1. 23 Nov, 2019 2 commits
    • John Johansen's avatar
      apparmor: fix wrong buffer allocation in aa_new_mount · 8f21a624
      John Johansen authored
      Fix the following trace caused by the dev_path buffer not being
      allocated.
      
      [  641.044262] AppArmor WARN match_mnt: ((devpath && !devbuffer)):
      [  641.044284] WARNING: CPU: 1 PID: 30709 at ../security/apparmor/mount.c:385 match_mnt+0x133/0x180
      [  641.044286] Modules linked in: snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_hda_codec snd_hda_core qxl ttm snd_hwdep snd_pcm drm_kms_helper snd_seq_midi snd_seq_midi_event drm snd_rawmidi crct10dif_pclmul crc32_pclmul ghash_clmulni_intel iptable_mangle aesni_intel aes_x86_64 xt_tcpudp crypto_simd snd_seq cryptd bridge stp llc iptable_filter glue_helper snd_seq_device snd_timer joydev input_leds snd serio_raw fb_sys_fops 9pnet_virtio 9pnet syscopyarea sysfillrect soundcore sysimgblt qemu_fw_cfg mac_hid sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 8139too psmouse 8139cp i2c_piix4 pata_acpi mii floppy
      [  641.044318] CPU: 1 PID: 30709 Comm: mount Tainted: G      D W         5.1.0-rc4+ #223
      [  641.044320] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
      [  641.044323] RIP: 0010:match_mnt+0x133/0x180
      [  641.044325] Code: 41 5d 41 5e 41 5f c3 48 8b 4c 24 18 eb b1 48 c7 c6 08 84 26 83 48 c7 c7 f0 56 54 83 4c 89 54 24 08 48 89 14 24 e8 7d d3 bb ff <0f> 0b 4c 8b 54 24 08 48 8b 14 24 e9 25 ff ff ff 48 c7 c6 08 84 26
      [  641.044327] RSP: 0018:ffffa9b34ac97d08 EFLAGS: 00010282
      [  641.044329] RAX: 0000000000000000 RBX: ffff9a86725a8558 RCX: 0000000000000000
      [  641.044331] RDX: 0000000000000002 RSI: 0000000000000001 RDI: 0000000000000246
      [  641.044333] RBP: ffffa9b34ac97db0 R08: 0000000000000000 R09: 0000000000000000
      [  641.044334] R10: 0000000000000000 R11: 00000000000077f5 R12: 0000000000000000
      [  641.044336] R13: ffffa9b34ac97e98 R14: ffff9a865e000008 R15: ffff9a86c4cf42b8
      [  641.044338] FS:  00007fab73969740(0000) GS:ffff9a86fbb00000(0000) knlGS:0000000000000000
      [  641.044340] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  641.044342] CR2: 000055f90bc62035 CR3: 00000000aab5f006 CR4: 00000000003606e0
      [  641.044346] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [  641.044348] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [  641.044349] Call Trace:
      [  641.044355]  aa_new_mount+0x119/0x2c0
      [  641.044363]  apparmor_sb_mount+0xd4/0x430
      [  641.044367]  security_sb_mount+0x46/0x70
      [  641.044372]  do_mount+0xbb/0xeb0
      [  641.044377]  ? memdup_user+0x4b/0x70
      [  641.044380]  ksys_mount+0x7e/0xd0
      [  641.044384]  __x64_sys_mount+0x21/0x30
      [  641.044388]  do_syscall_64+0x5a/0x1a0
      [  641.044392]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
      [  641.044394] RIP: 0033:0x7fab73a8790a
      [  641.044397] Code: 48 8b 0d 89 85 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 56 85 0c 00 f7 d8 64 89 01 48
      [  641.044399] RSP: 002b:00007ffe0ffe4238 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
      [  641.044401] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fab73a8790a
      [  641.044429] RDX: 000055f90bc6203b RSI: 00007ffe0ffe57b1 RDI: 00007ffe0ffe57a5
      [  641.044431] RBP: 00007ffe0ffe4250 R08: 0000000000000000 R09: 00007fab73b51d80
      [  641.044433] R10: 00000000c0ed0004 R11: 0000000000000206 R12: 000055f90bc610b0
      [  641.044434] R13: 00007ffe0ffe4330 R14: 0000000000000000 R15: 0000000000000000
      [  641.044457] irq event stamp: 0
      [  641.044460] hardirqs last  enabled at (0): [<0000000000000000>]           (null)
      [  641.044463] hardirqs last disabled at (0): [<ffffffff82290114>] copy_process.part.30+0x734/0x23f0
      [  641.044467] softirqs last  enabled at (0): [<ffffffff82290114>] copy_process.part.30+0x734/0x23f0
      [  641.044469] softirqs last disabled at (0): [<0000000000000000>]           (null)
      [  641.044470] ---[ end trace c0d54bdacf6af6b2 ]---
      
      Fixes: df323337 ("apparmor: Use a memory pool instead per-CPU caches")
      Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      8f21a624
    • Colin Ian King's avatar
      apparmor: fix unsigned len comparison with less than zero · 00e0590d
      Colin Ian King authored
      The sanity check in macro update_for_len checks to see if len
      is less than zero, however, len is a size_t so it can never be
      less than zero, so this sanity check is a no-op.  Fix this by
      making len a ssize_t so the comparison will work and add ulen
      that is a size_t copy of len so that the min() macro won't
      throw warnings about comparing different types.
      
      Addresses-Coverity: ("Macro compares unsigned to 0")
      Fixes: f1bd9041 ("apparmor: add the base fns() for domain labels")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      00e0590d
  2. 20 Jun, 2019 4 commits
  3. 17 Apr, 2019 1 commit
  4. 11 Apr, 2019 4 commits
  5. 10 Apr, 2019 7 commits
  6. 09 Apr, 2019 3 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 869e3305
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Off by one and bounds checking fixes in NFC, from Dan Carpenter.
      
       2) There have been many weird regressions in r8169 since we turned ASPM
          support on, some are still not understood nor completely resolved.
          Let's turn this back off for now. From Heiner Kallweit.
      
       3) Signess fixes for ethtool speed value handling, from Michael
          Zhivich.
      
       4) Handle timestamps properly in macb driver, from Paul Thomas.
      
       5) Two erspan fixes, it's the usual "skb ->data potentially reallocated
          and we're holding a stale protocol header pointer". From Lorenzo
          Bianconi.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        bnxt_en: Reset device on RX buffer errors.
        bnxt_en: Improve RX consumer index validity check.
        net: macb driver, check for SKBTX_HW_TSTAMP
        qlogic: qlcnic: fix use of SPEED_UNKNOWN ethtool constant
        broadcom: tg3: fix use of SPEED_UNKNOWN ethtool constant
        ethtool: avoid signed-unsigned comparison in ethtool_validate_speed()
        net: ip6_gre: fix possible use-after-free in ip6erspan_rcv
        net: ip_gre: fix possible use-after-free in erspan_rcv
        r8169: disable ASPM again
        MAINTAINERS: ieee802154: update documentation file pattern
        net: vrf: Fix ping failed when vrf mtu is set to 0
        selftests: add a tc matchall test case
        nfc: nci: Potential off by one in ->pipes[] array
        NFC: nci: Add some bounds checking in nci_hci_cmd_received()
      869e3305
    • Linus Torvalds's avatar
      Merge branch 'fixes-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · a556810d
      Linus Torvalds authored
      Pull TPM fixes from James Morris:
       "From Jarkko: These are critical fixes for v5.1. Contains also couple
        of new selftests for v5.1 features (partial reads in /dev/tpm0)"
      
      * 'fixes-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        selftests/tpm2: Open tpm dev in unbuffered mode
        selftests/tpm2: Extend tests to cover partial reads
        KEYS: trusted: fix -Wvarags warning
        tpm: Fix the type of the return value in calc_tpm2_event_size()
        KEYS: trusted: allow trusted.ko to initialize w/o a TPM
        tpm: fix an invalid condition in tpm_common_poll
        tpm: turn on TPM on suspend for TPM 1.x
      a556810d
    • Linus Torvalds's avatar
      Merge tag 'xtensa-20190408' of git://github.com/jcmvbkbc/linux-xtensa · 10d43397
      Linus Torvalds authored
      Pull xtensa fixes from Max Filippov:
      
       - fix syscall number passed to trace_sys_exit
      
       - fix syscall number initialization in start_thread
      
       - fix level interpretation in the return_address
      
       - fix format string warning in init_pmd
      
      * tag 'xtensa-20190408' of git://github.com/jcmvbkbc/linux-xtensa:
        xtensa: fix format string warning in init_pmd
        xtensa: fix return_address
        xtensa: fix initialization of pt_regs::syscall in start_thread
        xtensa: use actual syscall number in do_syscall_trace_leave
      10d43397
  7. 08 Apr, 2019 19 commits