From: Greg Kroah-Hartman Date: Fri, 24 Sep 2021 12:35:12 +0000 (+0200) Subject: 5.14-stable patches X-Git-Tag: v4.4.285~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=acb966ac1eef83b9c7ca8d3ef89610e8631369f4;p=thirdparty%2Fkernel%2Fstable-queue.git 5.14-stable patches added patches: drm-nouveau-nvkm-replace-enosys-with-enodev.patch selinux-smack-fix-subjective-objective-credential-use-mixups.patch --- diff --git a/queue-5.14/drm-nouveau-nvkm-replace-enosys-with-enodev.patch b/queue-5.14/drm-nouveau-nvkm-replace-enosys-with-enodev.patch new file mode 100644 index 00000000000..49af5e74d83 --- /dev/null +++ b/queue-5.14/drm-nouveau-nvkm-replace-enosys-with-enodev.patch @@ -0,0 +1,43 @@ +From e8f71f89236ef82d449991bfbc237e3cb6ea584f Mon Sep 17 00:00:00 2001 +From: Guenter Roeck +Date: Wed, 8 Sep 2021 12:08:17 -0700 +Subject: drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV + +From: Guenter Roeck + +commit e8f71f89236ef82d449991bfbc237e3cb6ea584f upstream. + +nvkm test builds fail with the following error. + + drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c: In function 'nvkm_control_mthd_pstate_info': + drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c:60:35: error: overflow in conversion from 'int' to '__s8' {aka 'signed char'} changes value from '-251' to '5' + +The code builds on most architectures, but fails on parisc where ENOSYS +is defined as 251. + +Replace the error code with -ENODEV (-19). The actual error code does +not really matter and is not passed to userspace - it just has to be +negative. + +Fixes: 7238eca4cf18 ("drm/nouveau: expose pstate selection per-power source in sysfs") +Signed-off-by: Guenter Roeck +Cc: Ben Skeggs +Cc: David Airlie +Cc: Daniel Vetter +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c ++++ b/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c +@@ -57,7 +57,7 @@ nvkm_control_mthd_pstate_info(struct nvk + args->v0.count = 0; + args->v0.ustate_ac = NVIF_CONTROL_PSTATE_INFO_V0_USTATE_DISABLE; + args->v0.ustate_dc = NVIF_CONTROL_PSTATE_INFO_V0_USTATE_DISABLE; +- args->v0.pwrsrc = -ENOSYS; ++ args->v0.pwrsrc = -ENODEV; + args->v0.pstate = NVIF_CONTROL_PSTATE_INFO_V0_PSTATE_UNKNOWN; + } + diff --git a/queue-5.14/selinux-smack-fix-subjective-objective-credential-use-mixups.patch b/queue-5.14/selinux-smack-fix-subjective-objective-credential-use-mixups.patch new file mode 100644 index 00000000000..08e24c3b0c0 --- /dev/null +++ b/queue-5.14/selinux-smack-fix-subjective-objective-credential-use-mixups.patch @@ -0,0 +1,80 @@ +From a3727a8bac0a9e77c70820655fd8715523ba3db7 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Thu, 23 Sep 2021 09:50:11 -0400 +Subject: selinux,smack: fix subjective/objective credential use mixups + +From: Paul Moore + +commit a3727a8bac0a9e77c70820655fd8715523ba3db7 upstream. + +Jann Horn reported a problem with commit eb1231f73c4d ("selinux: +clarify task subjective and objective credentials") where some LSM +hooks were attempting to access the subjective credentials of a task +other than the current task. Generally speaking, it is not safe to +access another task's subjective credentials and doing so can cause +a number of problems. + +Further, while looking into the problem, I realized that Smack was +suffering from a similar problem brought about by a similar commit +1fb057dcde11 ("smack: differentiate between subjective and objective +task credentials"). + +This patch addresses this problem by restoring the use of the task's +objective credentials in those cases where the task is other than the +current executing task. Not only does this resolve the problem +reported by Jann, it is arguably the correct thing to do in these +cases. + +Cc: stable@vger.kernel.org +Fixes: eb1231f73c4d ("selinux: clarify task subjective and objective credentials") +Fixes: 1fb057dcde11 ("smack: differentiate between subjective and objective task credentials") +Reported-by: Jann Horn +Acked-by: Eric W. Biederman +Acked-by: Casey Schaufler +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + security/selinux/hooks.c | 4 ++-- + security/smack/smack_lsm.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -2155,7 +2155,7 @@ static int selinux_ptrace_access_check(s + static int selinux_ptrace_traceme(struct task_struct *parent) + { + return avc_has_perm(&selinux_state, +- task_sid_subj(parent), task_sid_obj(current), ++ task_sid_obj(parent), task_sid_obj(current), + SECCLASS_PROCESS, PROCESS__PTRACE, NULL); + } + +@@ -6218,7 +6218,7 @@ static int selinux_msg_queue_msgrcv(stru + struct ipc_security_struct *isec; + struct msg_security_struct *msec; + struct common_audit_data ad; +- u32 sid = task_sid_subj(target); ++ u32 sid = task_sid_obj(target); + int rc; + + isec = selinux_ipc(msq); +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2016,7 +2016,7 @@ static int smk_curacc_on_task(struct tas + const char *caller) + { + struct smk_audit_info ad; +- struct smack_known *skp = smk_of_task_struct_subj(p); ++ struct smack_known *skp = smk_of_task_struct_obj(p); + int rc; + + smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK); +@@ -3480,7 +3480,7 @@ static void smack_d_instantiate(struct d + */ + static int smack_getprocattr(struct task_struct *p, char *name, char **value) + { +- struct smack_known *skp = smk_of_task_struct_subj(p); ++ struct smack_known *skp = smk_of_task_struct_obj(p); + char *cp; + int slen; + diff --git a/queue-5.14/series b/queue-5.14/series index 08522f556c2..d4e19666a95 100644 --- a/queue-5.14/series +++ b/queue-5.14/series @@ -96,3 +96,5 @@ rtc-rx8010-select-regmap_i2c.patch sched-idle-make-the-idle-timer-expire-in-hard-interr.patch cifs-properly-invalidate-cached-root-handle-when-clo.patch io_uring-fix-off-by-one-in-build_bug_on-check-of-__r.patch +selinux-smack-fix-subjective-objective-credential-use-mixups.patch +drm-nouveau-nvkm-replace-enosys-with-enodev.patch