From: Greg Kroah-Hartman Date: Fri, 11 Feb 2022 09:19:59 +0000 (+0100) Subject: 4.19-stable patches X-Git-Tag: v4.9.302~63 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3abe0b2bba1066ebdda8adf27b2949a81d3dd8fe;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: ima-allow-template-selection-with-ima_template-after-ima_hash.patch ima-remove-ima_policy-file-before-directory.patch integrity-check-the-return-value-of-audit_log_start.patch mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch nfsd-clamp-write-offsets.patch nfsd-fix-offset-type-in-i-o-trace-points.patch --- diff --git a/queue-4.19/ima-allow-template-selection-with-ima_template-after-ima_hash.patch b/queue-4.19/ima-allow-template-selection-with-ima_template-after-ima_hash.patch new file mode 100644 index 00000000000..ff1e6fa78a6 --- /dev/null +++ b/queue-4.19/ima-allow-template-selection-with-ima_template-after-ima_hash.patch @@ -0,0 +1,84 @@ +From bb8e52e4906f148c2faf6656b5106cf7233e9301 Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Mon, 31 Jan 2022 18:11:39 +0100 +Subject: ima: Allow template selection with ima_template[_fmt]= after ima_hash= + +From: Roberto Sassu + +commit bb8e52e4906f148c2faf6656b5106cf7233e9301 upstream. + +Commit c2426d2ad5027 ("ima: added support for new kernel cmdline parameter +ima_template_fmt") introduced an additional check on the ima_template +variable to avoid multiple template selection. + +Unfortunately, ima_template could be also set by the setup function of the +ima_hash= parameter, when it calls ima_template_desc_current(). This causes +attempts to choose a new template with ima_template= or with +ima_template_fmt=, after ima_hash=, to be ignored. + +Achieve the goal of the commit mentioned with the new static variable +template_setup_done, so that template selection requests after ima_hash= +are not ignored. + +Finally, call ima_init_template_list(), if not already done, to initialize +the list of templates before lookup_template_desc() is called. + +Reported-by: Guo Zihua +Signed-off-by: Roberto Sassu +Cc: stable@vger.kernel.org +Fixes: c2426d2ad5027 ("ima: added support for new kernel cmdline parameter ima_template_fmt") +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman +--- + security/integrity/ima/ima_template.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +--- a/security/integrity/ima/ima_template.c ++++ b/security/integrity/ima/ima_template.c +@@ -31,6 +31,7 @@ static struct ima_template_desc builtin_ + + static LIST_HEAD(defined_templates); + static DEFINE_SPINLOCK(template_list); ++static int template_setup_done; + + static struct ima_template_field supported_fields[] = { + {.field_id = "d", .field_init = ima_eventdigest_init, +@@ -57,10 +58,11 @@ static int __init ima_template_setup(cha + struct ima_template_desc *template_desc; + int template_len = strlen(str); + +- if (ima_template) ++ if (template_setup_done) + return 1; + +- ima_init_template_list(); ++ if (!ima_template) ++ ima_init_template_list(); + + /* + * Verify that a template with the supplied name exists. +@@ -84,6 +86,7 @@ static int __init ima_template_setup(cha + } + + ima_template = template_desc; ++ template_setup_done = 1; + return 1; + } + __setup("ima_template=", ima_template_setup); +@@ -92,7 +95,7 @@ static int __init ima_template_fmt_setup + { + int num_templates = ARRAY_SIZE(builtin_templates); + +- if (ima_template) ++ if (template_setup_done) + return 1; + + if (template_desc_init_fields(str, NULL, NULL) < 0) { +@@ -103,6 +106,7 @@ static int __init ima_template_fmt_setup + + builtin_templates[num_templates - 1].fmt = str; + ima_template = builtin_templates + num_templates - 1; ++ template_setup_done = 1; + + return 1; + } diff --git a/queue-4.19/ima-remove-ima_policy-file-before-directory.patch b/queue-4.19/ima-remove-ima_policy-file-before-directory.patch new file mode 100644 index 00000000000..368992c42b1 --- /dev/null +++ b/queue-4.19/ima-remove-ima_policy-file-before-directory.patch @@ -0,0 +1,38 @@ +From f7333b9572d0559e00352a926c92f29f061b4569 Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Tue, 25 Jan 2022 17:46:23 -0500 +Subject: ima: Remove ima_policy file before directory + +From: Stefan Berger + +commit f7333b9572d0559e00352a926c92f29f061b4569 upstream. + +The removal of ima_dir currently fails since ima_policy still exists, so +remove the ima_policy file before removing the directory. + +Fixes: 4af4662fa4a9 ("integrity: IMA policy") +Signed-off-by: Stefan Berger +Cc: +Acked-by: Christian Brauner +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman +--- + security/integrity/ima/ima_fs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/security/integrity/ima/ima_fs.c ++++ b/security/integrity/ima/ima_fs.c +@@ -497,12 +497,12 @@ int __init ima_fs_init(void) + + return 0; + out: ++ securityfs_remove(ima_policy); + securityfs_remove(violations); + securityfs_remove(runtime_measurements_count); + securityfs_remove(ascii_runtime_measurements); + securityfs_remove(binary_runtime_measurements); + securityfs_remove(ima_symlink); + securityfs_remove(ima_dir); +- securityfs_remove(ima_policy); + return -1; + } diff --git a/queue-4.19/integrity-check-the-return-value-of-audit_log_start.patch b/queue-4.19/integrity-check-the-return-value-of-audit_log_start.patch new file mode 100644 index 00000000000..3c114d3426e --- /dev/null +++ b/queue-4.19/integrity-check-the-return-value-of-audit_log_start.patch @@ -0,0 +1,33 @@ +From 83230351c523b04ff8a029a4bdf97d881ecb96fc Mon Sep 17 00:00:00 2001 +From: Xiaoke Wang +Date: Sat, 15 Jan 2022 09:11:11 +0800 +Subject: integrity: check the return value of audit_log_start() + +From: Xiaoke Wang + +commit 83230351c523b04ff8a029a4bdf97d881ecb96fc upstream. + +audit_log_start() returns audit_buffer pointer on success or NULL on +error, so it is better to check the return value of it. + +Fixes: 3323eec921ef ("integrity: IMA as an integrity service provider") +Signed-off-by: Xiaoke Wang +Cc: +Reviewed-by: Paul Moore +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman +--- + security/integrity/integrity_audit.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/security/integrity/integrity_audit.c ++++ b/security/integrity/integrity_audit.c +@@ -39,6 +39,8 @@ void integrity_audit_msg(int audit_msgno + return; + + ab = audit_log_start(audit_context(), GFP_KERNEL, audit_msgno); ++ if (!ab) ++ return; + audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", + task_pid_nr(current), + from_kuid(&init_user_ns, current_cred()->uid), diff --git a/queue-4.19/mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch b/queue-4.19/mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch new file mode 100644 index 00000000000..f3c54a8c024 --- /dev/null +++ b/queue-4.19/mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch @@ -0,0 +1,48 @@ +From 40c67c291a93f8846c4a972c9ef1b7ba4544c8d0 Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang +Date: Wed, 12 Jan 2022 16:31:56 +0800 +Subject: mmc: sdhci-of-esdhc: Check for error num after setting mask + +From: Jiasheng Jiang + +commit 40c67c291a93f8846c4a972c9ef1b7ba4544c8d0 upstream. + +Because of the possible failure of the dma_supported(), the +dma_set_mask_and_coherent() may return error num. +Therefore, it should be better to check it and return the error if +fails. +And since the sdhci_setup_host() has already checked the return value of +the enable_dma, we need not check it in sdhci_resume_host() again. + +Fixes: 5552d7ad596c ("mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips") +Signed-off-by: Jiasheng Jiang +Acked-by: Adrian Hunter +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20220112083156.1124782-1-jiasheng@iscas.ac.cn +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/host/sdhci-of-esdhc.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/drivers/mmc/host/sdhci-of-esdhc.c ++++ b/drivers/mmc/host/sdhci-of-esdhc.c +@@ -472,12 +472,16 @@ static void esdhc_of_adma_workaround(str + + static int esdhc_of_enable_dma(struct sdhci_host *host) + { ++ int ret; + u32 value; + struct device *dev = mmc_dev(host->mmc); + + if (of_device_is_compatible(dev->of_node, "fsl,ls1043a-esdhc") || +- of_device_is_compatible(dev->of_node, "fsl,ls1046a-esdhc")) +- dma_set_mask_and_coherent(dev, DMA_BIT_MASK(40)); ++ of_device_is_compatible(dev->of_node, "fsl,ls1046a-esdhc")) { ++ ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(40)); ++ if (ret) ++ return ret; ++ } + + value = sdhci_readl(host, ESDHC_DMA_SYSCTL); + diff --git a/queue-4.19/net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch b/queue-4.19/net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch new file mode 100644 index 00000000000..6b9bfa75896 --- /dev/null +++ b/queue-4.19/net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch @@ -0,0 +1,51 @@ +From aec12836e7196e4d360b2cbf20cf7aa5139ad2ec Mon Sep 17 00:00:00 2001 +From: Pavel Parkhomenko +Date: Sun, 6 Feb 2022 00:49:51 +0300 +Subject: net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs + +From: Pavel Parkhomenko + +commit aec12836e7196e4d360b2cbf20cf7aa5139ad2ec upstream. + +When setting up autonegotiation for 88E1118R and compatible PHYs, +a software reset of PHY is issued before setting up polarity. +This is incorrect as changes of MDI Crossover Mode bits are +disruptive to the normal operation and must be followed by a +software reset to take effect. Let's patch m88e1118_config_aneg() +to fix the issue mentioned before by invoking software reset +of the PHY just after setting up MDI-x polarity. + +Fixes: 605f196efbf8 ("phy: Add support for Marvell 88E1118 PHY") +Signed-off-by: Pavel Parkhomenko +Reviewed-by: Serge Semin +Suggested-by: Andrew Lunn +Cc: stable@vger.kernel.org +Reviewed-by: Andrew Lunn +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/phy/marvell.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +--- a/drivers/net/phy/marvell.c ++++ b/drivers/net/phy/marvell.c +@@ -899,16 +899,15 @@ static int m88e1118_config_aneg(struct p + { + int err; + +- err = genphy_soft_reset(phydev); ++ err = marvell_set_polarity(phydev, phydev->mdix_ctrl); + if (err < 0) + return err; + +- err = marvell_set_polarity(phydev, phydev->mdix_ctrl); ++ err = genphy_config_aneg(phydev); + if (err < 0) + return err; + +- err = genphy_config_aneg(phydev); +- return 0; ++ return genphy_soft_reset(phydev); + } + + static int m88e1118_config_init(struct phy_device *phydev) diff --git a/queue-4.19/nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch b/queue-4.19/nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch new file mode 100644 index 00000000000..fa3a72f2602 --- /dev/null +++ b/queue-4.19/nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch @@ -0,0 +1,41 @@ +From 468d126dab45718feeb728319be20bd869a5eaa7 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Wed, 2 Feb 2022 18:52:01 -0500 +Subject: NFS: Fix initialisation of nfs_client cl_flags field + +From: Trond Myklebust + +commit 468d126dab45718feeb728319be20bd869a5eaa7 upstream. + +For some long forgotten reason, the nfs_client cl_flags field is +initialised in nfs_get_client() instead of being initialised at +allocation time. This quirk was harmless until we moved the call to +nfs_create_rpc_client(). + +Fixes: dd99e9f98fbf ("NFSv4: Initialise connection to the server in nfs4_alloc_client()") +Cc: stable@vger.kernel.org # 4.8.x +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfs/client.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/client.c ++++ b/fs/nfs/client.c +@@ -180,6 +180,7 @@ struct nfs_client *nfs_alloc_client(cons + INIT_LIST_HEAD(&clp->cl_superblocks); + clp->cl_rpcclient = ERR_PTR(-EINVAL); + ++ clp->cl_flags = cl_init->init_flags; + clp->cl_proto = cl_init->proto; + clp->cl_net = get_net(cl_init->net); + +@@ -427,7 +428,6 @@ struct nfs_client *nfs_get_client(const + list_add_tail(&new->cl_share_link, + &nn->nfs_client_list); + spin_unlock(&nn->nfs_client_lock); +- new->cl_flags = cl_init->init_flags; + return rpc_ops->init_client(new, cl_init); + } + diff --git a/queue-4.19/nfsd-clamp-write-offsets.patch b/queue-4.19/nfsd-clamp-write-offsets.patch new file mode 100644 index 00000000000..5ce40444846 --- /dev/null +++ b/queue-4.19/nfsd-clamp-write-offsets.patch @@ -0,0 +1,51 @@ +From 6260d9a56ab352b54891ec66ab0eced57d55abc6 Mon Sep 17 00:00:00 2001 +From: Chuck Lever +Date: Tue, 25 Jan 2022 16:36:22 -0500 +Subject: NFSD: Clamp WRITE offsets + +From: Chuck Lever + +commit 6260d9a56ab352b54891ec66ab0eced57d55abc6 upstream. + +Ensure that a client cannot specify a WRITE range that falls in a +byte range outside what the kernel's internal types (such as loff_t, +which is signed) can represent. The kiocb iterators, invoked in +nfsd_vfs_write(), should properly limit write operations to within +the underlying file system's s_maxbytes. + +Cc: stable@vger.kernel.org +Signed-off-by: Chuck Lever +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/nfs3proc.c | 5 +++++ + fs/nfsd/nfs4proc.c | 5 +++-- + 2 files changed, 8 insertions(+), 2 deletions(-) + +--- a/fs/nfsd/nfs3proc.c ++++ b/fs/nfsd/nfs3proc.c +@@ -200,6 +200,11 @@ nfsd3_proc_write(struct svc_rqst *rqstp) + (unsigned long long) argp->offset, + argp->stable? " stable" : ""); + ++ resp->status = nfserr_fbig; ++ if (argp->offset > (u64)OFFSET_MAX || ++ argp->offset + argp->len > (u64)OFFSET_MAX) ++ return rpc_success; ++ + fh_copy(&resp->fh, &argp->fh); + resp->committed = argp->stable; + nvecs = svc_fill_write_vector(rqstp, rqstp->rq_arg.pages, +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -997,8 +997,9 @@ nfsd4_write(struct svc_rqst *rqstp, stru + unsigned long cnt; + int nvecs; + +- if (write->wr_offset >= OFFSET_MAX) +- return nfserr_inval; ++ if (write->wr_offset > (u64)OFFSET_MAX || ++ write->wr_offset + write->wr_buflen > (u64)OFFSET_MAX) ++ return nfserr_fbig; + + cnt = write->wr_buflen; + trace_nfsd_write_start(rqstp, &cstate->current_fh, diff --git a/queue-4.19/nfsd-fix-offset-type-in-i-o-trace-points.patch b/queue-4.19/nfsd-fix-offset-type-in-i-o-trace-points.patch new file mode 100644 index 00000000000..48ed21fc2cc --- /dev/null +++ b/queue-4.19/nfsd-fix-offset-type-in-i-o-trace-points.patch @@ -0,0 +1,59 @@ +From 6a4d333d540041d244b2fca29b8417bfde20af81 Mon Sep 17 00:00:00 2001 +From: Chuck Lever +Date: Fri, 4 Feb 2022 17:05:24 -0500 +Subject: NFSD: Fix offset type in I/O trace points + +From: Chuck Lever + +commit 6a4d333d540041d244b2fca29b8417bfde20af81 upstream. + +NFSv3 and NFSv4 use u64 offset values on the wire. Record these values +verbatim without the implicit type case to loff_t. + +Signed-off-by: Chuck Lever +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/trace.h | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- a/fs/nfsd/trace.h ++++ b/fs/nfsd/trace.h +@@ -53,14 +53,14 @@ TRACE_EVENT(nfsd_compound_status, + DECLARE_EVENT_CLASS(nfsd_io_class, + TP_PROTO(struct svc_rqst *rqstp, + struct svc_fh *fhp, +- loff_t offset, +- unsigned long len), ++ u64 offset, ++ u32 len), + TP_ARGS(rqstp, fhp, offset, len), + TP_STRUCT__entry( + __field(u32, xid) + __field(u32, fh_hash) +- __field(loff_t, offset) +- __field(unsigned long, len) ++ __field(u64, offset) ++ __field(u32, len) + ), + TP_fast_assign( + __entry->xid = be32_to_cpu(rqstp->rq_xid); +@@ -68,7 +68,7 @@ DECLARE_EVENT_CLASS(nfsd_io_class, + __entry->offset = offset; + __entry->len = len; + ), +- TP_printk("xid=0x%08x fh_hash=0x%08x offset=%lld len=%lu", ++ TP_printk("xid=0x%08x fh_hash=0x%08x offset=%llu len=%u", + __entry->xid, __entry->fh_hash, + __entry->offset, __entry->len) + ) +@@ -77,8 +77,8 @@ DECLARE_EVENT_CLASS(nfsd_io_class, + DEFINE_EVENT(nfsd_io_class, nfsd_##name, \ + TP_PROTO(struct svc_rqst *rqstp, \ + struct svc_fh *fhp, \ +- loff_t offset, \ +- unsigned long len), \ ++ u64 offset, \ ++ u32 len), \ + TP_ARGS(rqstp, fhp, offset, len)) + + DEFINE_NFSD_IO_EVENT(read_start);