From 259ae6c27dc790d72016133f0be4f1ba884bf111 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 11 Jan 2024 11:41:38 +0100 Subject: [PATCH] drop netlink-return-unsigned-value-for-nla_len.patch for now --- ...move-max_size-check-inline-with-ipv4.patch | 1 + ...nk-return-unsigned-value-for-nla_len.patch | 56 ------------------- queue-6.1/series | 1 - ...nk-return-unsigned-value-for-nla_len.patch | 56 ------------------- queue-6.6/series | 1 - ...nk-return-unsigned-value-for-nla_len.patch | 56 ------------------- queue-6.7/series | 1 - 7 files changed, 1 insertion(+), 171 deletions(-) delete mode 100644 queue-6.1/netlink-return-unsigned-value-for-nla_len.patch delete mode 100644 queue-6.6/netlink-return-unsigned-value-for-nla_len.patch delete mode 100644 queue-6.7/netlink-return-unsigned-value-for-nla_len.patch diff --git a/queue-6.1/ipv6-remove-max_size-check-inline-with-ipv4.patch b/queue-6.1/ipv6-remove-max_size-check-inline-with-ipv4.patch index f56f3b7fef0..4d71342dcef 100644 --- a/queue-6.1/ipv6-remove-max_size-check-inline-with-ipv4.patch +++ b/queue-6.1/ipv6-remove-max_size-check-inline-with-ipv4.patch @@ -109,6 +109,7 @@ Signed-off-by: Jon Maxwell Reviewed-by: David Ahern Link: https://lore.kernel.org/r/20230112012532.311021-1-jmaxwell37@gmail.com Signed-off-by: Jakub Kicinski +Cc: "Jitindar Singh, Suraj" Signed-off-by: Greg Kroah-Hartman --- include/net/dst_ops.h | 2 +- diff --git a/queue-6.1/netlink-return-unsigned-value-for-nla_len.patch b/queue-6.1/netlink-return-unsigned-value-for-nla_len.patch deleted file mode 100644 index cdf8876b5de..00000000000 --- a/queue-6.1/netlink-return-unsigned-value-for-nla_len.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 172db56d90d29e47e7d0d64885d5dbd92c87ec42 Mon Sep 17 00:00:00 2001 -From: Kees Cook -Date: Wed, 6 Dec 2023 12:59:07 -0800 -Subject: netlink: Return unsigned value for nla_len() - -From: Kees Cook - -commit 172db56d90d29e47e7d0d64885d5dbd92c87ec42 upstream. - -The return value from nla_len() is never expected to be negative, and can -never be more than struct nlattr::nla_len (a u16). Adjust the prototype -on the function. This will let GCC's value range optimization passes -know that the return can never be negative, and can never be larger than -u16. As recently discussed[1], this silences the following warning in -GCC 12+: - -net/wireless/nl80211.c: In function 'nl80211_set_cqm_rssi.isra': -net/wireless/nl80211.c:12892:17: warning: 'memcpy' specified bound 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=] -12892 | memcpy(cqm_config->rssi_thresholds, thresholds, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -12893 | flex_array_size(cqm_config, rssi_thresholds, - | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -12894 | n_thresholds)); - | ~~~~~~~~~~~~~~ - -A future change would be to clamp the subtraction to make sure it never -wraps around if nla_len is somehow less than NLA_HDRLEN, which would -have the additional benefit of being defensive in the face of nlattr -corruption or logic errors. - -Reported-by: kernel test robot -Closes: https://lore.kernel.org/oe-kbuild-all/202311090752.hWcJWAHL-lkp@intel.com/ [1] -Cc: Johannes Berg -Cc: Jeff Johnson -Cc: Michael Walle -Cc: Max Schulze -Link: https://lore.kernel.org/r/20231202202539.it.704-kees@kernel.org -Signed-off-by: Kees Cook -Link: https://lore.kernel.org/r/20231206205904.make.018-kees@kernel.org -Signed-off-by: Jakub Kicinski -Signed-off-by: Greg Kroah-Hartman ---- - include/net/netlink.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/include/net/netlink.h -+++ b/include/net/netlink.h -@@ -1181,7 +1181,7 @@ static inline void *nla_data(const struc - * nla_len - length of payload - * @nla: netlink attribute - */ --static inline int nla_len(const struct nlattr *nla) -+static inline u16 nla_len(const struct nlattr *nla) - { - return nla->nla_len - NLA_HDRLEN; - } diff --git a/queue-6.1/series b/queue-6.1/series index 905030412c9..00244dd8a67 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -1,3 +1,2 @@ nfsd-drop-the-nfsd_put-helper.patch -netlink-return-unsigned-value-for-nla_len.patch ipv6-remove-max_size-check-inline-with-ipv4.patch diff --git a/queue-6.6/netlink-return-unsigned-value-for-nla_len.patch b/queue-6.6/netlink-return-unsigned-value-for-nla_len.patch deleted file mode 100644 index fbb7edac071..00000000000 --- a/queue-6.6/netlink-return-unsigned-value-for-nla_len.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 172db56d90d29e47e7d0d64885d5dbd92c87ec42 Mon Sep 17 00:00:00 2001 -From: Kees Cook -Date: Wed, 6 Dec 2023 12:59:07 -0800 -Subject: netlink: Return unsigned value for nla_len() - -From: Kees Cook - -commit 172db56d90d29e47e7d0d64885d5dbd92c87ec42 upstream. - -The return value from nla_len() is never expected to be negative, and can -never be more than struct nlattr::nla_len (a u16). Adjust the prototype -on the function. This will let GCC's value range optimization passes -know that the return can never be negative, and can never be larger than -u16. As recently discussed[1], this silences the following warning in -GCC 12+: - -net/wireless/nl80211.c: In function 'nl80211_set_cqm_rssi.isra': -net/wireless/nl80211.c:12892:17: warning: 'memcpy' specified bound 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=] -12892 | memcpy(cqm_config->rssi_thresholds, thresholds, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -12893 | flex_array_size(cqm_config, rssi_thresholds, - | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -12894 | n_thresholds)); - | ~~~~~~~~~~~~~~ - -A future change would be to clamp the subtraction to make sure it never -wraps around if nla_len is somehow less than NLA_HDRLEN, which would -have the additional benefit of being defensive in the face of nlattr -corruption or logic errors. - -Reported-by: kernel test robot -Closes: https://lore.kernel.org/oe-kbuild-all/202311090752.hWcJWAHL-lkp@intel.com/ [1] -Cc: Johannes Berg -Cc: Jeff Johnson -Cc: Michael Walle -Cc: Max Schulze -Link: https://lore.kernel.org/r/20231202202539.it.704-kees@kernel.org -Signed-off-by: Kees Cook -Link: https://lore.kernel.org/r/20231206205904.make.018-kees@kernel.org -Signed-off-by: Jakub Kicinski -Signed-off-by: Greg Kroah-Hartman ---- - include/net/netlink.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/include/net/netlink.h -+++ b/include/net/netlink.h -@@ -1189,7 +1189,7 @@ static inline void *nla_data(const struc - * nla_len - length of payload - * @nla: netlink attribute - */ --static inline int nla_len(const struct nlattr *nla) -+static inline u16 nla_len(const struct nlattr *nla) - { - return nla->nla_len - NLA_HDRLEN; - } diff --git a/queue-6.6/series b/queue-6.6/series index 2e19a8a0538..baacf34191d 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -1,2 +1 @@ nfsd-drop-the-nfsd_put-helper.patch -netlink-return-unsigned-value-for-nla_len.patch diff --git a/queue-6.7/netlink-return-unsigned-value-for-nla_len.patch b/queue-6.7/netlink-return-unsigned-value-for-nla_len.patch deleted file mode 100644 index b93dbee3610..00000000000 --- a/queue-6.7/netlink-return-unsigned-value-for-nla_len.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 172db56d90d29e47e7d0d64885d5dbd92c87ec42 Mon Sep 17 00:00:00 2001 -From: Kees Cook -Date: Wed, 6 Dec 2023 12:59:07 -0800 -Subject: netlink: Return unsigned value for nla_len() - -From: Kees Cook - -commit 172db56d90d29e47e7d0d64885d5dbd92c87ec42 upstream. - -The return value from nla_len() is never expected to be negative, and can -never be more than struct nlattr::nla_len (a u16). Adjust the prototype -on the function. This will let GCC's value range optimization passes -know that the return can never be negative, and can never be larger than -u16. As recently discussed[1], this silences the following warning in -GCC 12+: - -net/wireless/nl80211.c: In function 'nl80211_set_cqm_rssi.isra': -net/wireless/nl80211.c:12892:17: warning: 'memcpy' specified bound 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=] -12892 | memcpy(cqm_config->rssi_thresholds, thresholds, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -12893 | flex_array_size(cqm_config, rssi_thresholds, - | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -12894 | n_thresholds)); - | ~~~~~~~~~~~~~~ - -A future change would be to clamp the subtraction to make sure it never -wraps around if nla_len is somehow less than NLA_HDRLEN, which would -have the additional benefit of being defensive in the face of nlattr -corruption or logic errors. - -Reported-by: kernel test robot -Closes: https://lore.kernel.org/oe-kbuild-all/202311090752.hWcJWAHL-lkp@intel.com/ [1] -Cc: Johannes Berg -Cc: Jeff Johnson -Cc: Michael Walle -Cc: Max Schulze -Link: https://lore.kernel.org/r/20231202202539.it.704-kees@kernel.org -Signed-off-by: Kees Cook -Link: https://lore.kernel.org/r/20231206205904.make.018-kees@kernel.org -Signed-off-by: Jakub Kicinski -Signed-off-by: Greg Kroah-Hartman ---- - include/net/netlink.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/include/net/netlink.h -+++ b/include/net/netlink.h -@@ -1200,7 +1200,7 @@ static inline void *nla_data(const struc - * nla_len - length of payload - * @nla: netlink attribute - */ --static inline int nla_len(const struct nlattr *nla) -+static inline u16 nla_len(const struct nlattr *nla) - { - return nla->nla_len - NLA_HDRLEN; - } diff --git a/queue-6.7/series b/queue-6.7/series index d58f7843c31..e69de29bb2d 100644 --- a/queue-6.7/series +++ b/queue-6.7/series @@ -1 +0,0 @@ -netlink-return-unsigned-value-for-nla_len.patch -- 2.47.3