* [PATCH AUTOSEL 4.14 1/5] netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
@ 2023-06-26 21:51 Sasha Levin
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 2/5] bnx2x: fix page fault following EEH recovery Sasha Levin
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Sasha Levin @ 2023-06-26 21:51 UTC (permalink / raw
To: linux-kernel, stable
Cc: Dmitry Mastykin, Paul Moore, David S . Miller, Sasha Levin,
edumazet, kuba, pabeni, netdev, linux-security-module
From: Dmitry Mastykin <dmastykin@astralinux.ru>
[ Upstream commit b403643d154d15176b060b82f7fc605210033edd ]
There is a shift wrapping bug in this code on 32-bit architectures.
NETLBL_CATMAP_MAPTYPE is u64, bitmap is unsigned long.
Every second 32-bit word of catmap becomes corrupted.
Signed-off-by: Dmitry Mastykin <dmastykin@astralinux.ru>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netlabel/netlabel_kapi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 15fe2120b3109..14c3d640f94b9 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -871,7 +871,8 @@ int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap,
offset -= iter->startbit;
idx = offset / NETLBL_CATMAP_MAPSIZE;
- iter->bitmap[idx] |= bitmap << (offset % NETLBL_CATMAP_MAPSIZE);
+ iter->bitmap[idx] |= (NETLBL_CATMAP_MAPTYPE)bitmap
+ << (offset % NETLBL_CATMAP_MAPSIZE);
return 0;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH AUTOSEL 4.14 2/5] bnx2x: fix page fault following EEH recovery
2023-06-26 21:51 [PATCH AUTOSEL 4.14 1/5] netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Sasha Levin
@ 2023-06-26 21:51 ` Sasha Levin
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 3/5] sctp: handle invalid error codes without calling BUG() Sasha Levin
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Sasha Levin @ 2023-06-26 21:51 UTC (permalink / raw
To: linux-kernel, stable
Cc: David Christensen, Sridhar Samudrala, David S . Miller,
Sasha Levin, aelior, skalluru, manishc, edumazet, kuba, pabeni,
netdev
From: David Christensen <drc@linux.vnet.ibm.com>
[ Upstream commit 7ebe4eda4265642859507d1b3ca330d8c196cfe5 ]
In the last step of the EEH recovery process, the EEH driver calls into
bnx2x_io_resume() to re-initialize the NIC hardware via the function
bnx2x_nic_load(). If an error occurs during bnx2x_nic_load(), OS and
hardware resources are released and an error code is returned to the
caller. When called from bnx2x_io_resume(), the return code is ignored
and the network interface is brought up unconditionally. Later attempts
to send a packet via this interface result in a page fault due to a null
pointer reference.
This patch checks the return code of bnx2x_nic_load(), prints an error
message if necessary, and does not enable the interface.
Signed-off-by: David Christensen <drc@linux.vnet.ibm.com>
Reviewed-by: Sridhar Samudrala <sridhar.samudrala@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
index 7925c40c00625..cb5c3d3153331 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
@@ -14484,11 +14484,16 @@ static void bnx2x_io_resume(struct pci_dev *pdev)
bp->fw_seq = SHMEM_RD(bp, func_mb[BP_FW_MB_IDX(bp)].drv_mb_header) &
DRV_MSG_SEQ_NUMBER_MASK;
- if (netif_running(dev))
- bnx2x_nic_load(bp, LOAD_NORMAL);
+ if (netif_running(dev)) {
+ if (bnx2x_nic_load(bp, LOAD_NORMAL)) {
+ netdev_err(bp->dev, "Error during driver initialization, try unloading/reloading the driver\n");
+ goto done;
+ }
+ }
netif_device_attach(dev);
+done:
rtnl_unlock();
}
--
2.39.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH AUTOSEL 4.14 3/5] sctp: handle invalid error codes without calling BUG()
2023-06-26 21:51 [PATCH AUTOSEL 4.14 1/5] netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Sasha Levin
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 2/5] bnx2x: fix page fault following EEH recovery Sasha Levin
@ 2023-06-26 21:51 ` Sasha Levin
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 4/5] cifs: add a warning when the in-flight count goes negative Sasha Levin
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 5/5] ALSA: seq: oss: Fix racy open/close of MIDI devices Sasha Levin
3 siblings, 0 replies; 6+ messages in thread
From: Sasha Levin @ 2023-06-26 21:51 UTC (permalink / raw
To: linux-kernel, stable
Cc: Dan Carpenter, David S . Miller, Sasha Levin, marcelo.leitner,
lucien.xin, edumazet, kuba, pabeni, linux-sctp, netdev
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit a0067dfcd9418fd3b0632bc59210d120d038a9c6 ]
The sctp_sf_eat_auth() function is supposed to return enum sctp_disposition
values but if the call to sctp_ulpevent_make_authkey() fails, it returns
-ENOMEM.
This results in calling BUG() inside the sctp_side_effects() function.
Calling BUG() is an over reaction and not helpful. Call WARN_ON_ONCE()
instead.
This code predates git.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/sm_sideeffect.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 169819263c0bb..87822421b99db 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -1235,7 +1235,10 @@ static int sctp_side_effects(enum sctp_event event_type,
default:
pr_err("impossible disposition %d in state %d, event_type %d, event_id %d\n",
status, state, event_type, subtype.chunk);
- BUG();
+ error = status;
+ if (error >= 0)
+ error = -EINVAL;
+ WARN_ON_ONCE(1);
break;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH AUTOSEL 4.14 4/5] cifs: add a warning when the in-flight count goes negative
2023-06-26 21:51 [PATCH AUTOSEL 4.14 1/5] netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Sasha Levin
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 2/5] bnx2x: fix page fault following EEH recovery Sasha Levin
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 3/5] sctp: handle invalid error codes without calling BUG() Sasha Levin
@ 2023-06-26 21:51 ` Sasha Levin
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 5/5] ALSA: seq: oss: Fix racy open/close of MIDI devices Sasha Levin
3 siblings, 0 replies; 6+ messages in thread
From: Sasha Levin @ 2023-06-26 21:51 UTC (permalink / raw
To: linux-kernel, stable
Cc: Shyam Prasad N, Bharath SM, Steve French, Sasha Levin, pc,
lsahlber, dhowells, ematsumiya, pc, vl
From: Shyam Prasad N <sprasad@microsoft.com>
[ Upstream commit e4645cc2f1e2d6f268bb8dcfac40997c52432aed ]
We've seen the in-flight count go into negative with some
internal stress testing in Microsoft.
Adding a WARN when this happens, in hope of understanding
why this happens when it happens.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/smb2ops.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index dec306a3b0f41..3287795c648e5 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -78,6 +78,7 @@ smb2_add_credits(struct TCP_Server_Info *server, const unsigned int add,
*val = 65000; /* Don't get near 64K credits, avoid srv bugs */
printk_once(KERN_WARNING "server overflowed SMB3 credits\n");
}
+ WARN_ON_ONCE(server->in_flight == 0);
server->in_flight--;
if (server->in_flight == 0 && (optype & CIFS_OP_MASK) != CIFS_NEG_OP)
rc = change_conf(server);
--
2.39.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH AUTOSEL 4.14 5/5] ALSA: seq: oss: Fix racy open/close of MIDI devices
2023-06-26 21:51 [PATCH AUTOSEL 4.14 1/5] netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Sasha Levin
` (2 preceding siblings ...)
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 4/5] cifs: add a warning when the in-flight count goes negative Sasha Levin
@ 2023-06-26 21:51 ` Sasha Levin
3 siblings, 0 replies; 6+ messages in thread
From: Sasha Levin @ 2023-06-26 21:51 UTC (permalink / raw
To: linux-kernel, stable
Cc: Takashi Iwai, Gong, Sishuai, Sasha Levin, perex, tiwai,
alsa-devel
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 297224fc0922e7385573a30c29ffdabb67f27b7d ]
Although snd_seq_oss_midi_open() and snd_seq_oss_midi_close() can be
called concurrently from different code paths, we have no proper data
protection against races. Introduce open_mutex to each seq_oss_midi
object for avoiding the races.
Reported-by: "Gong, Sishuai" <sishuai@purdue.edu>
Closes: https://lore.kernel.org/r/7DC9AF71-F481-4ABA-955F-76C535661E33@purdue.edu
Link: https://lore.kernel.org/r/20230612125533.27461-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/seq/oss/seq_oss_midi.c | 35 +++++++++++++++++++------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/sound/core/seq/oss/seq_oss_midi.c b/sound/core/seq/oss/seq_oss_midi.c
index cc8f06638edca..7226c03f15934 100644
--- a/sound/core/seq/oss/seq_oss_midi.c
+++ b/sound/core/seq/oss/seq_oss_midi.c
@@ -50,6 +50,7 @@ struct seq_oss_midi {
struct snd_midi_event *coder; /* MIDI event coder */
struct seq_oss_devinfo *devinfo; /* assigned OSSseq device */
snd_use_lock_t use_lock;
+ struct mutex open_mutex;
};
@@ -184,6 +185,7 @@ snd_seq_oss_midi_check_new_port(struct snd_seq_port_info *pinfo)
mdev->flags = pinfo->capability;
mdev->opened = 0;
snd_use_lock_init(&mdev->use_lock);
+ mutex_init(&mdev->open_mutex);
/* copy and truncate the name of synth device */
strlcpy(mdev->name, pinfo->name, sizeof(mdev->name));
@@ -332,14 +334,16 @@ snd_seq_oss_midi_open(struct seq_oss_devinfo *dp, int dev, int fmode)
int perm;
struct seq_oss_midi *mdev;
struct snd_seq_port_subscribe subs;
+ int err;
if ((mdev = get_mididev(dp, dev)) == NULL)
return -ENODEV;
+ mutex_lock(&mdev->open_mutex);
/* already used? */
if (mdev->opened && mdev->devinfo != dp) {
- snd_use_lock_free(&mdev->use_lock);
- return -EBUSY;
+ err = -EBUSY;
+ goto unlock;
}
perm = 0;
@@ -349,14 +353,14 @@ snd_seq_oss_midi_open(struct seq_oss_devinfo *dp, int dev, int fmode)
perm |= PERM_READ;
perm &= mdev->flags;
if (perm == 0) {
- snd_use_lock_free(&mdev->use_lock);
- return -ENXIO;
+ err = -ENXIO;
+ goto unlock;
}
/* already opened? */
if ((mdev->opened & perm) == perm) {
- snd_use_lock_free(&mdev->use_lock);
- return 0;
+ err = 0;
+ goto unlock;
}
perm &= ~mdev->opened;
@@ -381,13 +385,17 @@ snd_seq_oss_midi_open(struct seq_oss_devinfo *dp, int dev, int fmode)
}
if (! mdev->opened) {
- snd_use_lock_free(&mdev->use_lock);
- return -ENXIO;
+ err = -ENXIO;
+ goto unlock;
}
mdev->devinfo = dp;
+ err = 0;
+
+ unlock:
+ mutex_unlock(&mdev->open_mutex);
snd_use_lock_free(&mdev->use_lock);
- return 0;
+ return err;
}
/*
@@ -401,10 +409,9 @@ snd_seq_oss_midi_close(struct seq_oss_devinfo *dp, int dev)
if ((mdev = get_mididev(dp, dev)) == NULL)
return -ENODEV;
- if (! mdev->opened || mdev->devinfo != dp) {
- snd_use_lock_free(&mdev->use_lock);
- return 0;
- }
+ mutex_lock(&mdev->open_mutex);
+ if (!mdev->opened || mdev->devinfo != dp)
+ goto unlock;
memset(&subs, 0, sizeof(subs));
if (mdev->opened & PERM_WRITE) {
@@ -423,6 +430,8 @@ snd_seq_oss_midi_close(struct seq_oss_devinfo *dp, int dev)
mdev->opened = 0;
mdev->devinfo = NULL;
+ unlock:
+ mutex_unlock(&mdev->open_mutex);
snd_use_lock_free(&mdev->use_lock);
return 0;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH AUTOSEL 4.14 1/5] netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
@ 2023-08-29 13:34 Sasha Levin
0 siblings, 0 replies; 6+ messages in thread
From: Sasha Levin @ 2023-08-29 13:34 UTC (permalink / raw
To: linux-kernel, stable
Cc: Dmitry Mastykin, Paul Moore, David S . Miller, Sasha Levin,
edumazet, kuba, pabeni, netdev, linux-security-module
From: Dmitry Mastykin <dmastykin@astralinux.ru>
[ Upstream commit b403643d154d15176b060b82f7fc605210033edd ]
There is a shift wrapping bug in this code on 32-bit architectures.
NETLBL_CATMAP_MAPTYPE is u64, bitmap is unsigned long.
Every second 32-bit word of catmap becomes corrupted.
Signed-off-by: Dmitry Mastykin <dmastykin@astralinux.ru>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netlabel/netlabel_kapi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 15fe2120b3109..14c3d640f94b9 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -871,7 +871,8 @@ int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap,
offset -= iter->startbit;
idx = offset / NETLBL_CATMAP_MAPSIZE;
- iter->bitmap[idx] |= bitmap << (offset % NETLBL_CATMAP_MAPSIZE);
+ iter->bitmap[idx] |= (NETLBL_CATMAP_MAPTYPE)bitmap
+ << (offset % NETLBL_CATMAP_MAPSIZE);
return 0;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-08-29 13:36 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-26 21:51 [PATCH AUTOSEL 4.14 1/5] netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Sasha Levin
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 2/5] bnx2x: fix page fault following EEH recovery Sasha Levin
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 3/5] sctp: handle invalid error codes without calling BUG() Sasha Levin
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 4/5] cifs: add a warning when the in-flight count goes negative Sasha Levin
2023-06-26 21:51 ` [PATCH AUTOSEL 4.14 5/5] ALSA: seq: oss: Fix racy open/close of MIDI devices Sasha Levin
-- strict thread matches above, loose matches on Subject: below --
2023-08-29 13:34 [PATCH AUTOSEL 4.14 1/5] netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Sasha Levin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.