From: Greg Kroah-Hartman Date: Tue, 3 Mar 2020 10:51:24 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v4.19.108~42 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=92dc2822be43cccf8ad00c2c2ba905b79b31427c;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: include-linux-bitops.h-introduce-bits_per_type.patch net-netlink-cap-max-groups-which-will-be-considered-in-netlink_bind.patch --- diff --git a/queue-4.4/include-linux-bitops.h-introduce-bits_per_type.patch b/queue-4.4/include-linux-bitops.h-introduce-bits_per_type.patch new file mode 100644 index 00000000000..079ec9d7fc5 --- /dev/null +++ b/queue-4.4/include-linux-bitops.h-introduce-bits_per_type.patch @@ -0,0 +1,42 @@ +From 9144d75e22cad3c89e6b2ccab551db9ee28d250a Mon Sep 17 00:00:00 2001 +From: Chris Wilson +Date: Tue, 21 Aug 2018 21:57:03 -0700 +Subject: include/linux/bitops.h: introduce BITS_PER_TYPE + +From: Chris Wilson + +commit 9144d75e22cad3c89e6b2ccab551db9ee28d250a upstream. + +net_dim.h has a rather useful extension to BITS_PER_BYTE to compute the +number of bits in a type (BITS_PER_BYTE * sizeof(T)), so promote the macro +to bitops.h, alongside BITS_PER_BYTE, for wider usage. + +Link: http://lkml.kernel.org/r/20180706094458.14116-1-chris@chris-wilson.co.uk +Signed-off-by: Chris Wilson +Reviewed-by: Jani Nikula +Cc: Randy Dunlap +Cc: Andy Gospodarek +Cc: David S. Miller +Cc: Thomas Gleixner +Cc: Ingo Molnar +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +[only take the bitops.h portion for stable kernels - gregkh] +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/bitops.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/include/linux/bitops.h ++++ b/include/linux/bitops.h +@@ -3,7 +3,8 @@ + #include + #include + +-#define BITS_TO_LONGS(nr) DIV_ROUND_UP(nr, BITS_PER_BYTE * sizeof(long)) ++#define BITS_PER_TYPE(type) (sizeof(type) * BITS_PER_BYTE) ++#define BITS_TO_LONGS(nr) DIV_ROUND_UP(nr, BITS_PER_TYPE(long)) + + extern unsigned int __sw_hweight8(unsigned int w); + extern unsigned int __sw_hweight16(unsigned int w); diff --git a/queue-4.4/net-netlink-cap-max-groups-which-will-be-considered-in-netlink_bind.patch b/queue-4.4/net-netlink-cap-max-groups-which-will-be-considered-in-netlink_bind.patch new file mode 100644 index 00000000000..321da04b663 --- /dev/null +++ b/queue-4.4/net-netlink-cap-max-groups-which-will-be-considered-in-netlink_bind.patch @@ -0,0 +1,53 @@ +From 3a20773beeeeadec41477a5ba872175b778ff752 Mon Sep 17 00:00:00 2001 +From: Nikolay Aleksandrov +Date: Thu, 20 Feb 2020 16:42:13 +0200 +Subject: net: netlink: cap max groups which will be considered in netlink_bind() + +From: Nikolay Aleksandrov + +commit 3a20773beeeeadec41477a5ba872175b778ff752 upstream. + +Since nl_groups is a u32 we can't bind more groups via ->bind +(netlink_bind) call, but netlink has supported more groups via +setsockopt() for a long time and thus nlk->ngroups could be over 32. +Recently I added support for per-vlan notifications and increased the +groups to 33 for NETLINK_ROUTE which exposed an old bug in the +netlink_bind() code causing out-of-bounds access on archs where unsigned +long is 32 bits via test_bit() on a local variable. Fix this by capping the +maximum groups in netlink_bind() to BITS_PER_TYPE(u32), effectively +capping them at 32 which is the minimum of allocated groups and the +maximum groups which can be bound via netlink_bind(). + +CC: Christophe Leroy +CC: Richard Guy Briggs +Fixes: 4f520900522f ("netlink: have netlink per-protocol bind function return an error code.") +Reported-by: Erhard F. +Signed-off-by: Nikolay Aleksandrov +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/netlink/af_netlink.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/net/netlink/af_netlink.c ++++ b/net/netlink/af_netlink.c +@@ -1003,7 +1003,8 @@ static int netlink_bind(struct socket *s + if (nlk->netlink_bind && groups) { + int group; + +- for (group = 0; group < nlk->ngroups; group++) { ++ /* nl_groups is a u32, so cap the maximum groups we can bind */ ++ for (group = 0; group < BITS_PER_TYPE(u32); group++) { + if (!test_bit(group, &groups)) + continue; + err = nlk->netlink_bind(net, group + 1); +@@ -1022,7 +1023,7 @@ static int netlink_bind(struct socket *s + netlink_insert(sk, nladdr->nl_pid) : + netlink_autobind(sock); + if (err) { +- netlink_undo_bind(nlk->ngroups, groups, sk); ++ netlink_undo_bind(BITS_PER_TYPE(u32), groups, sk); + return err; + } + } diff --git a/queue-4.4/net-phy-restore-mdio-regs-in-the-iproc-mdio-driver.patch b/queue-4.4/net-phy-restore-mdio-regs-in-the-iproc-mdio-driver.patch index b73f85cd763..c080ff5315c 100644 --- a/queue-4.4/net-phy-restore-mdio-regs-in-the-iproc-mdio-driver.patch +++ b/queue-4.4/net-phy-restore-mdio-regs-in-the-iproc-mdio-driver.patch @@ -5,6 +5,8 @@ Subject: net: phy: restore mdio regs in the iproc mdio driver From: Arun Parameswaran +commit 6f08e98d62799e53c89dbf2c9a49d77e20ca648c upstream. + The mii management register in iproc mdio block does not have a retention register so it is lost on suspend. Save and restore value of register while resuming from suspend. diff --git a/queue-4.4/series b/queue-4.4/series index b1b14fda449..db20d35caca 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -25,3 +25,5 @@ hid-hiddev-fix-race-in-in-hiddev_disconnect.patch mips-vpe-fix-a-double-free-and-a-memory-leak-in-release_vpe.patch i2c-jz4780-silence-log-flood-on-txabrt.patch ecryptfs-fix-up-bad-backport-of-fe2e082f5da5b4a0a92ae32978f81507ef37ec66.patch +include-linux-bitops.h-introduce-bits_per_type.patch +net-netlink-cap-max-groups-which-will-be-considered-in-netlink_bind.patch