any warranty without even
    the implied warranty of merchantability or fitness for a particular
    purpose see the gnu general public license for more details [based]
    [from] [clk] [highbank] [c] you should have received a copy of the
    gnu general public license along with this program if not see http
    www gnu org licenses

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-or-later

    has been chosen to replace the boilerplate/reference in 355 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Kate Stewart
    Reviewed-by: Jilayne Lovejoy
    Reviewed-by: Steve Winslow
    Reviewed-by: Allison Randal
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190519154041.837383322@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     
  • ec8f24b7f   treewide: Add SPDX license identifier - Makefile/Kconfig ... Browse Code »

    Add SPDX license identifiers to all Make/Kconfig files which:

    - Have no license information of any form

    These files fall under the project license, GPL v2 only. The resulting SPDX
    license identifier is:

    GPL-2.0-only

    Signed-off-by: Thomas Gleixner
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

28 Apr, 2019

3 commits

  • ef6243acb   genetlink: optionally validate strictly/dumps ... Browse Code »

    Add options to strictly validate messages and dump messages,
    sometimes perhaps validating dump messages non-strictly may
    be required, so add an option for that as well.

    Since none of this can really be applied to existing commands,
    set the options everwhere using the following spatch:

    @@
    identifier ops;
    expression X;
    @@
    struct genl_ops ops[] = {
    ...,
    {
    .cmd = X,
    + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
    ...
    },
    ...
    };

    For new commands one should just not copy the .validate 'opt-out'
    flags and thus get strict validation.

    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     
  • 8cb081746   netlink: make validation more configurable for future strictness ... Browse Code »

    We currently have two levels of strict validation:

    1) liberal (default)
    - undefined (type >= max) & NLA_UNSPEC attributes accepted
    - attribute length >= expected accepted
    - garbage at end of message accepted
    2) strict (opt-in)
    - NLA_UNSPEC attributes accepted
    - attribute length >= expected accepted

    Split out parsing strictness into four different options:
    * TRAILING - check that there's no trailing data after parsing
    attributes (in message or nested)
    * MAXTYPE - reject attrs > max known type
    * UNSPEC - reject attributes with NLA_UNSPEC policy entries
    * STRICT_ATTRS - strictly validate attribute size

    The default for future things should be *everything*.
    The current *_strict() is a combination of TRAILING and MAXTYPE,
    and is renamed to _deprecated_strict().
    The current regular parsing has none of this, and is renamed to
    *_parse_deprecated().

    Additionally it allows us to selectively set one of the new flags
    even on old policies. Notably, the UNSPEC flag could be useful in
    this case, since it can be arranged (by filling in the policy) to
    not be an incompatible userspace ABI change, but would then going
    forward prevent forgetting attribute entries. Similar can apply
    to the POLICY flag.

    We end up with the following renames:
    * nla_parse -> nla_parse_deprecated
    * nla_parse_strict -> nla_parse_deprecated_strict
    * nlmsg_parse -> nlmsg_parse_deprecated
    * nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
    * nla_parse_nested -> nla_parse_nested_deprecated
    * nla_validate_nested -> nla_validate_nested_deprecated

    Using spatch, of course:
    @@
    expression TB, MAX, HEAD, LEN, POL, EXT;
    @@
    -nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
    +nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)

    @@
    expression NLH, HDRLEN, TB, MAX, POL, EXT;
    @@
    -nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
    +nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)

    @@
    expression NLH, HDRLEN, TB, MAX, POL, EXT;
    @@
    -nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
    +nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)

    @@
    expression TB, MAX, NLA, POL, EXT;
    @@
    -nla_parse_nested(TB, MAX, NLA, POL, EXT)
    +nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)

    @@
    expression START, MAX, POL, EXT;
    @@
    -nla_validate_nested(START, MAX, POL, EXT)
    +nla_validate_nested_deprecated(START, MAX, POL, EXT)

    @@
    expression NLH, HDRLEN, MAX, POL, EXT;
    @@
    -nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
    +nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)

    For this patch, don't actually add the strict, non-renamed versions
    yet so that it breaks compile if I get it wrong.

    Also, while at it, make nla_validate and nla_parse go down to a
    common __nla_validate_parse() function to avoid code duplication.

    Ultimately, this allows us to have very strict validation for every
    new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
    next patch, while existing things will continue to work as is.

    In effect then, this adds fully strict validation for any new command.

    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     
  • ae0be8de9   netlink: make nla_nest_start() add NLA_F_NESTED flag ... Browse Code »

    Even if the NLA_F_NESTED flag was introduced more than 11 years ago, most
    netlink based interfaces (including recently added ones) are still not
    setting it in kernel generated messages. Without the flag, message parsers
    not aware of attribute semantics (e.g. wireshark dissector or libmnl's
    mnl_nlmsg_fprintf()) cannot recognize nested attributes and won't display
    the structure of their contents.

    Unfortunately we cannot just add the flag everywhere as there may be
    userspace applications which check nlattr::nla_type directly rather than
    through a helper masking out the flags. Therefore the patch renames
    nla_nest_start() to nla_nest_start_noflag() and introduces nla_nest_start()
    as a wrapper adding NLA_F_NESTED. The calls which add NLA_F_NESTED manually
    are rewritten to use nla_nest_start().

    Except for changes in include/net/netlink.h, the patch was generated using
    this semantic patch:

    @@ expression E1, E2; @@
    -nla_nest_start(E1, E2)
    +nla_nest_start_noflag(E1, E2)

    @@ expression E1, E2; @@
    -nla_nest_start_noflag(E1, E2 | NLA_F_NESTED)
    +nla_nest_start(E1, E2)

    Signed-off-by: Michal Kubecek
    Acked-by: Jiri Pirko
    Acked-by: David Ahern
    Signed-off-by: David S. Miller

    Michal Kubecek
     

22 Mar, 2019

1 commit

  • 3b0f31f2b   genetlink: make policy common to family ... Browse Code »

    Since maxattr is common, the policy can't really differ sanely,
    so make it common as well.

    The only user that did in fact manage to make a non-common policy
    is taskstats, which has to be really careful about it (since it's
    still using a common maxattr!). This is no longer supported, but
    we can fake it using pre_doit.

    This reduces the size of e.g. nl80211.o (which has lots of commands):

    text data bss dec hex filename
    398745 14323 2240 415308 6564c net/wireless/nl80211.o (before)
    397913 14331 2240 414484 65314 net/wireless/nl80211.o (after)
    --------------------------------
    -832 +8 0 -824

    Which is obviously just 8 bytes for each command, and an added 8
    bytes for the new policy pointer. I'm not sure why the ops list is
    counted as .text though.

    Most of the code transformations were done using the following spatch:
    @ops@
    identifier OPS;
    expression POLICY;
    @@
    struct genl_ops OPS[] = {
    ...,
    {
    - .policy = POLICY,
    },
    ...
    };

    @@
    identifier ops.OPS;
    expression ops.POLICY;
    identifier fam;
    expression M;
    @@
    struct genl_family fam = {
    .ops = OPS,
    .maxattr = M,
    + .policy = POLICY,
    ...
    };

    This also gets rid of devlink_nl_cmd_region_read_dumpit() accessing
    the cb->data as ops, which we want to change in a later genl patch.

    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     

28 Feb, 2019

1 commit

  • 5578de483   netlabel: fix out-of-bounds memory accesses ... Browse Code »

    There are two array out-of-bounds memory accesses, one in
    cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both
    errors are embarassingly simple, and the fixes are straightforward.

    As a FYI for anyone backporting this patch to kernels prior to v4.8,
    you'll want to apply the netlbl_bitmap_walk() patch to
    cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before
    Linux v4.8.

    Reported-by: Jann Horn
    Fixes: 446fda4f2682 ("[NetLabel]: CIPSOv4 engine")
    Fixes: 3faa8f982f95 ("netlabel: Move bitmap manipulation functions to the NetLabel core.")
    Signed-off-by: Paul Moore
    Signed-off-by: David S. Miller

    Paul Moore
     

22 Sep, 2018

1 commit

  • f88b4c01b   netlabel: check for IPV4MASK in addrinfo_get ... Browse Code »

    netlbl_unlabel_addrinfo_get() assumes that if it finds the
    NLBL_UNLABEL_A_IPV4ADDR attribute, it must also have the
    NLBL_UNLABEL_A_IPV4MASK attribute as well. However, this is
    not necessarily the case as the current checks in
    netlbl_unlabel_staticadd() and friends are not sufficent to
    enforce this.

    If passed a netlink message with NLBL_UNLABEL_A_IPV4ADDR,
    NLBL_UNLABEL_A_IPV6ADDR, and NLBL_UNLABEL_A_IPV6MASK attributes,
    these functions will all call netlbl_unlabel_addrinfo_get() which
    will then attempt dereference NULL when fetching the non-existent
    NLBL_UNLABEL_A_IPV4MASK attribute:

    Unable to handle kernel NULL pointer dereference at virtual address 0
    Process unlab (pid: 31762, stack limit = 0xffffff80502d8000)
    Call trace:
    netlbl_unlabel_addrinfo_get+0x44/0xd8
    netlbl_unlabel_staticremovedef+0x98/0xe0
    genl_rcv_msg+0x354/0x388
    netlink_rcv_skb+0xac/0x118
    genl_rcv+0x34/0x48
    netlink_unicast+0x158/0x1f0
    netlink_sendmsg+0x32c/0x338
    sock_sendmsg+0x44/0x60
    ___sys_sendmsg+0x1d0/0x2a8
    __sys_sendmsg+0x64/0xb4
    SyS_sendmsg+0x34/0x4c
    el0_svc_naked+0x34/0x38
    Code: 51001149 7100113f 540000a0 f9401508 (79400108)
    ---[ end trace f6438a488e737143 ]---
    Kernel panic - not syncing: Fatal exception

    Signed-off-by: Sean Tranchetti

    Signed-off-by: David S. Miller

    Sean Tranchetti
     

19 Jun, 2018

1 commit

15 May, 2018

1 commit

  • cdfb6b341   audit: use inline function to get audit context ... Browse Code »

    Recognizing that the audit context is an internal audit value, use an
    access function to retrieve the audit context pointer for the task
    rather than reaching directly into the task struct to get it.

    Signed-off-by: Richard Guy Briggs
    [PM: merge fuzz in auditsc.c and selinuxfs.c, checkpatch.pl fixes]
    Signed-off-by: Paul Moore

    Richard Guy Briggs