--- /dev/null
+integrity-check-the-return-value-of-audit_log_start.patch
+ima-remove-ima_policy-file-before-directory.patch
+ima-allow-template-selection-with-ima_template-after-ima_hash.patch
+mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch
+net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch
+nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch
+nfsd-clamp-write-offsets.patch
--- /dev/null
+integrity-check-the-return-value-of-audit_log_start.patch
+ima-remove-ima_policy-file-before-directory.patch
+ima-allow-template-selection-with-ima_template-after-ima_hash.patch
+mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch
+net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch
+nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch
+nfsd-clamp-write-offsets.patch
+nfsd-fix-offset-type-in-i-o-trace-points.patch
--- /dev/null
+From f7333b9572d0559e00352a926c92f29f061b4569 Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.ibm.com>
+Date: Tue, 25 Jan 2022 17:46:23 -0500
+Subject: ima: Remove ima_policy file before directory
+
+From: Stefan Berger <stefanb@linux.ibm.com>
+
+commit f7333b9572d0559e00352a926c92f29f061b4569 upstream.
+
+The removal of ima_dir currently fails since ima_policy still exists, so
+remove the ima_policy file before removing the directory.
+
+Fixes: 4af4662fa4a9 ("integrity: IMA policy")
+Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
+Cc: <stable@vger.kernel.org>
+Acked-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ security/integrity/ima/ima_fs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/security/integrity/ima/ima_fs.c
++++ b/security/integrity/ima/ima_fs.c
+@@ -477,11 +477,11 @@ int __init ima_fs_init(void)
+
+ return 0;
+ out:
++ securityfs_remove(ima_policy);
+ securityfs_remove(violations);
+ securityfs_remove(runtime_measurements_count);
+ securityfs_remove(ascii_runtime_measurements);
+ securityfs_remove(binary_runtime_measurements);
+ securityfs_remove(ima_dir);
+- securityfs_remove(ima_policy);
+ return -1;
+ }
--- /dev/null
+From 83230351c523b04ff8a029a4bdf97d881ecb96fc Mon Sep 17 00:00:00 2001
+From: Xiaoke Wang <xkernel.wang@foxmail.com>
+Date: Sat, 15 Jan 2022 09:11:11 +0800
+Subject: integrity: check the return value of audit_log_start()
+
+From: Xiaoke Wang <xkernel.wang@foxmail.com>
+
+commit 83230351c523b04ff8a029a4bdf97d881ecb96fc upstream.
+
+audit_log_start() returns audit_buffer pointer on success or NULL on
+error, so it is better to check the return value of it.
+
+Fixes: 3323eec921ef ("integrity: IMA as an integrity service provider")
+Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ security/integrity/integrity_audit.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/security/integrity/integrity_audit.c
++++ b/security/integrity/integrity_audit.c
+@@ -39,6 +39,8 @@ void integrity_audit_msg(int audit_msgno
+ return;
+
+ ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
++ if (!ab)
++ return;
+ audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
+ task_pid_nr(current),
+ from_kuid(&init_user_ns, current_cred()->uid),
--- /dev/null
+From 468d126dab45718feeb728319be20bd869a5eaa7 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Wed, 2 Feb 2022 18:52:01 -0500
+Subject: NFS: Fix initialisation of nfs_client cl_flags field
+
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+
+commit 468d126dab45718feeb728319be20bd869a5eaa7 upstream.
+
+For some long forgotten reason, the nfs_client cl_flags field is
+initialised in nfs_get_client() instead of being initialised at
+allocation time. This quirk was harmless until we moved the call to
+nfs_create_rpc_client().
+
+Fixes: dd99e9f98fbf ("NFSv4: Initialise connection to the server in nfs4_alloc_client()")
+Cc: stable@vger.kernel.org # 4.8.x
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfs/client.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfs/client.c
++++ b/fs/nfs/client.c
+@@ -179,6 +179,7 @@ struct nfs_client *nfs_alloc_client(cons
+ INIT_LIST_HEAD(&clp->cl_superblocks);
+ clp->cl_rpcclient = ERR_PTR(-EINVAL);
+
++ clp->cl_flags = cl_init->init_flags;
+ clp->cl_proto = cl_init->proto;
+ clp->cl_net = get_net(cl_init->net);
+
+@@ -400,7 +401,6 @@ nfs_get_client(const struct nfs_client_i
+ list_add_tail(&new->cl_share_link,
+ &nn->nfs_client_list);
+ spin_unlock(&nn->nfs_client_lock);
+- new->cl_flags = cl_init->init_flags;
+ return rpc_ops->init_client(new, cl_init);
+ }
+
--- /dev/null
+From 6260d9a56ab352b54891ec66ab0eced57d55abc6 Mon Sep 17 00:00:00 2001
+From: Chuck Lever <chuck.lever@oracle.com>
+Date: Tue, 25 Jan 2022 16:36:22 -0500
+Subject: NFSD: Clamp WRITE offsets
+
+From: Chuck Lever <chuck.lever@oracle.com>
+
+commit 6260d9a56ab352b54891ec66ab0eced57d55abc6 upstream.
+
+Ensure that a client cannot specify a WRITE range that falls in a
+byte range outside what the kernel's internal types (such as loff_t,
+which is signed) can represent. The kiocb iterators, invoked in
+nfsd_vfs_write(), should properly limit write operations to within
+the underlying file system's s_maxbytes.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/nfs3proc.c | 5 +++++
+ fs/nfsd/nfs4proc.c | 5 +++--
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+--- a/fs/nfsd/nfs3proc.c
++++ b/fs/nfsd/nfs3proc.c
+@@ -191,6 +191,11 @@ nfsd3_proc_write(struct svc_rqst *rqstp,
+ (unsigned long long) argp->offset,
+ argp->stable? " stable" : "");
+
++ resp->status = nfserr_fbig;
++ if (argp->offset > (u64)OFFSET_MAX ||
++ argp->offset + argp->len > (u64)OFFSET_MAX)
++ return rpc_success;
++
+ fh_copy(&resp->fh, &argp->fh);
+ resp->committed = argp->stable;
+ nfserr = nfsd_write(rqstp, &resp->fh, NULL,
+--- a/fs/nfsd/nfs4proc.c
++++ b/fs/nfsd/nfs4proc.c
+@@ -982,8 +982,9 @@ nfsd4_write(struct svc_rqst *rqstp, stru
+ unsigned long cnt;
+ int nvecs;
+
+- if (write->wr_offset >= OFFSET_MAX)
+- return nfserr_inval;
++ if (write->wr_offset > (u64)OFFSET_MAX ||
++ write->wr_offset + write->wr_buflen > (u64)OFFSET_MAX)
++ return nfserr_fbig;
+
+ status = nfs4_preprocess_stateid_op(rqstp, cstate, &cstate->current_fh,
+ stateid, WR_STATE, &filp, NULL);
--- /dev/null
+integrity-check-the-return-value-of-audit_log_start.patch
+ima-remove-ima_policy-file-before-directory.patch
+nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch
+nfsd-clamp-write-offsets.patch
--- /dev/null
+integrity-check-the-return-value-of-audit_log_start.patch
+ima-remove-ima_policy-file-before-directory.patch
+ima-allow-template-selection-with-ima_template-after-ima_hash.patch
+ima-do-not-print-policy-rule-with-inactive-lsm-labels.patch
+mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch
+can-isotp-fix-potential-can-frame-reception-race-in-isotp_rcv.patch
+net-phy-marvell-fix-rgmii-tx-rx-delays-setting-in-88e1121-compatible-phys.patch
+net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch
+nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch
+nfsd-clamp-write-offsets.patch
+nfsd-fix-offset-type-in-i-o-trace-points.patch
--- /dev/null
+integrity-check-the-return-value-of-audit_log_start.patch
+ima-fix-reference-leak-in-asymmetric_verify.patch
+ima-remove-ima_policy-file-before-directory.patch
+ima-allow-template-selection-with-ima_template-after-ima_hash.patch
+ima-do-not-print-policy-rule-with-inactive-lsm-labels.patch
+mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch
+mmc-core-wait-for-command-setting-power-off-notification-bit-to-complete.patch
+can-isotp-fix-potential-can-frame-reception-race-in-isotp_rcv.patch
+can-isotp-fix-error-path-in-isotp_sendmsg-to-unlock-wait-queue.patch
+net-phy-marvell-fix-rgmii-tx-rx-delays-setting-in-88e1121-compatible-phys.patch
+net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch
+nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch
+nfsd-fix-nfsv3-setattr-create-s-handling-of-large-file-sizes.patch
+nfsd-fix-ia_size-underflow.patch
+nfsd-clamp-write-offsets.patch
+nfsd-fix-offset-type-in-i-o-trace-points.patch
+nfsd-fix-the-behavior-of-read-near-offset_max.patch
--- /dev/null
+integrity-check-the-return-value-of-audit_log_start.patch
+ima-remove-ima_policy-file-before-directory.patch
+ima-allow-template-selection-with-ima_template-after-ima_hash.patch
+ima-do-not-print-policy-rule-with-inactive-lsm-labels.patch
+mmc-sdhci-of-esdhc-check-for-error-num-after-setting-mask.patch
+net-phy-marvell-fix-rgmii-tx-rx-delays-setting-in-88e1121-compatible-phys.patch
+net-phy-marvell-fix-mdi-x-polarity-setting-in-88e1118-compatible-phys.patch
+nfs-fix-initialisation-of-nfs_client-cl_flags-field.patch
+nfsd-clamp-write-offsets.patch
+nfsd-fix-offset-type-in-i-o-trace-points.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
