4.9-stable patches

added patches:
	batman-adv-don-t-schedule-ogm-for-disabled-interface.patch
	netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch
	nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch
	nl80211-add-missing-attribute-validation-for-channel-switch.patch
	nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch

diff --git a/queue-4.9/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch b/queue-4.9/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch
new file mode 100644 (file)
index 0000000..bbb9353
--- /dev/null
+++ b/queue-4.9/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch
@@ -0,0 +1,43 @@
+From 8e8ce08198de193e3d21d42e96945216e3d9ac7f Mon Sep 17 00:00:00 2001
+From: Sven Eckelmann <sven@narfation.org>
+Date: Sun, 16 Feb 2020 13:02:06 +0100
+Subject: batman-adv: Don't schedule OGM for disabled interface
+
+From: Sven Eckelmann <sven@narfation.org>
+
+commit 8e8ce08198de193e3d21d42e96945216e3d9ac7f upstream.
+
+A transmission scheduling for an interface which is currently dropped by
+batadv_iv_ogm_iface_disable could still be in progress. The B.A.T.M.A.N. V
+is simply cancelling the workqueue item in an synchronous way but this is
+not possible with B.A.T.M.A.N. IV because the OGM submissions are
+intertwined.
+
+Instead it has to stop submitting the OGM when it detect that the buffer
+pointer is set to NULL.
+
+Reported-by: syzbot+a98f2016f40b9cd3818a@syzkaller.appspotmail.com
+Reported-by: syzbot+ac36b6a33c28a491e929@syzkaller.appspotmail.com
+Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Cc: Hillf Danton <hdanton@sina.com>
+Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/batman-adv/bat_iv_ogm.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/net/batman-adv/bat_iv_ogm.c
++++ b/net/batman-adv/bat_iv_ogm.c
+@@ -934,6 +934,10 @@ static void batadv_iv_ogm_schedule(struc
+           (hard_iface->if_status == BATADV_IF_TO_BE_REMOVED))
+               return;
+ 
++      /* interface already disabled by batadv_iv_ogm_iface_disable */
++      if (!*ogm_buff)
++              return;
++
+       /* the interface gets activated here to avoid race conditions between
+        * the moment of activating the interface in
+        * hardif_activate_interface() where the originator mac is set and

diff --git a/queue-4.9/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch b/queue-4.9/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch
new file mode 100644 (file)
index 0000000..03becc8
--- /dev/null
+++ b/queue-4.9/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch
@@ -0,0 +1,32 @@
+From c049b3450072b8e3998053490e025839fecfef31 Mon Sep 17 00:00:00 2001
+From: Jakub Kicinski <kuba@kernel.org>
+Date: Mon, 2 Mar 2020 21:08:31 -0800
+Subject: netfilter: cthelper: add missing attribute validation for cthelper
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+commit c049b3450072b8e3998053490e025839fecfef31 upstream.
+
+Add missing attribute validation for cthelper
+to the netlink policy.
+
+Fixes: 12f7a505331e ("netfilter: add user-space connection tracking helper infrastructure")
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink_cthelper.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/netfilter/nfnetlink_cthelper.c
++++ b/net/netfilter/nfnetlink_cthelper.c
+@@ -711,6 +711,8 @@ static const struct nla_policy nfnl_cthe
+       [NFCTH_NAME] = { .type = NLA_NUL_STRING,
+                        .len = NF_CT_HELPER_NAME_LEN-1 },
+       [NFCTH_QUEUE_NUM] = { .type = NLA_U32, },
++      [NFCTH_PRIV_DATA_LEN] = { .type = NLA_U32, },
++      [NFCTH_STATUS] = { .type = NLA_U32, },
+ };
+ 
+ static const struct nfnl_callback nfnl_cthelper_cb[NFNL_MSG_CTHELPER_MAX] = {

diff --git a/queue-4.9/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch b/queue-4.9/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch
new file mode 100644 (file)
index 0000000..096f4b3
--- /dev/null
+++ b/queue-4.9/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch
@@ -0,0 +1,33 @@
+From 056e9375e1f3c4bf2fd49b70258c7daf788ecd9d Mon Sep 17 00:00:00 2001
+From: Jakub Kicinski <kuba@kernel.org>
+Date: Mon, 2 Mar 2020 21:10:57 -0800
+Subject: nl80211: add missing attribute validation for beacon report scanning
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+commit 056e9375e1f3c4bf2fd49b70258c7daf788ecd9d upstream.
+
+Add missing attribute validation for beacon report scanning
+to the netlink policy.
+
+Fixes: 1d76250bd34a ("nl80211: support beacon report scanning")
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Link: https://lore.kernel.org/r/20200303051058.4089398-3-kuba@kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -359,6 +359,8 @@ static const struct nla_policy nl80211_p
+       [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
+       [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
+       [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
++      [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
++      [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
+       [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
+       [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
+       [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },

diff --git a/queue-4.9/nl80211-add-missing-attribute-validation-for-channel-switch.patch b/queue-4.9/nl80211-add-missing-attribute-validation-for-channel-switch.patch
new file mode 100644 (file)
index 0000000..08fd69b
--- /dev/null
+++ b/queue-4.9/nl80211-add-missing-attribute-validation-for-channel-switch.patch
@@ -0,0 +1,32 @@
+From 5cde05c61cbe13cbb3fa66d52b9ae84f7975e5e6 Mon Sep 17 00:00:00 2001
+From: Jakub Kicinski <kuba@kernel.org>
+Date: Mon, 2 Mar 2020 21:10:58 -0800
+Subject: nl80211: add missing attribute validation for channel switch
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+commit 5cde05c61cbe13cbb3fa66d52b9ae84f7975e5e6 upstream.
+
+Add missing attribute validation for NL80211_ATTR_OPER_CLASS
+to the netlink policy.
+
+Fixes: 1057d35ede5d ("cfg80211: introduce TDLS channel switch commands")
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Link: https://lore.kernel.org/r/20200303051058.4089398-4-kuba@kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -436,6 +436,7 @@ static const struct nla_policy nl80211_p
+       [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
+       [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
+       [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
++      [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
+       [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
+       [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
+       [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },

diff --git a/queue-4.9/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch b/queue-4.9/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch
new file mode 100644 (file)
index 0000000..5d1e03f
--- /dev/null
+++ b/queue-4.9/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch
@@ -0,0 +1,33 @@
+From 0e1a1d853ecedc99da9d27f9f5c376935547a0e2 Mon Sep 17 00:00:00 2001
+From: Jakub Kicinski <kuba@kernel.org>
+Date: Mon, 2 Mar 2020 21:10:56 -0800
+Subject: nl80211: add missing attribute validation for critical protocol indication
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+commit 0e1a1d853ecedc99da9d27f9f5c376935547a0e2 upstream.
+
+Add missing attribute validation for critical protocol fields
+to the netlink policy.
+
+Fixes: 5de17984898c ("cfg80211: introduce critical protocol indication from user-space")
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Link: https://lore.kernel.org/r/20200303051058.4089398-2-kuba@kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -407,6 +407,8 @@ static const struct nla_policy nl80211_p
+       [NL80211_ATTR_MDID] = { .type = NLA_U16 },
+       [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
+                                 .len = IEEE80211_MAX_DATA_LEN },
++      [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
++      [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = { .type = NLA_U16 },
+       [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
+       [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
+       [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },

diff --git a/queue-4.9/series b/queue-4.9/series
index 18e9503ecee650ca7c7f195b68a3191ed3963138..b94408fab17c880811eb4ef16c5ccb04d360a750 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -39,3 +39,8 @@ arc-define-__align_str-and-__align-symbols-for-arc.patch
 efi-fix-a-race-and-a-buffer-overflow-while-reading-efivars-via-sysfs.patch
 iommu-vt-d-dmar-replace-warn_taint-with-pr_warn-add_taint.patch
 iommu-vt-d-fix-a-bug-in-intel_iommu_iova_to_phys-for-huge-page.patch
+batman-adv-don-t-schedule-ogm-for-disabled-interface.patch
+nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch
+nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch
+nl80211-add-missing-attribute-validation-for-channel-switch.patch
+netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch