From cb16208ae5288263e617bd13a8392dcff1e0a623 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 11 Feb 2022 10:19:26 +0100 Subject: [PATCH] 4.9-stable patches added patches: ima-remove-ima_policy-file-before-directory.patch integrity-check-the-return-value-of-audit_log_start.patch nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch nfsd-clamp-write-offsets.patch --- queue-4.14/series | 7 +++ queue-4.19/series | 8 +++ ...ove-ima_policy-file-before-directory.patch | 37 ++++++++++++++ ...-the-return-value-of-audit_log_start.patch | 33 ++++++++++++ ...isation-of-nfs_client-cl_flags-field.patch | 41 +++++++++++++++ queue-4.9/nfsd-clamp-write-offsets.patch | 51 +++++++++++++++++++ queue-4.9/series | 4 ++ queue-5.10/series | 11 ++++ queue-5.15/series | 17 +++++++ queue-5.4/series | 10 ++++ 10 files changed, 219 insertions(+) create mode 100644 queue-4.14/series create mode 100644 queue-4.19/series create mode 100644 queue-4.9/ima-remove-ima_policy-file-before-directory.patch create mode 100644 queue-4.9/integrity-check-the-return-value-of-audit_log_start.patch create mode 100644 queue-4.9/nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch create mode 100644 queue-4.9/nfsd-clamp-write-offsets.patch create mode 100644 queue-4.9/series create mode 100644 queue-5.10/series create mode 100644 queue-5.15/series create mode 100644 queue-5.4/series diff --git a/queue-4.14/series b/queue-4.14/series new file mode 100644 index 00000000000..792c6dbc71f --- /dev/null +++ b/queue-4.14/series @@ -0,0 +1,7 @@ +integrity-check-the-return-value-of-audit_log_start.patch +ima-remove-ima_policy-file-before-directory.patch +ima-allow-template-selection-with-ima_template-after-ima_hash.patch +mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch +net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch +nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch +nfsd-clamp-write-offsets.patch diff --git a/queue-4.19/series b/queue-4.19/series new file mode 100644 index 00000000000..711a27afdc2 --- /dev/null +++ b/queue-4.19/series @@ -0,0 +1,8 @@ +integrity-check-the-return-value-of-audit_log_start.patch +ima-remove-ima_policy-file-before-directory.patch +ima-allow-template-selection-with-ima_template-after-ima_hash.patch +mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch +net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch +nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch +nfsd-clamp-write-offsets.patch +nfsd-fix-offset-type-in-i-o-trace-points.patch diff --git a/queue-4.9/ima-remove-ima_policy-file-before-directory.patch b/queue-4.9/ima-remove-ima_policy-file-before-directory.patch new file mode 100644 index 00000000000..458c5da0384 --- /dev/null +++ b/queue-4.9/ima-remove-ima_policy-file-before-directory.patch @@ -0,0 +1,37 @@ +From f7333b9572d0559e00352a926c92f29f061b4569 Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Tue, 25 Jan 2022 17:46:23 -0500 +Subject: ima: Remove ima_policy file before directory + +From: Stefan Berger + +commit f7333b9572d0559e00352a926c92f29f061b4569 upstream. + +The removal of ima_dir currently fails since ima_policy still exists, so +remove the ima_policy file before removing the directory. + +Fixes: 4af4662fa4a9 ("integrity: IMA policy") +Signed-off-by: Stefan Berger +Cc: +Acked-by: Christian Brauner +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman +--- + security/integrity/ima/ima_fs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/security/integrity/ima/ima_fs.c ++++ b/security/integrity/ima/ima_fs.c +@@ -477,11 +477,11 @@ int __init ima_fs_init(void) + + return 0; + out: ++ securityfs_remove(ima_policy); + securityfs_remove(violations); + securityfs_remove(runtime_measurements_count); + securityfs_remove(ascii_runtime_measurements); + securityfs_remove(binary_runtime_measurements); + securityfs_remove(ima_dir); +- securityfs_remove(ima_policy); + return -1; + } diff --git a/queue-4.9/integrity-check-the-return-value-of-audit_log_start.patch b/queue-4.9/integrity-check-the-return-value-of-audit_log_start.patch new file mode 100644 index 00000000000..e0fb30cfe9e --- /dev/null +++ b/queue-4.9/integrity-check-the-return-value-of-audit_log_start.patch @@ -0,0 +1,33 @@ +From 83230351c523b04ff8a029a4bdf97d881ecb96fc Mon Sep 17 00:00:00 2001 +From: Xiaoke Wang +Date: Sat, 15 Jan 2022 09:11:11 +0800 +Subject: integrity: check the return value of audit_log_start() + +From: Xiaoke Wang + +commit 83230351c523b04ff8a029a4bdf97d881ecb96fc upstream. + +audit_log_start() returns audit_buffer pointer on success or NULL on +error, so it is better to check the return value of it. + +Fixes: 3323eec921ef ("integrity: IMA as an integrity service provider") +Signed-off-by: Xiaoke Wang +Cc: +Reviewed-by: Paul Moore +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman +--- + security/integrity/integrity_audit.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/security/integrity/integrity_audit.c ++++ b/security/integrity/integrity_audit.c +@@ -39,6 +39,8 @@ void integrity_audit_msg(int audit_msgno + return; + + ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno); ++ if (!ab) ++ return; + audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", + task_pid_nr(current), + from_kuid(&init_user_ns, current_cred()->uid), diff --git a/queue-4.9/nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch b/queue-4.9/nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch new file mode 100644 index 00000000000..3ff418a6791 --- /dev/null +++ b/queue-4.9/nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch @@ -0,0 +1,41 @@ +From 468d126dab45718feeb728319be20bd869a5eaa7 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Wed, 2 Feb 2022 18:52:01 -0500 +Subject: NFS: Fix initialisation of nfs_client cl_flags field + +From: Trond Myklebust + +commit 468d126dab45718feeb728319be20bd869a5eaa7 upstream. + +For some long forgotten reason, the nfs_client cl_flags field is +initialised in nfs_get_client() instead of being initialised at +allocation time. This quirk was harmless until we moved the call to +nfs_create_rpc_client(). + +Fixes: dd99e9f98fbf ("NFSv4: Initialise connection to the server in nfs4_alloc_client()") +Cc: stable@vger.kernel.org # 4.8.x +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfs/client.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/client.c ++++ b/fs/nfs/client.c +@@ -179,6 +179,7 @@ struct nfs_client *nfs_alloc_client(cons + INIT_LIST_HEAD(&clp->cl_superblocks); + clp->cl_rpcclient = ERR_PTR(-EINVAL); + ++ clp->cl_flags = cl_init->init_flags; + clp->cl_proto = cl_init->proto; + clp->cl_net = get_net(cl_init->net); + +@@ -400,7 +401,6 @@ nfs_get_client(const struct nfs_client_i + list_add_tail(&new->cl_share_link, + &nn->nfs_client_list); + spin_unlock(&nn->nfs_client_lock); +- new->cl_flags = cl_init->init_flags; + return rpc_ops->init_client(new, cl_init); + } + diff --git a/queue-4.9/nfsd-clamp-write-offsets.patch b/queue-4.9/nfsd-clamp-write-offsets.patch new file mode 100644 index 00000000000..0db03d39a34 --- /dev/null +++ b/queue-4.9/nfsd-clamp-write-offsets.patch @@ -0,0 +1,51 @@ +From 6260d9a56ab352b54891ec66ab0eced57d55abc6 Mon Sep 17 00:00:00 2001 +From: Chuck Lever +Date: Tue, 25 Jan 2022 16:36:22 -0500 +Subject: NFSD: Clamp WRITE offsets + +From: Chuck Lever + +commit 6260d9a56ab352b54891ec66ab0eced57d55abc6 upstream. + +Ensure that a client cannot specify a WRITE range that falls in a +byte range outside what the kernel's internal types (such as loff_t, +which is signed) can represent. The kiocb iterators, invoked in +nfsd_vfs_write(), should properly limit write operations to within +the underlying file system's s_maxbytes. + +Cc: stable@vger.kernel.org +Signed-off-by: Chuck Lever +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/nfs3proc.c | 5 +++++ + fs/nfsd/nfs4proc.c | 5 +++-- + 2 files changed, 8 insertions(+), 2 deletions(-) + +--- a/fs/nfsd/nfs3proc.c ++++ b/fs/nfsd/nfs3proc.c +@@ -191,6 +191,11 @@ nfsd3_proc_write(struct svc_rqst *rqstp, + (unsigned long long) argp->offset, + argp->stable? " stable" : ""); + ++ resp->status = nfserr_fbig; ++ if (argp->offset > (u64)OFFSET_MAX || ++ argp->offset + argp->len > (u64)OFFSET_MAX) ++ return rpc_success; ++ + fh_copy(&resp->fh, &argp->fh); + resp->committed = argp->stable; + nfserr = nfsd_write(rqstp, &resp->fh, NULL, +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -982,8 +982,9 @@ nfsd4_write(struct svc_rqst *rqstp, stru + unsigned long cnt; + int nvecs; + +- if (write->wr_offset >= OFFSET_MAX) +- return nfserr_inval; ++ if (write->wr_offset > (u64)OFFSET_MAX || ++ write->wr_offset + write->wr_buflen > (u64)OFFSET_MAX) ++ return nfserr_fbig; + + status = nfs4_preprocess_stateid_op(rqstp, cstate, &cstate->current_fh, + stateid, WR_STATE, &filp, NULL); diff --git a/queue-4.9/series b/queue-4.9/series new file mode 100644 index 00000000000..ed743c7c537 --- /dev/null +++ b/queue-4.9/series @@ -0,0 +1,4 @@ +integrity-check-the-return-value-of-audit_log_start.patch +ima-remove-ima_policy-file-before-directory.patch +nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch +nfsd-clamp-write-offsets.patch diff --git a/queue-5.10/series b/queue-5.10/series new file mode 100644 index 00000000000..6630e708b09 --- /dev/null +++ b/queue-5.10/series @@ -0,0 +1,11 @@ +integrity-check-the-return-value-of-audit_log_start.patch +ima-remove-ima_policy-file-before-directory.patch +ima-allow-template-selection-with-ima_template-after-ima_hash.patch +ima-do-not-print-policy-rule-with-inactive-lsm-labels.patch +mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch +can-isotp-fix-potential-can-frame-reception-race-in-isotp_rcv.patch +net-phy-marvell-fix-rgmii-tx-rx-delays-setting-in-88e1121-compatible-phys.patch +net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch +nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch +nfsd-clamp-write-offsets.patch +nfsd-fix-offset-type-in-i-o-trace-points.patch diff --git a/queue-5.15/series b/queue-5.15/series new file mode 100644 index 00000000000..065dbe6787d --- /dev/null +++ b/queue-5.15/series @@ -0,0 +1,17 @@ +integrity-check-the-return-value-of-audit_log_start.patch +ima-fix-reference-leak-in-asymmetric_verify.patch +ima-remove-ima_policy-file-before-directory.patch +ima-allow-template-selection-with-ima_template-after-ima_hash.patch +ima-do-not-print-policy-rule-with-inactive-lsm-labels.patch +mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch +mmc-core-wait-for-command-setting-power-off-notification-bit-to-complete.patch +can-isotp-fix-potential-can-frame-reception-race-in-isotp_rcv.patch +can-isotp-fix-error-path-in-isotp_sendmsg-to-unlock-wait-queue.patch +net-phy-marvell-fix-rgmii-tx-rx-delays-setting-in-88e1121-compatible-phys.patch +net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch +nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch +nfsd-fix-nfsv3-setattr-create-s-handling-of-large-file-sizes.patch +nfsd-fix-ia_size-underflow.patch +nfsd-clamp-write-offsets.patch +nfsd-fix-offset-type-in-i-o-trace-points.patch +nfsd-fix-the-behavior-of-read-near-offset_max.patch diff --git a/queue-5.4/series b/queue-5.4/series new file mode 100644 index 00000000000..11badd5bcda --- /dev/null +++ b/queue-5.4/series @@ -0,0 +1,10 @@ +integrity-check-the-return-value-of-audit_log_start.patch +ima-remove-ima_policy-file-before-directory.patch +ima-allow-template-selection-with-ima_template-after-ima_hash.patch +ima-do-not-print-policy-rule-with-inactive-lsm-labels.patch +mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch +net-phy-marvell-fix-rgmii-tx-rx-delays-setting-in-88e1121-compatible-phys.patch +net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch +nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch +nfsd-clamp-write-offsets.patch +nfsd-fix-offset-type-in-i-o-trace-points.patch -- 2.47.3