From b6da06b60dc1aee8b9fd8e2f62ecd23bf54ee712 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 16 Mar 2020 15:05:36 +0100 Subject: [PATCH] 4.9-stable patches added patches: batman-adv-don-t-schedule-ogm-for-disabled-interface.patch netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch nl80211-add-missing-attribute-validation-for-channel-switch.patch nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch --- ...-schedule-ogm-for-disabled-interface.patch | 43 +++++++++++++++++++ ...ng-attribute-validation-for-cthelper.patch | 32 ++++++++++++++ ...alidation-for-beacon-report-scanning.patch | 33 ++++++++++++++ ...ribute-validation-for-channel-switch.patch | 32 ++++++++++++++ ...ion-for-critical-protocol-indication.patch | 33 ++++++++++++++ queue-4.9/series | 5 +++ 6 files changed, 178 insertions(+) create mode 100644 queue-4.9/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch create mode 100644 queue-4.9/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch create mode 100644 queue-4.9/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch create mode 100644 queue-4.9/nl80211-add-missing-attribute-validation-for-channel-switch.patch create mode 100644 queue-4.9/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch diff --git a/queue-4.9/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch b/queue-4.9/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch new file mode 100644 index 00000000000..bbb93535c57 --- /dev/null +++ b/queue-4.9/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch @@ -0,0 +1,43 @@ +From 8e8ce08198de193e3d21d42e96945216e3d9ac7f Mon Sep 17 00:00:00 2001 +From: Sven Eckelmann +Date: Sun, 16 Feb 2020 13:02:06 +0100 +Subject: batman-adv: Don't schedule OGM for disabled interface + +From: Sven Eckelmann + +commit 8e8ce08198de193e3d21d42e96945216e3d9ac7f upstream. + +A transmission scheduling for an interface which is currently dropped by +batadv_iv_ogm_iface_disable could still be in progress. The B.A.T.M.A.N. V +is simply cancelling the workqueue item in an synchronous way but this is +not possible with B.A.T.M.A.N. IV because the OGM submissions are +intertwined. + +Instead it has to stop submitting the OGM when it detect that the buffer +pointer is set to NULL. + +Reported-by: syzbot+a98f2016f40b9cd3818a@syzkaller.appspotmail.com +Reported-by: syzbot+ac36b6a33c28a491e929@syzkaller.appspotmail.com +Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol") +Signed-off-by: Sven Eckelmann +Cc: Hillf Danton +Signed-off-by: Simon Wunderlich +Signed-off-by: Greg Kroah-Hartman + +--- + net/batman-adv/bat_iv_ogm.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/net/batman-adv/bat_iv_ogm.c ++++ b/net/batman-adv/bat_iv_ogm.c +@@ -934,6 +934,10 @@ static void batadv_iv_ogm_schedule(struc + (hard_iface->if_status == BATADV_IF_TO_BE_REMOVED)) + return; + ++ /* interface already disabled by batadv_iv_ogm_iface_disable */ ++ if (!*ogm_buff) ++ return; ++ + /* the interface gets activated here to avoid race conditions between + * the moment of activating the interface in + * hardif_activate_interface() where the originator mac is set and diff --git a/queue-4.9/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch b/queue-4.9/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch new file mode 100644 index 00000000000..03becc8837b --- /dev/null +++ b/queue-4.9/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch @@ -0,0 +1,32 @@ +From c049b3450072b8e3998053490e025839fecfef31 Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:08:31 -0800 +Subject: netfilter: cthelper: add missing attribute validation for cthelper + +From: Jakub Kicinski + +commit c049b3450072b8e3998053490e025839fecfef31 upstream. + +Add missing attribute validation for cthelper +to the netlink policy. + +Fixes: 12f7a505331e ("netfilter: add user-space connection tracking helper infrastructure") +Signed-off-by: Jakub Kicinski +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nfnetlink_cthelper.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/netfilter/nfnetlink_cthelper.c ++++ b/net/netfilter/nfnetlink_cthelper.c +@@ -711,6 +711,8 @@ static const struct nla_policy nfnl_cthe + [NFCTH_NAME] = { .type = NLA_NUL_STRING, + .len = NF_CT_HELPER_NAME_LEN-1 }, + [NFCTH_QUEUE_NUM] = { .type = NLA_U32, }, ++ [NFCTH_PRIV_DATA_LEN] = { .type = NLA_U32, }, ++ [NFCTH_STATUS] = { .type = NLA_U32, }, + }; + + static const struct nfnl_callback nfnl_cthelper_cb[NFNL_MSG_CTHELPER_MAX] = { diff --git a/queue-4.9/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch b/queue-4.9/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch new file mode 100644 index 00000000000..096f4b3d245 --- /dev/null +++ b/queue-4.9/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch @@ -0,0 +1,33 @@ +From 056e9375e1f3c4bf2fd49b70258c7daf788ecd9d Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:10:57 -0800 +Subject: nl80211: add missing attribute validation for beacon report scanning + +From: Jakub Kicinski + +commit 056e9375e1f3c4bf2fd49b70258c7daf788ecd9d upstream. + +Add missing attribute validation for beacon report scanning +to the netlink policy. + +Fixes: 1d76250bd34a ("nl80211: support beacon report scanning") +Signed-off-by: Jakub Kicinski +Link: https://lore.kernel.org/r/20200303051058.4089398-3-kuba@kernel.org +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/nl80211.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -359,6 +359,8 @@ static const struct nla_policy nl80211_p + [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, + [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, + [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, ++ [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 }, ++ [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG }, + [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, + [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, + [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, diff --git a/queue-4.9/nl80211-add-missing-attribute-validation-for-channel-switch.patch b/queue-4.9/nl80211-add-missing-attribute-validation-for-channel-switch.patch new file mode 100644 index 00000000000..08fd69bf426 --- /dev/null +++ b/queue-4.9/nl80211-add-missing-attribute-validation-for-channel-switch.patch @@ -0,0 +1,32 @@ +From 5cde05c61cbe13cbb3fa66d52b9ae84f7975e5e6 Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:10:58 -0800 +Subject: nl80211: add missing attribute validation for channel switch + +From: Jakub Kicinski + +commit 5cde05c61cbe13cbb3fa66d52b9ae84f7975e5e6 upstream. + +Add missing attribute validation for NL80211_ATTR_OPER_CLASS +to the netlink policy. + +Fixes: 1057d35ede5d ("cfg80211: introduce TDLS channel switch commands") +Signed-off-by: Jakub Kicinski +Link: https://lore.kernel.org/r/20200303051058.4089398-4-kuba@kernel.org +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/nl80211.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -436,6 +436,7 @@ static const struct nla_policy nl80211_p + [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 }, + [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 }, + [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 }, ++ [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 }, + [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN }, + [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG }, + [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 }, diff --git a/queue-4.9/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch b/queue-4.9/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch new file mode 100644 index 00000000000..5d1e03f622e --- /dev/null +++ b/queue-4.9/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch @@ -0,0 +1,33 @@ +From 0e1a1d853ecedc99da9d27f9f5c376935547a0e2 Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:10:56 -0800 +Subject: nl80211: add missing attribute validation for critical protocol indication + +From: Jakub Kicinski + +commit 0e1a1d853ecedc99da9d27f9f5c376935547a0e2 upstream. + +Add missing attribute validation for critical protocol fields +to the netlink policy. + +Fixes: 5de17984898c ("cfg80211: introduce critical protocol indication from user-space") +Signed-off-by: Jakub Kicinski +Link: https://lore.kernel.org/r/20200303051058.4089398-2-kuba@kernel.org +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/nl80211.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -407,6 +407,8 @@ static const struct nla_policy nl80211_p + [NL80211_ATTR_MDID] = { .type = NLA_U16 }, + [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY, + .len = IEEE80211_MAX_DATA_LEN }, ++ [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 }, ++ [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = { .type = NLA_U16 }, + [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 }, + [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 }, + [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG }, diff --git a/queue-4.9/series b/queue-4.9/series index 18e9503ecee..b94408fab17 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -39,3 +39,8 @@ arc-define-__align_str-and-__align-symbols-for-arc.patch efi-fix-a-race-and-a-buffer-overflow-while-reading-efivars-via-sysfs.patch iommu-vt-d-dmar-replace-warn_taint-with-pr_warn-add_taint.patch iommu-vt-d-fix-a-bug-in-intel_iommu_iova_to_phys-for-huge-page.patch +batman-adv-don-t-schedule-ogm-for-disabled-interface.patch +nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch +nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch +nl80211-add-missing-attribute-validation-for-channel-switch.patch +netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch -- 2.47.3