]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
4.9-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 12 Dec 2021 13:25:34 +0000 (14:25 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 12 Dec 2021 13:25:34 +0000 (14:25 +0100)
added patches:
can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
libata-add-horkage-for-asmedia-1092.patch
tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch

queue-4.9/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch [new file with mode: 0644]
queue-4.9/libata-add-horkage-for-asmedia-1092.patch [new file with mode: 0644]
queue-4.9/series
queue-4.9/tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch [new file with mode: 0644]

diff --git a/queue-4.9/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch b/queue-4.9/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
new file mode 100644 (file)
index 0000000..c28a11e
--- /dev/null
@@ -0,0 +1,41 @@
+From 94cddf1e9227a171b27292509d59691819c458db Mon Sep 17 00:00:00 2001
+From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
+Date: Tue, 23 Nov 2021 20:16:54 +0900
+Subject: can: pch_can: pch_can_rx_normal: fix use after free
+
+From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
+
+commit 94cddf1e9227a171b27292509d59691819c458db upstream.
+
+After calling netif_receive_skb(skb), dereferencing skb is unsafe.
+Especially, the can_frame cf which aliases skb memory is dereferenced
+just after the call netif_receive_skb(skb).
+
+Reordering the lines solves the issue.
+
+Fixes: b21d18b51b31 ("can: Topcliff: Add PCH_CAN driver.")
+Link: https://lore.kernel.org/all/20211123111654.621610-1-mailhol.vincent@wanadoo.fr
+Cc: stable@vger.kernel.org
+Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/can/pch_can.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/can/pch_can.c
++++ b/drivers/net/can/pch_can.c
+@@ -703,11 +703,11 @@ static int pch_can_rx_normal(struct net_
+                       cf->data[i + 1] = data_reg >> 8;
+               }
+-              netif_receive_skb(skb);
+               rcv_pkts++;
+               stats->rx_packets++;
+               quota--;
+               stats->rx_bytes += cf->can_dlc;
++              netif_receive_skb(skb);
+               pch_fifo_thresh(priv, obj_num);
+               obj_num++;
diff --git a/queue-4.9/libata-add-horkage-for-asmedia-1092.patch b/queue-4.9/libata-add-horkage-for-asmedia-1092.patch
new file mode 100644 (file)
index 0000000..ebb5bd5
--- /dev/null
@@ -0,0 +1,33 @@
+From a66307d473077b7aeba74e9b09c841ab3d399c2d Mon Sep 17 00:00:00 2001
+From: Hannes Reinecke <hare@suse.de>
+Date: Wed, 8 Dec 2021 07:58:53 +0100
+Subject: libata: add horkage for ASMedia 1092
+
+From: Hannes Reinecke <hare@suse.de>
+
+commit a66307d473077b7aeba74e9b09c841ab3d399c2d upstream.
+
+The ASMedia 1092 has a configuration mode which will present a
+dummy device; sadly the implementation falsely claims to provide
+a device with 100M which doesn't actually exist.
+So disable this device to avoid errors during boot.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Hannes Reinecke <hare@suse.de>
+Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ata/libata-core.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4332,6 +4332,8 @@ static const struct ata_blacklist_entry
+       { "VRFDFC22048UCHC-TE*", NULL,          ATA_HORKAGE_NODMA },
+       /* Odd clown on sil3726/4726 PMPs */
+       { "Config  Disk",       NULL,           ATA_HORKAGE_DISABLE },
++      /* Similar story with ASMedia 1092 */
++      { "ASMT109x- Config",   NULL,           ATA_HORKAGE_DISABLE },
+       /* Weird ATAPI devices */
+       { "TORiSAN DVD-ROM DRD-N216", NULL,     ATA_HORKAGE_MAX_SEC_128 },
index eeacea9599494903a37c82b717baadd63285029c..7fc887d4b3400aa34cf0580f3c0bed3514635c66 100644 (file)
@@ -13,3 +13,6 @@ alsa-ctl-fix-copy-of-updated-id-with-element-read-write.patch
 alsa-pcm-oss-fix-negative-period-buffer-sizes.patch
 alsa-pcm-oss-limit-the-period-size-to-16mb.patch
 alsa-pcm-oss-handle-missing-errors-in-snd_pcm_oss_change_params.patch
+tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch
+can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
+libata-add-horkage-for-asmedia-1092.patch
diff --git a/queue-4.9/tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch b/queue-4.9/tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch
new file mode 100644 (file)
index 0000000..12bbaed
--- /dev/null
@@ -0,0 +1,53 @@
+From ee7f3666995d8537dec17b1d35425f28877671a9 Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
+Date: Wed, 8 Dec 2021 07:57:20 -0500
+Subject: tracefs: Have new files inherit the ownership of their parent
+
+From: Steven Rostedt (VMware) <rostedt@goodmis.org>
+
+commit ee7f3666995d8537dec17b1d35425f28877671a9 upstream.
+
+If directories in tracefs have their ownership changed, then any new files
+and directories that are created under those directories should inherit
+the ownership of the director they are created in.
+
+Link: https://lkml.kernel.org/r/20211208075720.4855d180@gandalf.local.home
+
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Yabin Cui <yabinc@google.com>
+Cc: Christian Brauner <christian.brauner@ubuntu.com>
+Cc: stable@vger.kernel.org
+Fixes: 4282d60689d4f ("tracefs: Add new tracefs file system")
+Reported-by: Kalesh Singh <kaleshsingh@google.com>
+Reported: https://lore.kernel.org/all/CAC_TJve8MMAv+H_NdLSJXZUSoxOEq2zB_pVaJ9p=7H6Bu3X76g@mail.gmail.com/
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/tracefs/inode.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/tracefs/inode.c
++++ b/fs/tracefs/inode.c
+@@ -411,6 +411,8 @@ struct dentry *tracefs_create_file(const
+       inode->i_mode = mode;
+       inode->i_fop = fops ? fops : &tracefs_file_operations;
+       inode->i_private = data;
++      inode->i_uid = d_inode(dentry->d_parent)->i_uid;
++      inode->i_gid = d_inode(dentry->d_parent)->i_gid;
+       d_instantiate(dentry, inode);
+       fsnotify_create(dentry->d_parent->d_inode, dentry);
+       return end_creating(dentry);
+@@ -433,6 +435,8 @@ static struct dentry *__create_dir(const
+       inode->i_mode = S_IFDIR | S_IRWXU | S_IRUSR| S_IRGRP | S_IXUSR | S_IXGRP;
+       inode->i_op = ops;
+       inode->i_fop = &simple_dir_operations;
++      inode->i_uid = d_inode(dentry->d_parent)->i_uid;
++      inode->i_gid = d_inode(dentry->d_parent)->i_gid;
+       /* directory inodes start off with i_nlink == 2 (for "." entry) */
+       inc_nlink(inode);