1. 25 Jul, 2022 4 commits
  2. 24 Jul, 2022 2 commits
  3. 22 Jul, 2022 22 commits
  4. 21 Jul, 2022 7 commits
  5. 20 Jul, 2022 5 commits
    • Linus Torvalds's avatar
      watchqueue: make sure to serialize 'wqueue->defunct' properly · 353f7988
      Linus Torvalds authored
      When the pipe is closed, we mark the associated watchqueue defunct by
      calling watch_queue_clear().  However, while that is protected by the
      watchqueue lock, new watchqueue entries aren't actually added under that
      lock at all: they use the pipe->rd_wait.lock instead, and looking up
      that pipe happens without any locking.
      
      The watchqueue code uses the RCU read-side section to make sure that the
      wqueue entry itself hasn't disappeared, but that does not protect the
      pipe_info in any way.
      
      So make sure to actually hold the wqueue lock when posting watch events,
      properly serializing against the pipe being torn down.
      Reported-by: default avatarNoam Rathaus <noamr@ssd-disclosure.com>
      Cc: Greg KH <gregkh@linuxfoundation.org>
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      353f7988
    • Eric Snowberg's avatar
      lockdown: Fix kexec lockdown bypass with ima policy · 543ce63b
      Eric Snowberg authored
      The lockdown LSM is primarily used in conjunction with UEFI Secure Boot.
      This LSM may also be used on machines without UEFI.  It can also be
      enabled when UEFI Secure Boot is disabled.  One of lockdown's features
      is to prevent kexec from loading untrusted kernels.  Lockdown can be
      enabled through a bootparam or after the kernel has booted through
      securityfs.
      
      If IMA appraisal is used with the "ima_appraise=log" boot param,
      lockdown can be defeated with kexec on any machine when Secure Boot is
      disabled or unavailable.  IMA prevents setting "ima_appraise=log" from
      the boot param when Secure Boot is enabled, but this does not cover
      cases where lockdown is used without Secure Boot.
      
      To defeat lockdown, boot without Secure Boot and add ima_appraise=log to
      the kernel command line; then:
      
        $ echo "integrity" > /sys/kernel/security/lockdown
        $ echo "appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig" > \
          /sys/kernel/security/ima/policy
        $ kexec -ls unsigned-kernel
      
      Add a call to verify ima appraisal is set to "enforce" whenever lockdown
      is enabled.  This fixes CVE-2022-21505.
      
      Cc: stable@vger.kernel.org
      Fixes: 29d3c1c8 ("kexec: Allow kexec_file() with appropriate IMA policy when locked down")
      Signed-off-by: default avatarEric Snowberg <eric.snowberg@oracle.com>
      Acked-by: default avatarMimi Zohar <zohar@linux.ibm.com>
      Reviewed-by: default avatarJohn Haxby <john.haxby@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      543ce63b
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-5.19-20220720' of... · 44484fa8
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-5.19-20220720' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      this is a pull request of 2 patches for net/master.
      
      The first patch is by me and fixes the detection of the mcp251863 in
      the mcp251xfd driver.
      
      The last patch is by Liang He and adds a missing of_node_put() in the
      rcar_canfd driver.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      44484fa8
    • Ido Schimmel's avatar
      mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication · e5ec6a25
      Ido Schimmel authored
      mlxsw needs to distinguish nexthops with a gateway from connected
      nexthops in order to write the former to the adjacency table of the
      device. The check used to rely on the fact that nexthops with a gateway
      have a 'link' scope whereas connected nexthops have a 'host' scope. This
      is no longer correct after commit 747c1430 ("ip: fix dflt addr
      selection for connected nexthop").
      
      Fix that by instead checking the address family of the gateway IP. This
      is a more direct way and also consistent with the IPv6 counterpart in
      mlxsw_sp_rt6_is_gateway().
      
      Cc: stable@vger.kernel.org
      Fixes: 747c1430 ("ip: fix dflt addr selection for connected nexthop")
      Fixes: 597cfe4f ("nexthop: Add support for IPv4 nexthops")
      Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Reviewed-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Reviewed-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e5ec6a25
    • Oz Shlomo's avatar
      net/sched: cls_api: Fix flow action initialization · c0f47c28
      Oz Shlomo authored
      The cited commit refactored the flow action initialization sequence to
      use an interface method when translating tc action instances to flow
      offload objects. The refactored version skips the initialization of the
      generic flow action attributes for tc actions, such as pedit, that allocate
      more than one offload entry. This can cause potential issues for drivers
      mapping flow action ids.
      
      Populate the generic flow action fields for all the flow action entries.
      
      Fixes: c54e1d92 ("flow_offload: add ops to tc_action_ops for flow action setup")
      Signed-off-by: default avatarOz Shlomo <ozsh@nvidia.com>
      Reviewed-by: default avatarRoi Dayan <roid@nvidia.com>
      
      ----
      v1 -> v2:
       - coalese the generic flow action fields initialization to a single loop
      Reviewed-by: default avatarBaowen Zheng <baowen.zheng@corigine.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0f47c28