From f360007ad73ce1b21cea528489f6e7a3dd30eb8f Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 29 May 2021 16:45:32 +0200 Subject: [PATCH] 5.4-stable patches added patches: mac80211-assure-all-fragments-are-encrypted.patch mac80211-prevent-mixed-key-and-fragment-cache-attacks.patch net-hso-fix-control-request-directions.patch perf-intel-pt-fix-sample-instruction-bytes.patch perf-intel-pt-fix-transaction-abort-handling.patch perf-scripts-python-exported-sql-viewer.py-fix-array-typeerror.patch perf-scripts-python-exported-sql-viewer.py-fix-copy-to-clipboard-from-top-calls-by-elapsed-time-report.patch perf-scripts-python-exported-sql-viewer.py-fix-warning-display.patch proc-check-proc-pid-attr-writes-against-file-opener.patch --- ...1-assure-all-fragments-are-encrypted.patch | 78 +++++++++++++ ...mixed-key-and-fragment-cache-attacks.patch | 99 +++++++++++++++++ ...t-hso-fix-control-request-directions.patch | 45 ++++++++ ...ntel-pt-fix-sample-instruction-bytes.patch | 100 +++++++++++++++++ ...el-pt-fix-transaction-abort-handling.patch | 103 ++++++++++++++++++ ...ed-sql-viewer.py-fix-array-typeerror.patch | 58 ++++++++++ ...rom-top-calls-by-elapsed-time-report.patch | 45 ++++++++ ...ed-sql-viewer.py-fix-warning-display.patch | 46 ++++++++ ...-pid-attr-writes-against-file-opener.patch | 40 +++++++ queue-5.4/series | 9 ++ 10 files changed, 623 insertions(+) create mode 100644 queue-5.4/mac80211-assure-all-fragments-are-encrypted.patch create mode 100644 queue-5.4/mac80211-prevent-mixed-key-and-fragment-cache-attacks.patch create mode 100644 queue-5.4/net-hso-fix-control-request-directions.patch create mode 100644 queue-5.4/perf-intel-pt-fix-sample-instruction-bytes.patch create mode 100644 queue-5.4/perf-intel-pt-fix-transaction-abort-handling.patch create mode 100644 queue-5.4/perf-scripts-python-exported-sql-viewer.py-fix-array-typeerror.patch create mode 100644 queue-5.4/perf-scripts-python-exported-sql-viewer.py-fix-copy-to-clipboard-from-top-calls-by-elapsed-time-report.patch create mode 100644 queue-5.4/perf-scripts-python-exported-sql-viewer.py-fix-warning-display.patch create mode 100644 queue-5.4/proc-check-proc-pid-attr-writes-against-file-opener.patch diff --git a/queue-5.4/mac80211-assure-all-fragments-are-encrypted.patch b/queue-5.4/mac80211-assure-all-fragments-are-encrypted.patch new file mode 100644 index 00000000000..47746226ca2 --- /dev/null +++ b/queue-5.4/mac80211-assure-all-fragments-are-encrypted.patch @@ -0,0 +1,78 @@ +From 965a7d72e798eb7af0aa67210e37cf7ecd1c9cad Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Tue, 11 May 2021 20:02:42 +0200 +Subject: mac80211: assure all fragments are encrypted + +From: Mathy Vanhoef + +commit 965a7d72e798eb7af0aa67210e37cf7ecd1c9cad upstream. + +Do not mix plaintext and encrypted fragments in protected Wi-Fi +networks. This fixes CVE-2020-26147. + +Previously, an attacker was able to first forward a legitimate encrypted +fragment towards a victim, followed by a plaintext fragment. The +encrypted and plaintext fragment would then be reassembled. For further +details see Section 6.3 and Appendix D in the paper "Fragment and Forge: +Breaking Wi-Fi Through Frame Aggregation and Fragmentation". + +Because of this change there are now two equivalent conditions in the +code to determine if a received fragment requires sequential PNs, so we +also move this test to a separate function to make the code easier to +maintain. + +Cc: stable@vger.kernel.org +Signed-off-by: Mathy Vanhoef +Link: https://lore.kernel.org/r/20210511200110.30c4394bb835.I5acfdb552cc1d20c339c262315950b3eac491397@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman +--- + net/mac80211/rx.c | 23 ++++++++++++----------- + 1 file changed, 12 insertions(+), 11 deletions(-) + +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -2154,6 +2154,16 @@ ieee80211_reassemble_find(struct ieee802 + return NULL; + } + ++static bool requires_sequential_pn(struct ieee80211_rx_data *rx, __le16 fc) ++{ ++ return rx->key && ++ (rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP || ++ rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 || ++ rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP || ++ rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) && ++ ieee80211_has_protected(fc); ++} ++ + static ieee80211_rx_result debug_noinline + ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) + { +@@ -2198,12 +2208,7 @@ ieee80211_rx_h_defragment(struct ieee802 + /* This is the first fragment of a new frame. */ + entry = ieee80211_reassemble_add(rx->sdata, frag, seq, + rx->seqno_idx, &(rx->skb)); +- if (rx->key && +- (rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP || +- rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 || +- rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP || +- rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) && +- ieee80211_has_protected(fc)) { ++ if (requires_sequential_pn(rx, fc)) { + int queue = rx->security_idx; + + /* Store CCMP/GCMP PN so that we can verify that the +@@ -2245,11 +2250,7 @@ ieee80211_rx_h_defragment(struct ieee802 + u8 pn[IEEE80211_CCMP_PN_LEN], *rpn; + int queue; + +- if (!rx->key || +- (rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP && +- rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP_256 && +- rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP && +- rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP_256)) ++ if (!requires_sequential_pn(rx, fc)) + return RX_DROP_UNUSABLE; + memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN); + for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) { diff --git a/queue-5.4/mac80211-prevent-mixed-key-and-fragment-cache-attacks.patch b/queue-5.4/mac80211-prevent-mixed-key-and-fragment-cache-attacks.patch new file mode 100644 index 00000000000..d9269b28d3d --- /dev/null +++ b/queue-5.4/mac80211-prevent-mixed-key-and-fragment-cache-attacks.patch @@ -0,0 +1,99 @@ +From 94034c40ab4a3fcf581fbc7f8fdf4e29943c4a24 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Tue, 11 May 2021 20:02:43 +0200 +Subject: mac80211: prevent mixed key and fragment cache attacks + +From: Mathy Vanhoef + +commit 94034c40ab4a3fcf581fbc7f8fdf4e29943c4a24 upstream. + +Simultaneously prevent mixed key attacks (CVE-2020-24587) and fragment +cache attacks (CVE-2020-24586). This is accomplished by assigning a +unique color to every key (per interface) and using this to track which +key was used to decrypt a fragment. When reassembling frames, it is +now checked whether all fragments were decrypted using the same key. + +To assure that fragment cache attacks are also prevented, the ID that is +assigned to keys is unique even over (re)associations and (re)connects. +This means fragments separated by a (re)association or (re)connect will +not be reassembled. Because mac80211 now also prevents the reassembly of +mixed encrypted and plaintext fragments, all cache attacks are prevented. + +Cc: stable@vger.kernel.org +Signed-off-by: Mathy Vanhoef +Link: https://lore.kernel.org/r/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman +--- + net/mac80211/ieee80211_i.h | 1 + + net/mac80211/key.c | 7 +++++++ + net/mac80211/key.h | 2 ++ + net/mac80211/rx.c | 6 ++++++ + 4 files changed, 16 insertions(+) + +--- a/net/mac80211/ieee80211_i.h ++++ b/net/mac80211/ieee80211_i.h +@@ -97,6 +97,7 @@ struct ieee80211_fragment_entry { + u8 rx_queue; + bool check_sequential_pn; /* needed for CCMP/GCMP */ + u8 last_pn[6]; /* PN of the last fragment if CCMP was used */ ++ unsigned int key_color; + }; + + +--- a/net/mac80211/key.c ++++ b/net/mac80211/key.c +@@ -764,6 +764,7 @@ int ieee80211_key_link(struct ieee80211_ + struct ieee80211_sub_if_data *sdata, + struct sta_info *sta) + { ++ static atomic_t key_color = ATOMIC_INIT(0); + struct ieee80211_key *old_key; + int idx = key->conf.keyidx; + bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; +@@ -815,6 +816,12 @@ int ieee80211_key_link(struct ieee80211_ + key->sdata = sdata; + key->sta = sta; + ++ /* ++ * Assign a unique ID to every key so we can easily prevent mixed ++ * key and fragment cache attacks. ++ */ ++ key->color = atomic_inc_return(&key_color); ++ + increment_tailroom_need_count(sdata); + + ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key); +--- a/net/mac80211/key.h ++++ b/net/mac80211/key.h +@@ -127,6 +127,8 @@ struct ieee80211_key { + } debugfs; + #endif + ++ unsigned int color; ++ + /* + * key config, must be last because it contains key + * material as variable length member +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -2215,6 +2215,7 @@ ieee80211_rx_h_defragment(struct ieee802 + * next fragment has a sequential PN value. + */ + entry->check_sequential_pn = true; ++ entry->key_color = rx->key->color; + memcpy(entry->last_pn, + rx->key->u.ccmp.rx_pn[queue], + IEEE80211_CCMP_PN_LEN); +@@ -2252,6 +2253,11 @@ ieee80211_rx_h_defragment(struct ieee802 + + if (!requires_sequential_pn(rx, fc)) + return RX_DROP_UNUSABLE; ++ ++ /* Prevent mixed key and fragment cache attacks */ ++ if (entry->key_color != rx->key->color) ++ return RX_DROP_UNUSABLE; ++ + memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN); + for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) { + pn[i]++; diff --git a/queue-5.4/net-hso-fix-control-request-directions.patch b/queue-5.4/net-hso-fix-control-request-directions.patch new file mode 100644 index 00000000000..d74a5623443 --- /dev/null +++ b/queue-5.4/net-hso-fix-control-request-directions.patch @@ -0,0 +1,45 @@ +From 1a6e9a9c68c1f183872e4bcc947382111c2e04eb Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Mon, 24 May 2021 11:25:11 +0200 +Subject: net: hso: fix control-request directions + +From: Johan Hovold + +commit 1a6e9a9c68c1f183872e4bcc947382111c2e04eb upstream. + +The direction of the pipe argument must match the request-type direction +bit or control requests may fail depending on the host-controller-driver +implementation. + +Fix the tiocmset and rfkill requests which erroneously used +usb_rcvctrlpipe(). + +Fixes: 72dc1c096c70 ("HSO: add option hso driver") +Cc: stable@vger.kernel.org # 2.6.27 +Signed-off-by: Johan Hovold +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/usb/hso.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/net/usb/hso.c ++++ b/drivers/net/usb/hso.c +@@ -1689,7 +1689,7 @@ static int hso_serial_tiocmset(struct tt + spin_unlock_irqrestore(&serial->serial_lock, flags); + + return usb_control_msg(serial->parent->usb, +- usb_rcvctrlpipe(serial->parent->usb, 0), 0x22, ++ usb_sndctrlpipe(serial->parent->usb, 0), 0x22, + 0x21, val, if_num, NULL, 0, + USB_CTRL_SET_TIMEOUT); + } +@@ -2436,7 +2436,7 @@ static int hso_rfkill_set_block(void *da + if (hso_dev->usb_gone) + rv = 0; + else +- rv = usb_control_msg(hso_dev->usb, usb_rcvctrlpipe(hso_dev->usb, 0), ++ rv = usb_control_msg(hso_dev->usb, usb_sndctrlpipe(hso_dev->usb, 0), + enabled ? 0x82 : 0x81, 0x40, 0, 0, NULL, 0, + USB_CTRL_SET_TIMEOUT); + mutex_unlock(&hso_dev->mutex); diff --git a/queue-5.4/perf-intel-pt-fix-sample-instruction-bytes.patch b/queue-5.4/perf-intel-pt-fix-sample-instruction-bytes.patch new file mode 100644 index 00000000000..8ed71daf8ae --- /dev/null +++ b/queue-5.4/perf-intel-pt-fix-sample-instruction-bytes.patch @@ -0,0 +1,100 @@ +From c954eb72b31a9dc56c99b450253ec5b121add320 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Wed, 19 May 2021 10:45:14 +0300 +Subject: perf intel-pt: Fix sample instruction bytes + +From: Adrian Hunter + +commit c954eb72b31a9dc56c99b450253ec5b121add320 upstream. + +The decoder reports the current instruction if it was decoded. In some +cases the current instruction is not decoded, in which case the instruction +bytes length must be set to zero. Ensure that is always done. + +Note perf script can anyway get the instruction bytes for any samples where +they are not present. + +Also note, that there is a redundant "ptq->insn_len = 0" statement which is +not removed until a subsequent patch in order to make this patch apply +cleanly to stable branches. + +Example: + +A machne that supports TSX is required. It will have flag "rtm". Kernel +parameter tsx=on may be required. + + # for w in `cat /proc/cpuinfo | grep -m1 flags `;do echo $w | grep rtm ; done + rtm + +Test program: + + #include + #include + + int main() + { + int x = 0; + + if (_xbegin() == _XBEGIN_STARTED) { + x = 1; + _xabort(1); + } else { + printf("x = %d\n", x); + } + return 0; + } + +Compile with -mrtm i.e. + + gcc -Wall -Wextra -mrtm xabort.c -o xabort + +Record: + + perf record -e intel_pt/cyc/u --filter 'filter main @ ./xabort' ./xabort + +Before: + + # perf script --itrace=xe -F+flags,+insn,-period --xed --ns + xabort 1478 [007] 92161.431348581: transactions: x 400b81 main+0x14 (/root/xabort) mov $0xffffffff, %eax + xabort 1478 [007] 92161.431348624: transactions: tx abrt 400b93 main+0x26 (/root/xabort) mov $0xffffffff, %eax + +After: + + # perf script --itrace=xe -F+flags,+insn,-period --xed --ns + xabort 1478 [007] 92161.431348581: transactions: x 400b81 main+0x14 (/root/xabort) xbegin 0x6 + xabort 1478 [007] 92161.431348624: transactions: tx abrt 400b93 main+0x26 (/root/xabort) xabort $0x1 + +Fixes: faaa87680b25d ("perf intel-pt/bts: Report instruction bytes and length in sample") +Signed-off-by: Adrian Hunter +Cc: Andi Kleen +Cc: Jiri Olsa +Cc: stable@vger.kernel.org +Link: http://lore.kernel.org/lkml/20210519074515.9262-3-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/intel-pt.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/tools/perf/util/intel-pt.c ++++ b/tools/perf/util/intel-pt.c +@@ -602,8 +602,10 @@ static int intel_pt_walk_next_insn(struc + + *ip += intel_pt_insn->length; + +- if (to_ip && *ip == to_ip) ++ if (to_ip && *ip == to_ip) { ++ intel_pt_insn->length = 0; + goto out_no_cache; ++ } + + if (*ip >= al.map->end) + break; +@@ -991,6 +993,7 @@ static void intel_pt_set_pid_tid_cpu(str + + static void intel_pt_sample_flags(struct intel_pt_queue *ptq) + { ++ ptq->insn_len = 0; + if (ptq->state->flags & INTEL_PT_ABORT_TX) { + ptq->flags = PERF_IP_FLAG_BRANCH | PERF_IP_FLAG_TX_ABORT; + } else if (ptq->state->flags & INTEL_PT_ASYNC) { diff --git a/queue-5.4/perf-intel-pt-fix-transaction-abort-handling.patch b/queue-5.4/perf-intel-pt-fix-transaction-abort-handling.patch new file mode 100644 index 00000000000..365f50334ba --- /dev/null +++ b/queue-5.4/perf-intel-pt-fix-transaction-abort-handling.patch @@ -0,0 +1,103 @@ +From cb7987837c31b217b28089bbc78922d5c9187869 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Wed, 19 May 2021 10:45:13 +0300 +Subject: perf intel-pt: Fix transaction abort handling + +From: Adrian Hunter + +commit cb7987837c31b217b28089bbc78922d5c9187869 upstream. + +When adding support for power events, some handling of FUP packets was +unified. That resulted in breaking reporting of TSX aborts, by not +considering the associated TIP packet. Fix that. + +Example: + +A machine that supports TSX is required. It will have flag "rtm". Kernel +parameter tsx=on may be required. + + # for w in `cat /proc/cpuinfo | grep -m1 flags `;do echo $w | grep rtm ; done + rtm + +Test program: + + #include + #include + + int main() + { + int x = 0; + + if (_xbegin() == _XBEGIN_STARTED) { + x = 1; + _xabort(1); + } else { + printf("x = %d\n", x); + } + return 0; + } + +Compile with -mrtm i.e. + + gcc -Wall -Wextra -mrtm xabort.c -o xabort + +Record: + + perf record -e intel_pt/cyc/u --filter 'filter main @ ./xabort' ./xabort + +Before: + + # perf script --itrace=be -F+flags,+addr,-period,-event --ns + xabort 1478 [007] 92161.431348552: tr strt 0 [unknown] ([unknown]) => 400b6d main+0x0 (/root/xabort) + xabort 1478 [007] 92161.431348624: jmp 400b96 main+0x29 (/root/xabort) => 400bae main+0x41 (/root/xabort) + xabort 1478 [007] 92161.431348624: return 400bb4 main+0x47 (/root/xabort) => 400b87 main+0x1a (/root/xabort) + xabort 1478 [007] 92161.431348637: jcc 400b8a main+0x1d (/root/xabort) => 400b98 main+0x2b (/root/xabort) + xabort 1478 [007] 92161.431348644: tr end call 400ba9 main+0x3c (/root/xabort) => 40f690 printf+0x0 (/root/xabort) + xabort 1478 [007] 92161.431360859: tr strt 0 [unknown] ([unknown]) => 400bae main+0x41 (/root/xabort) + xabort 1478 [007] 92161.431360882: tr end return 400bb4 main+0x47 (/root/xabort) => 401139 __libc_start_main+0x309 (/root/xabort) + +After: + + # perf script --itrace=be -F+flags,+addr,-period,-event --ns + xabort 1478 [007] 92161.431348552: tr strt 0 [unknown] ([unknown]) => 400b6d main+0x0 (/root/xabort) + xabort 1478 [007] 92161.431348624: tx abrt 400b93 main+0x26 (/root/xabort) => 400b87 main+0x1a (/root/xabort) + xabort 1478 [007] 92161.431348637: jcc 400b8a main+0x1d (/root/xabort) => 400b98 main+0x2b (/root/xabort) + xabort 1478 [007] 92161.431348644: tr end call 400ba9 main+0x3c (/root/xabort) => 40f690 printf+0x0 (/root/xabort) + xabort 1478 [007] 92161.431360859: tr strt 0 [unknown] ([unknown]) => 400bae main+0x41 (/root/xabort) + xabort 1478 [007] 92161.431360882: tr end return 400bb4 main+0x47 (/root/xabort) => 401139 __libc_start_main+0x309 (/root/xabort) + +Fixes: a472e65fc490a ("perf intel-pt: Add decoder support for ptwrite and power event packets") +Signed-off-by: Adrian Hunter +Cc: Andi Kleen +Cc: Jiri Olsa +Cc: stable@vger.kernel.org +Link: http://lore.kernel.org/lkml/20210519074515.9262-2-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -1090,6 +1090,8 @@ static bool intel_pt_fup_event(struct in + decoder->set_fup_tx_flags = false; + decoder->tx_flags = decoder->fup_tx_flags; + decoder->state.type = INTEL_PT_TRANSACTION; ++ if (decoder->fup_tx_flags & INTEL_PT_ABORT_TX) ++ decoder->state.type |= INTEL_PT_BRANCH; + decoder->state.from_ip = decoder->ip; + decoder->state.to_ip = 0; + decoder->state.flags = decoder->fup_tx_flags; +@@ -1164,8 +1166,10 @@ static int intel_pt_walk_fup(struct inte + return 0; + if (err == -EAGAIN || + intel_pt_fup_with_nlip(decoder, &intel_pt_insn, ip, err)) { ++ bool no_tip = decoder->pkt_state != INTEL_PT_STATE_FUP; ++ + decoder->pkt_state = INTEL_PT_STATE_IN_SYNC; +- if (intel_pt_fup_event(decoder)) ++ if (intel_pt_fup_event(decoder) && no_tip) + return 0; + return -EAGAIN; + } diff --git a/queue-5.4/perf-scripts-python-exported-sql-viewer.py-fix-array-typeerror.patch b/queue-5.4/perf-scripts-python-exported-sql-viewer.py-fix-array-typeerror.patch new file mode 100644 index 00000000000..b9a7bbee7d2 --- /dev/null +++ b/queue-5.4/perf-scripts-python-exported-sql-viewer.py-fix-array-typeerror.patch @@ -0,0 +1,58 @@ +From fd931b2e234a7cc451a7bbb1965d6ce623189158 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Fri, 21 May 2021 12:20:52 +0300 +Subject: perf scripts python: exported-sql-viewer.py: Fix Array TypeError + +From: Adrian Hunter + +commit fd931b2e234a7cc451a7bbb1965d6ce623189158 upstream. + +The 'Array' class is present in more than one python standard library. +In some versions of Python 3, the following error occurs: + +Traceback (most recent call last): + File "tools/perf/scripts/python/exported-sql-viewer.py", line 4702, in + reports_menu.addAction(CreateAction(label, "Create a new window displaying branch events", lambda a=None,x=dbid: self.NewBranchView(x), self)) + File "tools/perf/scripts/python/exported-sql-viewer.py", line 4727, in NewBranchView + BranchWindow(self.glb, event_id, ReportVars(), self) + File "tools/perf/scripts/python/exported-sql-viewer.py", line 3208, in __init__ + self.model = LookupCreateModel(model_name, lambda: BranchModel(glb, event_id, report_vars.where_clause)) + File "tools/perf/scripts/python/exported-sql-viewer.py", line 343, in LookupCreateModel + model = create_fn() + File "tools/perf/scripts/python/exported-sql-viewer.py", line 3208, in + self.model = LookupCreateModel(model_name, lambda: BranchModel(glb, event_id, report_vars.where_clause)) + File "tools/perf/scripts/python/exported-sql-viewer.py", line 3124, in __init__ + self.fetcher = SQLFetcher(glb, sql, prep, self.AddSample) + File "tools/perf/scripts/python/exported-sql-viewer.py", line 2658, in __init__ + self.buffer = Array(c_char, self.buffer_size, lock=False) +TypeError: abstract class + +This apparently happens because Python can be inconsistent about which +class of the name 'Array' gets imported. Fix by importing explicitly by +name so that only the desired 'Array' gets imported. + +Fixes: 8392b74b575c3 ("perf scripts python: exported-sql-viewer.py: Add ability to display all the database tables") +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org +Link: http://lore.kernel.org/lkml/20210521092053.25683-3-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/scripts/python/exported-sql-viewer.py | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/tools/perf/scripts/python/exported-sql-viewer.py ++++ b/tools/perf/scripts/python/exported-sql-viewer.py +@@ -122,8 +122,9 @@ if pyside_version_1: + from PySide.QtGui import * + from PySide.QtSql import * + +-from decimal import * +-from ctypes import * ++from decimal import Decimal, ROUND_HALF_UP ++from ctypes import CDLL, Structure, create_string_buffer, addressof, sizeof, \ ++ c_void_p, c_bool, c_byte, c_char, c_int, c_uint, c_longlong, c_ulonglong + from multiprocessing import Process, Array, Value, Event + + # xrange is range in Python3 diff --git a/queue-5.4/perf-scripts-python-exported-sql-viewer.py-fix-copy-to-clipboard-from-top-calls-by-elapsed-time-report.patch b/queue-5.4/perf-scripts-python-exported-sql-viewer.py-fix-copy-to-clipboard-from-top-calls-by-elapsed-time-report.patch new file mode 100644 index 00000000000..225e080f388 --- /dev/null +++ b/queue-5.4/perf-scripts-python-exported-sql-viewer.py-fix-copy-to-clipboard-from-top-calls-by-elapsed-time-report.patch @@ -0,0 +1,45 @@ +From a6172059758ba1b496ae024cece7d5bdc8d017db Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Fri, 21 May 2021 12:20:51 +0300 +Subject: perf scripts python: exported-sql-viewer.py: Fix copy to clipboard from Top Calls by elapsed Time report + +From: Adrian Hunter + +commit a6172059758ba1b496ae024cece7d5bdc8d017db upstream. + +Provide missing argument to prevent following error when copying a +selection to the clipboard: + +Traceback (most recent call last): + File "tools/perf/scripts/python/exported-sql-viewer.py", line 4041, in + menu.addAction(CreateAction("&Copy selection", "Copy to clipboard", lambda: CopyCellsToClipboardHdr(self.view), self.view)) + File "tools/perf/scripts/python/exported-sql-viewer.py", line 4021, in CopyCellsToClipboardHdr + CopyCellsToClipboard(view, False, True) + File "tools/perf/scripts/python/exported-sql-viewer.py", line 4018, in CopyCellsToClipboard + view.CopyCellsToClipboard(view, as_csv, with_hdr) + File "tools/perf/scripts/python/exported-sql-viewer.py", line 3871, in CopyTableCellsToClipboard + val = model.headerData(col, Qt.Horizontal) +TypeError: headerData() missing 1 required positional argument: 'role' + +Fixes: 96c43b9a7ab3b ("perf scripts python: exported-sql-viewer.py: Add copy to clipboard") +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org +Link: http://lore.kernel.org/lkml/20210521092053.25683-2-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/scripts/python/exported-sql-viewer.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/perf/scripts/python/exported-sql-viewer.py ++++ b/tools/perf/scripts/python/exported-sql-viewer.py +@@ -2495,7 +2495,7 @@ def CopyTableCellsToClipboard(view, as_c + if with_hdr: + model = indexes[0].model() + for col in range(min_col, max_col + 1): +- val = model.headerData(col, Qt.Horizontal) ++ val = model.headerData(col, Qt.Horizontal, Qt.DisplayRole) + if as_csv: + text += sep + ToCSValue(val) + sep = "," diff --git a/queue-5.4/perf-scripts-python-exported-sql-viewer.py-fix-warning-display.patch b/queue-5.4/perf-scripts-python-exported-sql-viewer.py-fix-warning-display.patch new file mode 100644 index 00000000000..c04ea47f45e --- /dev/null +++ b/queue-5.4/perf-scripts-python-exported-sql-viewer.py-fix-warning-display.patch @@ -0,0 +1,46 @@ +From f56299a9c998e0bfbd4ab07cafe9eb8444512448 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Fri, 21 May 2021 12:20:53 +0300 +Subject: perf scripts python: exported-sql-viewer.py: Fix warning display + +From: Adrian Hunter + +commit f56299a9c998e0bfbd4ab07cafe9eb8444512448 upstream. + +Deprecation warnings are useful only for the developer, not an end user. +Display warnings only when requested using the python -W option. This +stops the display of warnings like: + + tools/perf/scripts/python/exported-sql-viewer.py:5102: DeprecationWarning: + an integer is required (got type PySide2.QtCore.Qt.AlignmentFlag). + Implicit conversion to integers using __int__ is deprecated, and + may be removed in a future version of Python. + err = app.exec_() + +Since the warning can be fixed only in PySide2, we must wait for it to +be finally fixed there. + +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org # v5.3+ +Link: http://lore.kernel.org/lkml/20210521092053.25683-4-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/scripts/python/exported-sql-viewer.py | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/tools/perf/scripts/python/exported-sql-viewer.py ++++ b/tools/perf/scripts/python/exported-sql-viewer.py +@@ -91,6 +91,11 @@ + from __future__ import print_function + + import sys ++# Only change warnings if the python -W option was not used ++if not sys.warnoptions: ++ import warnings ++ # PySide2 causes deprecation warnings, ignore them. ++ warnings.filterwarnings("ignore", category=DeprecationWarning) + import argparse + import weakref + import threading diff --git a/queue-5.4/proc-check-proc-pid-attr-writes-against-file-opener.patch b/queue-5.4/proc-check-proc-pid-attr-writes-against-file-opener.patch new file mode 100644 index 00000000000..949d6f8bb45 --- /dev/null +++ b/queue-5.4/proc-check-proc-pid-attr-writes-against-file-opener.patch @@ -0,0 +1,40 @@ +From bfb819ea20ce8bbeeba17e1a6418bf8bda91fc28 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Tue, 25 May 2021 12:37:35 -0700 +Subject: proc: Check /proc/$pid/attr/ writes against file opener + +From: Kees Cook + +commit bfb819ea20ce8bbeeba17e1a6418bf8bda91fc28 upstream. + +Fix another "confused deputy" weakness[1]. Writes to /proc/$pid/attr/ +files need to check the opener credentials, since these fds do not +transition state across execve(). Without this, it is possible to +trick another process (which may have different credentials) to write +to its own /proc/$pid/attr/ files, leading to unexpected and possibly +exploitable behaviors. + +[1] https://www.kernel.org/doc/html/latest/security/credentials.html?highlight=confused#open-file-credentials + +Fixes: 1da177e4c3f41 ("Linux-2.6.12-rc2") +Cc: stable@vger.kernel.org +Signed-off-by: Kees Cook +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + fs/proc/base.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/proc/base.c ++++ b/fs/proc/base.c +@@ -2556,6 +2556,10 @@ static ssize_t proc_pid_attr_write(struc + void *page; + int rv; + ++ /* A task may only write when it was the opener. */ ++ if (file->f_cred != current_real_cred()) ++ return -EPERM; ++ + rcu_read_lock(); + task = pid_task(proc_pid(inode), PIDTYPE_PID); + if (!task) { diff --git a/queue-5.4/series b/queue-5.4/series index 19ee762e76e..bc6c79b3ef7 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -4,6 +4,15 @@ alsa-usb-audio-scarlett2-improve-driver-startup-messages.patch cifs-set-server-cipher_type-to-aes-128-ccm-for-smb3.0.patch nfsv4-fix-a-null-pointer-dereference-in-pnfs_mark_matching_lsegs_return.patch iommu-vt-d-fix-sysfs-leak-in-alloc_iommu.patch +perf-intel-pt-fix-sample-instruction-bytes.patch +perf-intel-pt-fix-transaction-abort-handling.patch +perf-scripts-python-exported-sql-viewer.py-fix-copy-to-clipboard-from-top-calls-by-elapsed-time-report.patch +perf-scripts-python-exported-sql-viewer.py-fix-array-typeerror.patch +perf-scripts-python-exported-sql-viewer.py-fix-warning-display.patch +proc-check-proc-pid-attr-writes-against-file-opener.patch +net-hso-fix-control-request-directions.patch +mac80211-assure-all-fragments-are-encrypted.patch +mac80211-prevent-mixed-key-and-fragment-cache-attacks.patch selftests-gpio-use-test_gen_progs_extended.patch selftests-gpio-move-include-of-lib.mk-up.patch selftests-gpio-fix-build-when-source-tree-is-read-on.patch -- 2.47.3