]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
Fixes for 6.1
authorSasha Levin <sashal@kernel.org>
Sun, 1 Sep 2024 11:25:52 +0000 (07:25 -0400)
committerSasha Levin <sashal@kernel.org>
Sun, 1 Sep 2024 11:25:52 +0000 (07:25 -0400)
Signed-off-by: Sasha Levin <sashal@kernel.org>
queue-6.1/apparmor-fix-policy_unpack_test-on-big-endian-system.patch [new file with mode: 0644]
queue-6.1/scsi-aacraid-fix-double-free-on-probe-failure.patch [new file with mode: 0644]
queue-6.1/series

diff --git a/queue-6.1/apparmor-fix-policy_unpack_test-on-big-endian-system.patch b/queue-6.1/apparmor-fix-policy_unpack_test-on-big-endian-system.patch
new file mode 100644 (file)
index 0000000..cbe8b60
--- /dev/null
@@ -0,0 +1,69 @@
+From f3358721bb99df093c89f8655a45b606e17a9eff Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Aug 2024 08:50:03 -0700
+Subject: apparmor: fix policy_unpack_test on big endian systems
+
+From: Guenter Roeck <linux@roeck-us.net>
+
+[ Upstream commit 98c0cc48e27e9d269a3e4db2acd72b486c88ec77 ]
+
+policy_unpack_test fails on big endian systems because data byte order
+is expected to be little endian but is generated in host byte order.
+This results in test failures such as:
+
+ # policy_unpack_test_unpack_array_with_null_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:150
+    Expected array_size == (u16)16, but
+        array_size == 4096 (0x1000)
+        (u16)16 == 16 (0x10)
+    # policy_unpack_test_unpack_array_with_null_name: pass:0 fail:1 skip:0 total:1
+    not ok 3 policy_unpack_test_unpack_array_with_null_name
+    # policy_unpack_test_unpack_array_with_name: EXPECTATION FAILED at security/apparmor/policy_unpack_test.c:164
+    Expected array_size == (u16)16, but
+        array_size == 4096 (0x1000)
+        (u16)16 == 16 (0x10)
+    # policy_unpack_test_unpack_array_with_name: pass:0 fail:1 skip:0 total:1
+
+Add the missing endianness conversions when generating test data.
+
+Fixes: 4d944bcd4e73 ("apparmor: add AppArmor KUnit tests for policy unpack")
+Cc: Brendan Higgins <brendanhiggins@google.com>
+Cc: Kees Cook <keescook@chromium.org>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ security/apparmor/policy_unpack_test.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/security/apparmor/policy_unpack_test.c b/security/apparmor/policy_unpack_test.c
+index f25cf2a023d57..0711a0305df34 100644
+--- a/security/apparmor/policy_unpack_test.c
++++ b/security/apparmor/policy_unpack_test.c
+@@ -81,14 +81,14 @@ static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf,
+       *(buf + 1) = strlen(TEST_U32_NAME) + 1;
+       strcpy(buf + 3, TEST_U32_NAME);
+       *(buf + 3 + strlen(TEST_U32_NAME) + 1) = AA_U32;
+-      *((u32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = TEST_U32_DATA;
++      *((__le32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = cpu_to_le32(TEST_U32_DATA);
+       buf = e->start + TEST_NAMED_U64_BUF_OFFSET;
+       *buf = AA_NAME;
+       *(buf + 1) = strlen(TEST_U64_NAME) + 1;
+       strcpy(buf + 3, TEST_U64_NAME);
+       *(buf + 3 + strlen(TEST_U64_NAME) + 1) = AA_U64;
+-      *((u64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = TEST_U64_DATA;
++      *((__le64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = cpu_to_le64(TEST_U64_DATA);
+       buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET;
+       *buf = AA_NAME;
+@@ -104,7 +104,7 @@ static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf,
+       *(buf + 1) = strlen(TEST_ARRAY_NAME) + 1;
+       strcpy(buf + 3, TEST_ARRAY_NAME);
+       *(buf + 3 + strlen(TEST_ARRAY_NAME) + 1) = AA_ARRAY;
+-      *((u16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = TEST_ARRAY_SIZE;
++      *((__le16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = cpu_to_le16(TEST_ARRAY_SIZE);
+       return e;
+ }
+-- 
+2.43.0
+
diff --git a/queue-6.1/scsi-aacraid-fix-double-free-on-probe-failure.patch b/queue-6.1/scsi-aacraid-fix-double-free-on-probe-failure.patch
new file mode 100644 (file)
index 0000000..4bd622b
--- /dev/null
@@ -0,0 +1,54 @@
+From b6e7c5453e9453e83bfb954d97ef9b5e7588fcc5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 22 Aug 2024 00:51:42 +0200
+Subject: scsi: aacraid: Fix double-free on probe failure
+
+From: Ben Hutchings <benh@debian.org>
+
+[ Upstream commit 919ddf8336f0b84c0453bac583808c9f165a85c2 ]
+
+aac_probe_one() calls hardware-specific init functions through the
+aac_driver_ident::init pointer, all of which eventually call down to
+aac_init_adapter().
+
+If aac_init_adapter() fails after allocating memory for aac_dev::queues,
+it frees the memory but does not clear that member.
+
+After the hardware-specific init function returns an error,
+aac_probe_one() goes down an error path that frees the memory pointed to
+by aac_dev::queues, resulting.in a double-free.
+
+Reported-by: Michael Gordon <m.gordon.zelenoborsky@gmail.com>
+Link: https://bugs.debian.org/1075855
+Fixes: 8e0c5ebde82b ("[SCSI] aacraid: Newer adapter communication iterface support")
+Signed-off-by: Ben Hutchings <benh@debian.org>
+Link: https://lore.kernel.org/r/ZsZvfqlQMveoL5KQ@decadent.org.uk
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/aacraid/comminit.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/scsi/aacraid/comminit.c b/drivers/scsi/aacraid/comminit.c
+index bd99c5492b7d4..0f64b02443037 100644
+--- a/drivers/scsi/aacraid/comminit.c
++++ b/drivers/scsi/aacraid/comminit.c
+@@ -642,6 +642,7 @@ struct aac_dev *aac_init_adapter(struct aac_dev *dev)
+       if (aac_comm_init(dev)<0){
+               kfree(dev->queues);
++              dev->queues = NULL;
+               return NULL;
+       }
+       /*
+@@ -649,6 +650,7 @@ struct aac_dev *aac_init_adapter(struct aac_dev *dev)
+        */
+       if (aac_fib_setup(dev) < 0) {
+               kfree(dev->queues);
++              dev->queues = NULL;
+               return NULL;
+       }
+               
+-- 
+2.43.0
+
index 0c47e23561392d11929d9cb302bf459fee98ed06..d893c157fe3cbfa2610b82f2496de6cf3bc4e8f2 100644 (file)
@@ -66,3 +66,5 @@ usb-cdnsp-fix-for-link-trb-with-tc.patch
 phy-zynqmp-enable-reference-clock-correctly.patch
 igc-fix-reset-adapter-logics-when-tx-mode-change.patch
 igc-fix-qbv-tx-latency-by-setting-gtxoffset.patch
+scsi-aacraid-fix-double-free-on-probe-failure.patch
+apparmor-fix-policy_unpack_test-on-big-endian-system.patch