From: Greg Kroah-Hartman Date: Thu, 15 Jul 2021 11:58:04 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v5.4.133~50 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=715e4d0b8dc7c4fbda1edefcccfcc6fe9c5af12d;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: mac80211-fix-memory-corruption-in-eapol-handling.patch powerpc-barrier-avoid-collision-with-clang-s-__lwsync-macro.patch --- diff --git a/queue-4.14/mac80211-fix-memory-corruption-in-eapol-handling.patch b/queue-4.14/mac80211-fix-memory-corruption-in-eapol-handling.patch new file mode 100644 index 00000000000..71496cf820e --- /dev/null +++ b/queue-4.14/mac80211-fix-memory-corruption-in-eapol-handling.patch @@ -0,0 +1,36 @@ +From davis@mosenkovs.lv Thu Jul 15 13:54:04 2021 +From: Davis Mosenkovs +Date: Sat, 10 Jul 2021 21:37:10 +0300 +Subject: mac80211: fix memory corruption in EAPOL handling +To: johannes@sipsolutions.net +Cc: linux-wireless@vger.kernel.org, stable@vger.kernel.org, Davis Mosenkovs +Message-ID: <20210710183710.5687-1-davis@mosenkovs.lv> + +From: Davis Mosenkovs + +Commit e3d4030498c3 ("mac80211: do not accept/forward invalid EAPOL +frames") uses skb_mac_header() before eth_type_trans() is called +leading to incorrect pointer, the pointer gets written to. This issue +has appeared during backporting to 4.4, 4.9 and 4.14. + +Fixes: e3d4030498c3 ("mac80211: do not accept/forward invalid EAPOL frames") +Link: https://lore.kernel.org/r/CAHQn7pKcyC_jYmGyTcPCdk9xxATwW5QPNph=bsZV8d-HPwNsyA@mail.gmail.com +Cc: # 4.4.x +Signed-off-by: Davis Mosenkovs +Signed-off-by: Greg Kroah-Hartman + +--- + net/mac80211/rx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -2404,7 +2404,7 @@ ieee80211_deliver_skb(struct ieee80211_r + #endif + + if (skb) { +- struct ethhdr *ehdr = (void *)skb_mac_header(skb); ++ struct ethhdr *ehdr = (struct ethhdr *)skb->data; + + /* deliver to local stack */ + skb->protocol = eth_type_trans(skb, dev); diff --git a/queue-4.14/powerpc-barrier-avoid-collision-with-clang-s-__lwsync-macro.patch b/queue-4.14/powerpc-barrier-avoid-collision-with-clang-s-__lwsync-macro.patch new file mode 100644 index 00000000000..1d65111fcac --- /dev/null +++ b/queue-4.14/powerpc-barrier-avoid-collision-with-clang-s-__lwsync-macro.patch @@ -0,0 +1,57 @@ +From 015d98149b326e0f1f02e44413112ca8b4330543 Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Fri, 28 May 2021 11:27:52 -0700 +Subject: powerpc/barrier: Avoid collision with clang's __lwsync macro + +From: Nathan Chancellor + +commit 015d98149b326e0f1f02e44413112ca8b4330543 upstream. + +A change in clang 13 results in the __lwsync macro being defined as +__builtin_ppc_lwsync, which emits 'lwsync' or 'msync' depending on what +the target supports. This breaks the build because of -Werror in +arch/powerpc, along with thousands of warnings: + + In file included from arch/powerpc/kernel/pmc.c:12: + In file included from include/linux/bug.h:5: + In file included from arch/powerpc/include/asm/bug.h:109: + In file included from include/asm-generic/bug.h:20: + In file included from include/linux/kernel.h:12: + In file included from include/linux/bitops.h:32: + In file included from arch/powerpc/include/asm/bitops.h:62: + arch/powerpc/include/asm/barrier.h:49:9: error: '__lwsync' macro redefined [-Werror,-Wmacro-redefined] + #define __lwsync() __asm__ __volatile__ (stringify_in_c(LWSYNC) : : :"memory") + ^ + :308:9: note: previous definition is here + #define __lwsync __builtin_ppc_lwsync + ^ + 1 error generated. + +Undefine this macro so that the runtime patching introduced by +commit 2d1b2027626d ("powerpc: Fixup lwsync at runtime") continues to +work properly with clang and the build no longer breaks. + +Cc: stable@vger.kernel.org +Signed-off-by: Nathan Chancellor +Reviewed-by: Nick Desaulniers +Signed-off-by: Michael Ellerman +Link: https://github.com/ClangBuiltLinux/linux/issues/1386 +Link: https://github.com/llvm/llvm-project/commit/62b5df7fe2b3fda1772befeda15598fbef96a614 +Link: https://lore.kernel.org/r/20210528182752.1852002-1-nathan@kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/include/asm/barrier.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/powerpc/include/asm/barrier.h ++++ b/arch/powerpc/include/asm/barrier.h +@@ -42,6 +42,8 @@ + # define SMPWMB eieio + #endif + ++/* clang defines this macro for a builtin, which will not work with runtime patching */ ++#undef __lwsync + #define __lwsync() __asm__ __volatile__ (stringify_in_c(LWSYNC) : : :"memory") + #define dma_rmb() __lwsync() + #define dma_wmb() __asm__ __volatile__ (stringify_in_c(SMPWMB) : : :"memory") diff --git a/queue-4.14/series b/queue-4.14/series index d49059a0589..d3443c8f289 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -203,3 +203,5 @@ sctp-add-size-validation-when-walking-chunks.patch fscrypt-don-t-ignore-minor_hash-when-hash-is-0.patch bdi-do-not-use-freezable-workqueue.patch fuse-reject-internal-errno.patch +mac80211-fix-memory-corruption-in-eapol-handling.patch +powerpc-barrier-avoid-collision-with-clang-s-__lwsync-macro.patch