4.9-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sat, 10 Apr 2021 14:15:37 +0000 (16:15 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sat, 10 Apr 2021 14:15:37 +0000 (16:15 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 10 Apr 2021 14:15:37 +0000 (16:15 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 10 Apr 2021 14:15:37 +0000 (16:15 +0200)
diff --git a/queue-4.9/batman-adv-initialize-struct-batadv_tvlv_tt_vlan_data-reserved-field.patch b/queue-4.9/batman-adv-initialize-struct-batadv_tvlv_tt_vlan_data-reserved-field.patch

new file mode 100644 (file)

index 0000000..d30a5dd
--- /dev/null
+++ b/queue-4.9/batman-adv-initialize-struct-batadv_tvlv_tt_vlan_data-reserved-field.patch
@@ -0,0 +1,48 @@
+From 08c27f3322fec11950b8f1384aa0f3b11d028528 Mon Sep 17 00:00:00 2001
+From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Date: Mon, 5 Apr 2021 19:16:50 +0900
+Subject: batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field
+
+From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+
+commit 08c27f3322fec11950b8f1384aa0f3b11d028528 upstream.
+
+KMSAN found uninitialized value at batadv_tt_prepare_tvlv_local_data()
+[1], for commit ced72933a5e8ab52 ("batman-adv: use CRC32C instead of CRC16
+in TT code") inserted 'reserved' field into "struct batadv_tvlv_tt_data"
+and commit 7ea7b4a142758dea ("batman-adv: make the TT CRC logic VLAN
+specific") moved that field to "struct batadv_tvlv_tt_vlan_data" but left
+that field uninitialized.
+
+[1] https://syzkaller.appspot.com/bug?id=07f3e6dba96f0eb3cabab986adcd8a58b9bdbe9d
+
+Reported-by: syzbot <syzbot+50ee810676e6a089487b@syzkaller.appspotmail.com>
+Tested-by: syzbot <syzbot+50ee810676e6a089487b@syzkaller.appspotmail.com>
+Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Fixes: ced72933a5e8ab52 ("batman-adv: use CRC32C instead of CRC16 in TT code")
+Fixes: 7ea7b4a142758dea ("batman-adv: make the TT CRC logic VLAN specific")
+Acked-by: Sven Eckelmann <sven@narfation.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/batman-adv/translation-table.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/batman-adv/translation-table.c
++++ b/net/batman-adv/translation-table.c
+@@ -897,6 +897,7 @@ batadv_tt_prepare_tvlv_global_data(struc
+       hlist_for_each_entry_rcu(vlan, &orig_node->vlan_list, list) {
+               tt_vlan->vid = htons(vlan->vid);
+               tt_vlan->crc = htonl(vlan->tt.crc);
++              tt_vlan->reserved = 0;
+ 
+               tt_vlan++;
+       }
+@@ -980,6 +981,7 @@ batadv_tt_prepare_tvlv_local_data(struct
+ 
+               tt_vlan->vid = htons(vlan->vid);
+               tt_vlan->crc = htonl(vlan->tt.crc);
++              tt_vlan->reserved = 0;
+ 
+               tt_vlan++;
+       }
diff --git a/queue-4.9/series b/queue-4.9/series

index 7bee38ccdf20b4e8a2abfbc0e1f7c87b3c3e0b2b..816d6c7f96f93a0b71f4a9cf95716ba2006888f2 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -13,3 +13,4 @@ ocfs2-fix-deadlock-between-setattr-and-dio_end_io_write.patch
  fs-direct-io-fix-missing-sdio-boundary.patch
  parisc-parisc-agp-requires-sba-iommu-driver.patch
  parisc-avoid-a-warning-on-u8-cast-for-cmpxchg-on-u8-pointers.patch
+batman-adv-initialize-struct-batadv_tvlv_tt_vlan_data-reserved-field.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 10 Apr 2021 14:15:37 +0000 (16:15 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 10 Apr 2021 14:15:37 +0000 (16:15 +0200)
queue-4.9/batman-adv-initialize-struct-batadv_tvlv_tt_vlan_data-reserved-field.patch	[new file with mode: 0644]	patch \| blob
queue-4.9/series		patch \| blob \| blame \| history