From: Greg Kroah-Hartman Date: Thu, 16 Aug 2018 15:18:10 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v3.18.119~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8aa421a9908a2b243a0808f4f044dd9cacd00919;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: kasan-don-t-emit-builtin-calls-when-sanitization-is-off.patch tcp-fix-missing-range_truesize-enlargement-in-the-backport.patch --- diff --git a/queue-4.4/kasan-don-t-emit-builtin-calls-when-sanitization-is-off.patch b/queue-4.4/kasan-don-t-emit-builtin-calls-when-sanitization-is-off.patch new file mode 100644 index 00000000000..20ce720b478 --- /dev/null +++ b/queue-4.4/kasan-don-t-emit-builtin-calls-when-sanitization-is-off.patch @@ -0,0 +1,77 @@ +From 0e410e158e5baa1300bdf678cea4f4e0cf9d8b94 Mon Sep 17 00:00:00 2001 +From: Andrey Konovalov +Date: Tue, 6 Feb 2018 15:36:00 -0800 +Subject: kasan: don't emit builtin calls when sanitization is off + +From: Andrey Konovalov + +commit 0e410e158e5baa1300bdf678cea4f4e0cf9d8b94 upstream. + +With KASAN enabled the kernel has two different memset() functions, one +with KASAN checks (memset) and one without (__memset). KASAN uses some +macro tricks to use the proper version where required. For example +memset() calls in mm/slub.c are without KASAN checks, since they operate +on poisoned slab object metadata. + +The issue is that clang emits memset() calls even when there is no +memset() in the source code. They get linked with improper memset() +implementation and the kernel fails to boot due to a huge amount of KASAN +reports during early boot stages. + +The solution is to add -fno-builtin flag for files with KASAN_SANITIZE := +n marker. + +Link: http://lkml.kernel.org/r/8ffecfffe04088c52c42b92739c2bd8a0bcb3f5e.1516384594.git.andreyknvl@google.com +Signed-off-by: Andrey Konovalov +Acked-by: Nick Desaulniers +Cc: Masahiro Yamada +Cc: Michal Marek +Cc: Andrey Ryabinin +Cc: Alexander Potapenko +Cc: Dmitry Vyukov +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +[ Nick : Backported to 4.4 avoiding KUBSAN ] +Signed-off-by: Nick Desaulniers +Signed-off-by: Greg Kroah-Hartman + +--- + Makefile | 3 ++- + scripts/Makefile.kasan | 3 +++ + scripts/Makefile.lib | 2 +- + 3 files changed, 6 insertions(+), 2 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -418,7 +418,8 @@ export MAKE AWK GENKSYMS INSTALLKERNEL P + export HOSTCXX HOSTCXXFLAGS LDFLAGS_MODULE CHECK CHECKFLAGS + + export KBUILD_CPPFLAGS NOSTDINC_FLAGS LINUXINCLUDE OBJCOPYFLAGS LDFLAGS +-export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_GCOV CFLAGS_KASAN ++export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_GCOV ++export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE + export KBUILD_AFLAGS AFLAGS_KERNEL AFLAGS_MODULE + export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE + export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL +--- a/scripts/Makefile.kasan ++++ b/scripts/Makefile.kasan +@@ -28,4 +28,7 @@ else + CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL) + endif + endif ++ ++CFLAGS_KASAN_NOSANITIZE := -fno-builtin ++ + endif +--- a/scripts/Makefile.lib ++++ b/scripts/Makefile.lib +@@ -126,7 +126,7 @@ endif + ifeq ($(CONFIG_KASAN),y) + _c_flags += $(if $(patsubst n%,, \ + $(KASAN_SANITIZE_$(basetarget).o)$(KASAN_SANITIZE)y), \ +- $(CFLAGS_KASAN)) ++ $(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE)) + endif + + # If building the kernel in a separate objtree expand all occurrences diff --git a/queue-4.4/series b/queue-4.4/series index 2eedfd15b12..d344d7e2845 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -1 +1,3 @@ x86-mm-disable-ioremap-free-page-handling-on-x86-pae.patch +tcp-fix-missing-range_truesize-enlargement-in-the-backport.patch +kasan-don-t-emit-builtin-calls-when-sanitization-is-off.patch diff --git a/queue-4.4/tcp-fix-missing-range_truesize-enlargement-in-the-backport.patch b/queue-4.4/tcp-fix-missing-range_truesize-enlargement-in-the-backport.patch new file mode 100644 index 00000000000..ba0de7bc76d --- /dev/null +++ b/queue-4.4/tcp-fix-missing-range_truesize-enlargement-in-the-backport.patch @@ -0,0 +1,42 @@ +From tiwai@suse.de Thu Aug 16 17:16:07 2018 +From: Takashi Iwai +Date: Wed, 15 Aug 2018 11:58:46 +0200 +Subject: tcp: Fix missing range_truesize enlargement in the backport +To: Greg Kroah-Hartman +Cc: stable@vger.kernel.org, Eric Dumazet , "David S . Miller" , linux-kernel@vger.kernel.org, Michal Kubecek , Jiri Bohac +Message-ID: <20180815095846.7734-1-tiwai@suse.de> + +From: Takashi Iwai + +The 4.4.y stable backport dc6ae4dffd65 for the upstream commit +3d4bf93ac120 ("tcp: detect malicious patterns in +tcp_collapse_ofo_queue()") missed a line that enlarges the +range_truesize value, which broke the whole check. + +Fixes: dc6ae4dffd65 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") +Signed-off-by: Takashi Iwai +Cc: Michal Kubecek +--- + +Greg, this is a fix-up specific to 4.4.y stable backport that had a +slightly different form from upstream fix. I haven't looked at the +older trees, but 4.9.y and later took the upstream fix as is, so this +patch isn't needed for them. + +The patch hasn't been tested with the real test case, though; let me +know if the current code is intended. Thanks! + + + net/ipv4/tcp_input.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -4835,6 +4835,7 @@ static void tcp_collapse_ofo_queue(struc + end = TCP_SKB_CB(skb)->end_seq; + range_truesize = skb->truesize; + } else { ++ range_truesize += skb->truesize; + if (before(TCP_SKB_CB(skb)->seq, start)) + start = TCP_SKB_CB(skb)->seq; + if (after(TCP_SKB_CB(skb)->end_seq, end))