mirror of
https://github.com/hardkernel/linux.git
synced 2026-04-01 18:53:02 +09:00
16ce487b86fe055ee2efb84ab53cd12802dc509e
416 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Jarkko Sakkinen
|
b8f9c3ef28 |
KEYS: trusted: Fix migratable=1 failing
commit |
||
|
Yang Xu
|
6de3a0ca7c |
KEYS: reaching the keys quotas correctly
commit |
||
|
David Howells
|
f6126ad72d |
keys: Timestamp new keys
[ Upstream commit |
||
|
Hillf Danton
|
1f3d6bae0a |
keys: Fix missing null pointer check in request_key_auth_describe()
[ Upstream commit |
||
|
Eric Biggers
|
71d8548735 |
KEYS: restrict /proc/keys by credentials at open time
commit |
||
|
Eric Biggers
|
0c08e83c07 |
KEYS: always initialize keyring_index_key::desc_len
commit |
||
|
Eric Biggers
|
e4eae310e1 |
KEYS: allow reaching the keys quotas exactly
commit |
||
|
Greg Kroah-Hartman
|
a9d027374a |
Merge 4.9.84 into android-4.9
Changes in 4.9.84
vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
kcm: Check if sk_user_data already set in kcm_attach
kcm: Only allow TCP sockets to be attached to a KCM mux
cfg80211: check dev_set_name() return value
xfrm: skip policies marked as dead while rehashing
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
xfrm: check id proto in validate_tmpl()
sctp: set frag_point in sctp_setsockopt_maxseg correctly
blktrace: fix unlocked registration of tracepoints
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
Provide a function to create a NUL-terminated string from unterminated data
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
selinux: skip bounded transition processing if the policy isn't loaded
crypto: x86/twofish-3way - Fix %rbp usage
staging: android: ion: Add __GFP_NOWARN for system contig heap
staging: android: ion: Switch from WARN to pr_warn
blk_rq_map_user_iov: fix error override
KVM: x86: fix escape of guest dr6 to the host
kcov: detect double association with a single task
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete
net: avoid skb_warn_bad_offload on IS_ERR
crypto: hash - annotate algorithms taking optional key
crypto: hash - prevent using keyed hashes without setting key
ASoC: ux500: add MODULE_LICENSE tag
video: fbdev/mmp: add MODULE_LICENSE
ARM: 8743/1: bL_switcher: add MODULE_LICENSE tag
arm64: dts: add #cooling-cells to CPU nodes
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
staging: android: ashmem: Fix a race condition in pin ioctls
binder: check for binder_thread allocation failure in binder_poll()
staging: iio: adc: ad7192: fix external frequency setting
staging: iio: ad5933: switch buffer mode to software
usbip: keep usbip_device sockfd state in sync with tcp_socket
usb: build drivers/usb/common/ when USB_SUPPORT is set
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: dts: logicpd-som-lv: Fix gpmc addresses for NAND and enet
ARM: dts: logicpd-somlv: Fix wl127x pinmux
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: am437x-cm-t43: Correct the dmas property of spi0
perf top: Fix window dimensions change handling
perf bench numa: Fixup discontiguous/sparse numa nodes
media: s5k6aa: describe some function parameters
pinctrl: sunxi: Fix A80 interrupt pin bank
pinctrl: sunxi: Fix A64 UART mux value
i40iw: Correct ARP index mask
RDMA/cma: Make sure that PSN is not over max allowed
sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
ipvlan: Add the skb->mark as flow4's member to lookup route
m68k: add missing SOFTIRQENTRY_TEXT linker section
powerpc/perf: Fix oops when grouping different pmu events
s390/dasd: prevent prefix I/O error
ARM: dts: Fix elm interrupt compiler warning
gianfar: fix a flooded alignment reports because of padding issue.
net_sched: red: Avoid devision by zero
net_sched: red: Avoid illegal values
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
brcmfmac: Avoid build error with make W=1
net: ethernet: arc: fix error handling in emac_rockchip_probe
509: fix printing uninitialized stack memory when OID is empty
gianfar: Disable EEE autoneg by default
dmaengine: ioat: Fix error handling path
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
clk: fix a panic error caused by accessing NULL pointer
ASoC: rockchip: disable clock on error
spi: sun4i: disable clocks in the remove function
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
drm/armada: fix leak of crtc structure
dmaengine: jz4740: disable/unprepare clk if probe fails
usb: dwc3: gadget: Wait longer for controller to end command processing
usb: dwc3: of-simple: fix missing clk_disable_unprepare
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
platform/x86: dell-laptop: Fix keyboard max lighting for Dell Latitude E6410
xen: XEN_ACPI_PROCESSOR is Dom0-only
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
powerpc/64s: Fix conversion of slb_miss_common to use RFI_TO_USER/KERNEL
powerpc/64s: Simple RFI macro conversions
powerpc/64s: Improve RFI L1-D cache flush fallback
crypto: talitos - fix Kernel Oops on hashing an empty file
drm/i915: fix intel_backlight_device_register declaration
shmem: avoid maybe-uninitialized warning
clk: sunxi-ng: fix build error without CONFIG_RESET_CONTROLLER
vmxnet3: prevent building with 64K pages
perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
PCI: vmd: Fix suspend handlers defined-but-not-used warning
gpio: intel-mid: Fix build warning when !CONFIG_PM
platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
usb: musb: fix compilation warning on unused function
PCI: Change pci_host_common_probe() visibility
perf: xgene: Include module.h
video: fbdev: via: remove possibly unused variables
scsi: advansys: fix build warning for PCI=n
x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
gpio: xgene: mark PM functions as __maybe_unused
arm64: define BUG() instruction without CONFIG_BUG
x86/fpu/math-emu: Fix possible uninitialized variable use
tools build: Add tools tree support for 'make -s'
x86/build: Silence the build with "make -s"
thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
x86: add MULTIUSER dependency for KVM
dmaengine: zx: fix build warning
x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
x86/vm86: Fix unused variable warning if THP is disabled
scsi: advansys: fix uninitialized data access
arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
ALSA: hda/ca0132 - fix possible NULL pointer use
reiserfs: avoid a -Wmaybe-uninitialized warning
cw1200: fix bogus maybe-uninitialized warning
security/keys: BIG_KEY requires CONFIG_CRYPTO
drm: exynos: mark pm functions as __maybe_unused
rbd: silence bogus -Wmaybe-uninitialized warning
drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
KVM: add X86_LOCAL_APIC dependency
shmem: fix compilation warnings on unused functions
tc358743: fix register i2c_rd/wr functions
go7007: add MEDIA_CAMERA_SUPPORT dependency
em28xx: only use mt9v011 if camera support is enabled
tw5864: use dev_warn instead of WARN to shut up warning
ISDN: eicon: reduce stack size of sig_ind function
clk: meson: gxbb: fix build error without RESET_CONTROLLER
kasan: rework Kconfig settings
drm/i915: hide unused intel_panel_set_backlight function
arm64: sunxi: always enable reset controller
binfmt_elf: compat: avoid unused function warning
spi: bcm-qspi: shut up warning about cfi header inclusion
idle: i7300: add PCI dependency
arm64: fix warning about swapper_pg_dir overflow
usb: phy: msm add regulator dependency
x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug
KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
KVM: VMX: clean up declaration of VPID/EPT invalidation types
KVM: nVMX: invvpid handling improvements
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
Linux 4.9.84
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Arnd Bergmann
|
077463be4f |
security/keys: BIG_KEY requires CONFIG_CRYPTO
commit |
||
|
Greg Kroah-Hartman
|
f8bbe517d0 |
Merge 4.9.81 into android-4.9
Changes in 4.9.81
powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
powerpc/64: Add macros for annotating the destination of rfid/hrfid
powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
powerpc/64s: Add support for RFI flush of L1-D cache
powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
powerpc/pseries: Query hypervisor for RFI flush settings
powerpc/powernv: Check device-tree for RFI flush settings
powerpc/64s: Wire up cpu_show_meltdown()
powerpc/64s: Allow control of RFI flush via debugfs
auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
kaiser: fix intel_bts perf crashes
x86/pti: Make unpoison of pgd for trusted boot work for real
kaiser: allocate pgd with order 0 when pti=off
serial: core: mark port as initialized after successful IRQ change
ip6mr: fix stale iterator
net: igmp: add a missing rcu locking section
qlcnic: fix deadlock bug
qmi_wwan: Add support for Quectel EP06
r8169: fix RTL8168EP take too long to complete driver initialization.
tcp: release sk_frag.page in tcp_disconnect
vhost_net: stop device during reset owner
tcp_bbr: fix pacing_gain to always be unity when using lt_bw
cls_u32: add missing RCU annotation.
ipv6: Fix SO_REUSEPORT UDP socket with implicit sk_ipv6only
soreuseport: fix mem leak in reuseport_add_sock()
x86/asm: Fix inline asm call constraints for GCC 4.4
x86/microcode/AMD: Do not load when running on a hypervisor
media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
b43: Add missing MODULE_FIRMWARE()
KEYS: encrypted: fix buffer overread in valid_master_desc()
x86/retpoline: Remove the esp/rsp thunk
KVM: x86: Make indirect calls in emulator speculation safe
KVM: VMX: Make indirect call speculation safe
module/retpoline: Warn about missing retpoline in module
x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
x86/cpufeatures: Add Intel feature bits for Speculation Control
x86/cpufeatures: Add AMD feature bits for Speculation Control
x86/msr: Add definitions for new speculation control MSRs
x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
x86/nospec: Fix header guards names
x86/bugs: Drop one "mitigation" from dmesg
x86/cpu/bugs: Make retpoline module warning conditional
x86/cpufeatures: Clean up Spectre v2 related CPUID flags
x86/retpoline: Simplify vmexit_fill_RSB()
x86/spectre: Check CONFIG_RETPOLINE in command line parser
x86/entry/64: Remove the SYSCALL64 fast path
x86/entry/64: Push extra regs right away
x86/asm: Move 'status' from thread_struct to thread_info
Documentation: Document array_index_nospec
array_index_nospec: Sanitize speculative array de-references
x86: Implement array_index_mask_nospec
x86: Introduce barrier_nospec
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/get_user: Use pointer masking to limit speculation
x86/syscall: Sanitize syscall table de-references under speculation
vfs, fdtable: Prevent bounds-check bypass via speculative execution
nl80211: Sanitize array index in parse_txq_params
x86/spectre: Report get_user mitigation for spectre_v1
x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
x86/paravirt: Remove 'noreplace-paravirt' cmdline option
x86/kvm: Update spectre-v1 mitigation
x86/retpoline: Avoid retpolines for built-in __init functions
x86/spectre: Simplify spectre_v2 command line parsing
x86/pti: Mark constant arrays as __initconst
x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
KVM: nVMX: kmap() can't fail
KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
KVM: nVMX: mark vmcs12 pages dirty on L2 exit
KVM: nVMX: Eliminate vmcs02 pool
KVM: VMX: introduce alloc_loaded_vmcs
KVM: VMX: make MSR bitmaps per-VCPU
KVM/x86: Add IBPB support
KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
crypto: tcrypt - fix S/G table for test_aead_speed()
ASoC: simple-card: Fix misleading error message
ASoC: rsnd: don't call free_irq() on Parent SSI
ASoC: rsnd: avoid duplicate free_irq()
drm: rcar-du: Use the VBK interrupt for vblank events
drm: rcar-du: Fix race condition when disabling planes at CRTC stop
x86/microcode: Do the family check first
Linux 4.9.81
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Eric Biggers
|
9692602ab8 |
KEYS: encrypted: fix buffer overread in valid_master_desc()
commit
|
||
|
Greg Kroah-Hartman
|
3f1d77ca5f |
Merge 4.9.69 into android-4.9
Changes in 4.9.69 usb: gadget: udc: renesas_usb3: fix number of the pipes can: ti_hecc: Fix napi poll return value for repoll can: kvaser_usb: free buf in error paths can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() can: kvaser_usb: ratelimit errors if incomplete messages are received can: kvaser_usb: cancel urb on -EPIPE and -EPROTO can: ems_usb: cancel urb on -EPIPE and -EPROTO can: esd_usb2: cancel urb on -EPIPE and -EPROTO can: usb_8dev: cancel urb on -EPIPE and -EPROTO virtio: release virtio index when fail to device_register hv: kvp: Avoid reading past allocated blocks from KVP file isa: Prevent NULL dereference in isa_bus driver callbacks scsi: dma-mapping: always provide dma_get_cache_alignment scsi: use dma_get_cache_alignment() as minimum DMA alignment scsi: libsas: align sata_device's rps_resp on a cacheline efi: Move some sysfs files to be read-only by root efi/esrt: Use memunmap() instead of kfree() to free the remapping ASN.1: fix out-of-bounds read when parsing indefinite length item ASN.1: check for error from ASN1_OP_END__ACT actions KEYS: add missing permission check for request_key() destination X.509: reject invalid BIT STRING for subjectPublicKey X.509: fix comparisons of ->pkey_algo x86/PCI: Make broadcom_postcore_init() check acpi_disabled KVM: x86: fix APIC page invalidation btrfs: fix missing error return in btrfs_drop_snapshot ALSA: pcm: prevent UAF in snd_pcm_info ALSA: seq: Remove spurious WARN_ON() at timer check ALSA: usb-audio: Fix out-of-bound error ALSA: usb-audio: Add check return value for usb_string() iommu/vt-d: Fix scatterlist offset handling smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place s390: fix compat system call table KVM: s390: Fix skey emulation permission check powerpc/64s: Initialize ISAv3 MMU registers before setting partition table brcmfmac: change driver unbind order of the sdio function devices kdb: Fix handling of kallsyms_symbol_next() return value drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU media: dvb: i2c transfers over usb cannot be done from stack arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one KVM: VMX: remove I/O port 0x80 bypass on Intel hosts KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation KVM: arm/arm64: vgic-its: Check result of allocation before use arm64: fpsimd: Prevent registers leaking from dead tasks bus: arm-cci: Fix use of smp_processor_id() in preemptible context bus: arm-ccn: Check memory allocation failure bus: arm-ccn: Fix use of smp_processor_id() in preemptible context bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left. crypto: talitos - fix AEAD test failures crypto: talitos - fix memory corruption on SEC2 crypto: talitos - fix setkey to check key weakness crypto: talitos - fix AEAD for sha224 on non sha224 capable chips crypto: talitos - fix use of sg_link_tbl_len crypto: talitos - fix ctr-aes-talitos usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT ARM: BUG if jumping to usermode address in kernel mode ARM: avoid faulting on qemu thp: reduce indentation level in change_huge_pmd() thp: fix MADV_DONTNEED vs. numa balancing race mm: drop unused pmdp_huge_get_and_clear_notify() Revert "drm/armada: Fix compile fail" Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" ARM: 8657/1: uaccess: consistently check object sizes vti6: Don't report path MTU below IPV6_MIN_MTU. ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure x86/selftests: Add clobbers for int80 on x86_64 x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register sched/fair: Make select_idle_cpu() more aggressive x86/hpet: Prevent might sleep splat on resume powerpc/64: Invalidate process table caching after setting process table selftest/powerpc: Fix false failures for skipped tests powerpc: Fix compiling a BE kernel with a powerpc64le toolchain lirc: fix dead lock between open and wakeup_filter module: set __jump_table alignment to 8 powerpc/64: Fix checksum folding in csum_add() ARM: OMAP2+: Fix device node reference counts ARM: OMAP2+: Release device node after it is no longer needed. ASoC: rcar: avoid SSI_MODEx settings for SSI8 gpio: altera: Use handle_level_irq when configured as a level_high HID: chicony: Add support for another ASUS Zen AiO keyboard usb: gadget: configs: plug memory leak USB: gadgetfs: Fix a potential memory leak in 'dev_config()' usb: dwc3: gadget: Fix system suspend/resume on TI platforms usb: gadget: pxa27x: Test for a valid argument pointer usb: gadget: udc: net2280: Fix tmp reusage in net2280 driver kvm: nVMX: VMCLEAR should not cause the vCPU to shut down libata: drop WARN from protocol error in ata_sff_qc_issue() workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq scsi: qla2xxx: Fix ql_dump_buffer scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters irqchip/crossbar: Fix incorrect type of register size KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset arm: KVM: Survive unknown traps from guests arm64: KVM: Survive unknown traps from guests KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled spi_ks8995: fix "BUG: key accdaa28 not in .data!" spi_ks8995: regs_size incorrect for some devices bnx2x: prevent crash when accessing PTP with interface down bnx2x: fix possible overrun of VFPF multicast addresses array bnx2x: fix detection of VLAN filtering feature for VF bnx2x: do not rollback VF MAC/VLAN filters we did not configure rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races ibmvnic: Fix overflowing firmware/hardware TX queue ibmvnic: Allocate number of rx/tx buffers agreed on by firmware ipv6: reorder icmpv6_init() and ip6_mr_init() crypto: s5p-sss - Fix completing crypto request in IRQ handler i2c: riic: fix restart condition blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue() zram: set physical queue limits to avoid array out of bounds accesses netfilter: don't track fragmented packets axonram: Fix gendisk handling drm/amd/amdgpu: fix console deadlock if late init failed powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro EDAC, i5000, i5400: Fix definition of NRECMEMB register kbuild: pkg: use --transform option to prefix paths in tar coccinelle: fix parallel build with CHECK=scripts/coccicheck x86/mpx/selftests: Fix up weird arrays mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() gre6: use log_ecn_error module parameter in ip6_tnl_rcv() route: also update fnhe_genid when updating a route cache route: update fnhe_expires for redirect when the fnhe exists drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' lib/genalloc.c: make the avail variable an atomic_long_t dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 NFS: Fix a typo in nfs_rename() sunrpc: Fix rpc_task_begin trace point xfs: fix forgotten rcu read unlock when skipping inode reclaim dt-bindings: usb: fix reg-property port-number range block: wake up all tasks blocked in get_request() sparc64/mm: set fields in deferred pages zsmalloc: calling zs_map_object() from irq is a bug sctp: do not free asoc when it is already dead in sctp_sendmsg sctp: use the right sk after waking up from wait_buf sleep bpf: fix lockdep splat clk: uniphier: fix DAPLL2 clock rate of Pro5 atm: horizon: Fix irq release error jump_label: Invoke jump_label_test() via early_initcall() xfrm: Copy policy family in clone_policy IB/mlx4: Increase maximal message size under UD QP IB/mlx5: Assign send CQ and recv CQ of UMR QP afs: Connect up the CB.ProbeUuid Linux 4.9.69 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Biggers
|
982707eb4f |
KEYS: add missing permission check for request_key() destination
commit |
||
|
Greg Kroah-Hartman
|
44a3afcce1 |
Merge 4.9.63 into android-4.9
Changes in 4.9.63 gso: fix payload length when gso_size is zero tun/tap: sanitize TUNSETSNDBUF input ipv6: addrconf: increment ifp refcount before ipv6_del_addr() netlink: do not set cb_running if dump's start() errs net: call cgroup_sk_alloc() earlier in sk_clone_lock() tcp: fix tcp_mtu_probe() vs highest_sack l2tp: check ps->sock before running pppol2tp_session_ioctl() tun: call dev_get_valid_name() before register_netdevice() sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect tcp/dccp: fix ireq->opt races packet: avoid panic in packet_getsockopt() soreuseport: fix initialization race ipv6: flowlabel: do not leave opt->tot_len with garbage sctp: full support for ipv6 ip_nonlocal_bind & IP_FREEBIND tcp/dccp: fix lockdep splat in inet_csk_route_req() tcp/dccp: fix other lockdep splats accessing ireq_opt net/unix: don't show information about sockets from other namespaces tap: double-free in error path in tap_open() ipip: only increase err_count for some certain type icmp in ipip_err ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err ip6_gre: update dst pmtu if dev mtu has been updated by toobig in __gre6_xmit tun: allow positive return values on dev_get_valid_name() call sctp: reset owner sk for data chunks on out queues when migrating a sock net_sched: avoid matching qdisc with zero handle ppp: fix race in ppp device destruction mac80211: accept key reinstall without changing anything mac80211: use constant time comparison with keys mac80211: don't compare TKIP TX MIC key in reinstall prevention usb: usbtest: fix NULL pointer dereference Input: ims-psu - check if CDC union descriptor is sane ALSA: seq: Cancel pending autoload work at unbinding device Revert "ARM: dts: imx53-qsb-common: fix FEC pinmux config" netfilter: nat: avoid use of nf_conn_nat extension netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable" security/keys: add CONFIG_KEYS_COMPAT to Kconfig brcmfmac: remove setting IBSS mode when stopping AP target/iscsi: Fix iSCSI task reassignment handling qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT (v2) misc: panel: properly restore atomic counter on error path Linux 4.9.63 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Bilal Amarni
|
31c8c49428 |
security/keys: add CONFIG_KEYS_COMPAT to Kconfig
commit
|
||
|
Greg Kroah-Hartman
|
a6d71ba679 |
Merge 4.9.62 into android-4.9
Changes in 4.9.62 adv7604: Initialize drive strength to default when using DT video: fbdev: pmag-ba-fb: Remove bad `__init' annotation PCI: mvebu: Handle changes to the bridge windows while enabled sched/core: Add missing update_rq_clock() call in sched_move_task() xen/netback: set default upper limit of tx/rx queues to 8 ARM: dts: imx53-qsb-common: fix FEC pinmux config dt-bindings: clockgen: Add compatible string for LS1012A EDAC, amd64: Add x86cpuid sanity check during init PM / OPP: Error out on failing to add static OPPs for v1 bindings clk: samsung: exynos5433: Add IDs for PHYCLK_MIPIDPHY0_* clocks drm: drm_minor_register(): Clean up debugfs on failure KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter iommu/arm-smmu-v3: Clear prior settings when updating STEs pinctrl: baytrail: Fix debugfs offset output powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 cxl: Force psl data-cache flush during device shutdown ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 arm64: dma-mapping: Only swizzle DMA ops for IOMMU_DOMAIN_DMA crypto: vmx - disable preemption to enable vsx in aes_ctr.c drm: mali-dp: fix Lx_CONTROL register fields clobber iio: trigger: free trigger resource correctly iio: pressure: ms5611: claim direct mode during oversampling changes iio: magnetometer: mag3110: claim direct mode during raw writes iio: proximity: sx9500: claim direct mode during raw proximity reads dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification dt-bindings: Add vendor prefix for LEGO phy: increase size of MII_BUS_ID_SIZE and bus_id serial: sh-sci: Fix register offsets for the IRDA serial port libertas: fix improper return value usb: hcd: initialize hcd->flags to 0 when rm hcd netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family brcmfmac: setup wiphy bands after registering it first rt2800usb: mark tx failure on timeout apparmor: fix undefined reference to `aa_g_hash_policy' IPsec: do not ignore crypto err in ah4 input EDAC, amd64: Save and return err code from probe_one_instance() s390/topology: make "topology=off" parameter work Input: mpr121 - handle multiple bits change of status register Input: mpr121 - set missing event capability sched/cputime, powerpc32: Fix stale scaled stime on context switch IB/ipoib: Change list_del to list_del_init in the tx object ARM: dts: STiH410-family: fix wrong parent clock frequency s390/qeth: fix retrieval of vipa and proxy-arp addresses s390/qeth: issue STARTLAN as first IPA command wcn36xx: Don't use the destroyed hal_mutex IB/rxe: Fix reference leaks in memory key invalidation code clk: mvebu: adjust AP806 CPU clock frequencies to production chip net: dsa: select NET_SWITCHDEV platform/x86: hp-wmi: Fix detection for dock and tablet mode cdc_ncm: Set NTB format again after altsetting switch for Huawei devices KEYS: trusted: sanitize all key material KEYS: trusted: fix writing past end of buffer in trusted_read() platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state platform/x86: hp-wmi: Do not shadow error values x86/uaccess, sched/preempt: Verify access_ok() context workqueue: Fix NULL pointer dereference crypto: ccm - preserve the IV buffer crypto: x86/sha1-mb - fix panic due to unaligned access crypto: x86/sha256-mb - fix panic due to unaligned access KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2] ARM: 8720/1: ensure dump_instr() checks addr_limit ALSA: seq: Fix OSS sysex delivery in OSS emulation ALSA: seq: Avoid invalid lockdep class warning drm/i915: Do not rely on wm preservation for ILK watermarks MIPS: microMIPS: Fix incorrect mask in insn_table_MM MIPS: Fix CM region target definitions MIPS: SMP: Use a completion event to signal CPU up MIPS: Fix race on setting and getting cpu_online_mask MIPS: SMP: Fix deadlock & online race selftests: firmware: send expected errors to /dev/null tools: firmware: check for distro fallback udev cancel rule ASoC: sun4i-spdif: remove legacy dapm components MIPS: BMIPS: Fix missing cbr address MIPS: AR7: Defer registration of GPIO MIPS: AR7: Ensure that serial ports are properly set up Input: elan_i2c - add ELAN060C to the ACPI table rbd: use GFP_NOIO for parent stat and data requests drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue drm/bridge: adv7511: Rework adv7511_power_on/off() so they can be reused internally drm/bridge: adv7511: Reuse __adv7511_power_on/off() when probing EDID drm/bridge: adv7511: Re-write the i2c address before EDID probing can: sun4i: handle overrun in RX FIFO can: ifi: Fix transmitter delay calculation can: c_can: don't indicate triple sampling support for D_CAN x86/smpboot: Make optimization of delay calibration work correctly x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context Linux 4.9.62 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Biggers
|
419ec342d3 |
KEYS: trusted: fix writing past end of buffer in trusted_read()
commit |
||
|
Eric Biggers
|
64a234537a |
KEYS: trusted: sanitize all key material
commit
|
||
|
Greg Kroah-Hartman
|
c4789f87f6 |
Merge 4.9.61 into android-4.9
Changes in 4.9.61 ALSA: timer: Add missing mutex lock for compat ioctls ALSA: seq: Fix nested rwsem annotation for lockdep splat cifs: check MaxPathNameComponentLength != 0 before using it KEYS: return full count in keyring_read() if buffer is too small KEYS: fix out-of-bounds read during ASN.1 parsing ASoC: adau17x1: Workaround for noise bug in ADC arm64: ensure __dump_instr() checks addr_limit arm/arm64: KVM: set right LR register value for 32 bit guest when inject abort arm/arm64: kvm: Disable branch profiling in HYP code ARM: 8715/1: add a private asm/unaligned.h drm/amdgpu: return -ENOENT from uvd 6.0 early init for harvesting ocfs2: fstrim: Fix start offset of first cluster group during fstrim drm/i915/edp: read edp display control registers unconditionally drm/msm: Fix potential buffer overflow issue drm/msm: fix an integer overflow test tracing/samples: Fix creation and deletion of simple_thread_fn creation Fix tracing sample code warning. cpufreq: Do not clear real_cpus mask on policy init crypto: ccp - Set the AES size field for all modes staging: fsl-mc: Add missing header IB/mlx5: Assign DSCP for R-RoCE QPs Address Path PM / wakeirq: report a wakeup_event on dedicated wekup irq scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW syspdIO, change fp_possible to bool mmc: s3cmci: include linux/interrupt.h for tasklet_struct mfd: ab8500-sysctrl: Handle probe deferral mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped bnxt_en: Added PCI IDs for BCM57452 and BCM57454 ASICs staging: rtl8712u: Fix endian settings for structs describing network packets PCI/MSI: Return failure when msix_setup_entries() fails net: mvneta: fix build errors when linux/phy*.h is removed from net/dsa.h ext4: fix stripe-unaligned allocations ext4: do not use stripe_width if it is not set net/ena: change driver's default timeouts i2c: riic: correctly finish transfers drm/amdgpu: when dpm disabled, also need to stop/start vce. perf tools: Only increase index if perf_evsel__new_idx() succeeds iwlwifi: mvm: use the PROBE_RESP_QUEUE to send deauth to unknown station drm/fsl-dcu: check for clk_prepare_enable() error clocksource/drivers/arm_arch_timer: Add dt binding for hisilicon-161010101 erratum net: phy: dp83867: Recover from "port mirroring" N/A MODE4 cx231xx: Fix I2C on Internal Master 3 Bus ath10k: fix reading sram contents for QCA4019 clk: sunxi-ng: Check kzalloc() for errors and cleanup error path mtd: nand: sunxi: Fix the non-polling case in sunxi_nfc_wait_events() gpio: mcp23s08: Select REGMAP/REGMAP_I2C to fix build error xen/manage: correct return value check on xenbus_scanf() scsi: aacraid: Process Error for response I/O platform/x86: intel_mid_thermal: Fix module autoload staging: lustre: llite: don't invoke direct_IO for the EOF case staging: lustre: hsm: stack overrun in hai_dump_data_field staging: lustre: ptlrpc: skip lock if export failed staging: lustre: lmv: Error not handled for lmv_find_target brcmfmac: check brcmf_bus_get_memdump result for error vfs: open() with O_CREAT should not create inodes with unknown ids ASoC: Intel: boards: remove .pm_ops in all Atom/DPCM machine drivers exynos4-is: fimc-is: Unmap region obtained by of_iomap() mei: return error on notification request to a disconnected client s390/dasd: check for device error pointer within state change interrupts s390/prng: Adjust generation of entropy to produce real 256 bits. s390/crypto: Extend key length check for AES-XTS in fips mode. bt8xx: fix memory leak drm/exynos: g2d: prevent integer overflow in PCI: Avoid possible deadlock on pci_lock and p->pi_lock powerpc/64: Don't try to use radix MMU under a hypervisor xen: don't print error message in case of missing Xenstore entry staging: r8712u: Fix Sparse warning in rtl871x_xmit.c ARM: dts: mvebu: pl310-cache disable double-linefill Linux 4.9.61 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Biggers
|
0be72aebbf |
KEYS: return full count in keyring_read() if buffer is too small
commit |
||
|
Greg Kroah-Hartman
|
16cc920a0f |
Merge 4.9.59 into android-4.9
Changes in 4.9.59 USB: devio: Revert "USB: devio: Don't corrupt user memory" USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor() USB: serial: metro-usb: add MS7820 device id usb: cdc_acm: Add quirk for Elatec TWN3 usb: quirks: add quirk for WORLDE MINI MIDI keyboard usb: hub: Allow reset retry for USB2 devices on connect bounce ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital can: gs_usb: fix busy loop if no more TX context is available parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels iio: dummy: events: Add missing break usb: musb: sunxi: Explicitly release USB PHY on exit usb: musb: Check for host-mode using is_host_active() on reset interrupt xhci: Identify USB 3.1 capable hosts by their port protocol capability can: esd_usb2: Fix can_dlc value for received RTR, frames drm/nouveau/bsp/g92: disable by default drm/nouveau/mmu: flush tlbs before deleting page tables ALSA: seq: Enable 'use' locking in all configurations ALSA: hda: Remove superfluous '-' added by printk conversion ALSA: hda: Abort capability probe at invalid register read i2c: ismt: Separate I2C block read from SMBus block read i2c: piix4: Fix SMBus port selection for AMD Family 17h chips brcmfmac: Add check for short event packets brcmsmac: make some local variables 'static const' to reduce stack size bus: mbus: fix window size calculation for 4GB windows clockevents/drivers/cs5535: Improve resilience to spurious interrupts rtlwifi: rtl8821ae: Fix connection lost problem x86/microcode/intel: Disable late loading on model 79 KEYS: encrypted: fix dereference of NULL user_key_payload lib/digsig: fix dereference of NULL user_key_payload KEYS: don't let add_key() update an uninstantiated key pkcs7: Prevent NULL pointer dereference, since sinfo is not always set. vmbus: fix missing signaling in hv_signal_on_read() xfs: don't unconditionally clear the reflink flag on zero-block files xfs: evict CoW fork extents when performing finsert/fcollapse fs/xfs: Use %pS printk format for direct addresses xfs: report zeroed or not correctly in xfs_zero_range() xfs: update i_size after unwritten conversion in dio completion xfs: perag initialization should only touch m_ag_max_usable for AG 0 xfs: Capture state of the right inode in xfs_iflush_done xfs: always swap the cow forks when swapping extents xfs: handle racy AIO in xfs_reflink_end_cow xfs: Don't log uninitialised fields in inode structures xfs: move more RT specific code under CONFIG_XFS_RT xfs: don't change inode mode if ACL update fails xfs: reinit btree pointer on attr tree inactivation walk xfs: handle error if xfs_btree_get_bufs fails xfs: cancel dirty pages on invalidation xfs: trim writepage mapping to within eof fscrypt: fix dereference of NULL user_key_payload KEYS: Fix race between updating and finding a negative key FS-Cache: fix dereference of NULL user_key_payload Linux 4.9.59 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
David Howells
|
63c8e45255 |
KEYS: Fix race between updating and finding a negative key
commit |
||
|
David Howells
|
da0c7503c0 |
KEYS: don't let add_key() update an uninstantiated key
commit
|
||
|
Eric Biggers
|
fec442e32b |
KEYS: encrypted: fix dereference of NULL user_key_payload
commit |
||
|
Hyojun Kim
|
63da4200cb |
f2fs: catch up to v4.14-rc1
Cherry-picked from upstream-f2fs-stable-linux-4.9.y
Changes include:
commit 30da3a4de96733 ("f2fs: hurry up to issue discard after io interruption")
commit d1c363b48398d4 ("f2fs: fix to show correct discard_granularity in sysfs")
...
commit e6b120d4d01ab0 ("f2fs/fscrypt: catch up to v4.12")
commit 4d7931d72758db ("KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload()")
Signed-off-by: Hyojun Kim <hyojun@google.com>
|
||
|
Eric Biggers
|
dda70d28c0 |
KEYS: prevent KEYCTL_READ on negative key
commit |
||
|
Eric Biggers
|
bfe9d7b8e0 |
KEYS: prevent creating a different user's keyrings
commit |
||
|
Eric Biggers
|
47e8bd1965 |
KEYS: fix writing past end of user-supplied buffer in keyring_read()
commit |
||
|
Jason A. Donenfeld
|
0c70fb88c7 |
security/keys: rewrite all of big_key crypto
commit
|
||
|
Jason A. Donenfeld
|
2f9be92dff |
security/keys: properly zero out sensitive key material in big_key
commit
|
||
|
Dan Carpenter
|
73a0a68779 |
KEYS: Fix an error code in request_master_key()
commit |
||
|
Eric Biggers
|
d24c1c1977 |
KEYS: encrypted: avoid encrypting/decrypting stack buffers
commit
|
||
|
Eric Biggers
|
2436976102 |
KEYS: fix freeing uninitialized memory in key_update()
commit |
||
|
Eric Biggers
|
1b253e023f |
KEYS: fix dereferencing NULL payload with nonzero length
commit
|
||
|
Eric Biggers
|
174a74dbca |
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
commit |
||
|
David Howells
|
b2dd90e812 |
KEYS: Change the name of the dead type to ".dead" to prevent user access
commit |
||
|
David Howells
|
a5c6e0a768 |
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
commit
|
||
|
Artem Savkov
|
31e6ec4519 |
security/keys: make BIG_KEYS dependent on stdrng.
Since BIG_KEYS can't be compiled as module it requires one of the "stdrng"
providers to be compiled into kernel. Otherwise big_key_crypto_init() fails
on crypto_alloc_rng step and next dereference of big_key_skcipher (e.g. in
big_key_preparse()) results in a NULL pointer dereference.
Fixes:
|
||
|
David Howells
|
7df3e59c3d |
KEYS: Sort out big_key initialisation
big_key has two separate initialisation functions, one that registers the
key type and one that registers the crypto. If the key type fails to
register, there's no problem if the crypto registers successfully because
there's no way to reach the crypto except through the key type.
However, if the key type registers successfully but the crypto does not,
big_key_rng and big_key_blkcipher may end up set to NULL - but the code
neither checks for this nor unregisters the big key key type.
Furthermore, since the key type is registered before the crypto, it is
theoretically possible for the kernel to try adding a big_key before the
crypto is set up, leading to the same effect.
Fix this by merging big_key_crypto_init() and big_key_init() and calling
the resulting function late. If they're going to be encrypted, we
shouldn't be creating big_keys before we have the facilities to do the
encryption available. The key type registration is also moved after the
crypto initialisation.
The fix also includes message printing on failure.
If the big_key type isn't correctly set up, simply doing:
dd if=/dev/zero bs=4096 count=1 | keyctl padd big_key a @s
ought to cause an oops.
Fixes:
|
||
|
David Howells
|
03dab869b7 |
KEYS: Fix short sprintf buffer in /proc/keys show function
This fixes CVE-2016-7042. Fix a short sprintf buffer in proc_keys_show(). If the gcc stack protector is turned on, this can cause a panic due to stack corruption. The problem is that xbuf[] is not big enough to hold a 64-bit timeout rendered as weeks: (gdb) p 0xffffffffffffffffULL/(60*60*24*7) $2 = 30500568904943 That's 14 chars plus NUL, not 11 chars plus NUL. Expand the buffer to 16 chars. I think the unpatched code apparently works if the stack-protector is not enabled because on a 32-bit machine the buffer won't be overflowed and on a 64-bit machine there's a 64-bit aligned pointer at one side and an int that isn't checked again on the other side. The panic incurred looks something like: Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff81352ebe CPU: 0 PID: 1692 Comm: reproducer Not tainted 4.7.2-201.fc24.x86_64 #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 0000000000000086 00000000fbbd2679 ffff8800a044bc00 ffffffff813d941f ffffffff81a28d58 ffff8800a044bc98 ffff8800a044bc88 ffffffff811b2cb6 ffff880000000010 ffff8800a044bc98 ffff8800a044bc30 00000000fbbd2679 Call Trace: [<ffffffff813d941f>] dump_stack+0x63/0x84 [<ffffffff811b2cb6>] panic+0xde/0x22a [<ffffffff81352ebe>] ? proc_keys_show+0x3ce/0x3d0 [<ffffffff8109f7f9>] __stack_chk_fail+0x19/0x30 [<ffffffff81352ebe>] proc_keys_show+0x3ce/0x3d0 [<ffffffff81350410>] ? key_validate+0x50/0x50 [<ffffffff8134db30>] ? key_default_cmp+0x20/0x20 [<ffffffff8126b31c>] seq_read+0x2cc/0x390 [<ffffffff812b6b12>] proc_reg_read+0x42/0x70 [<ffffffff81244fc7>] __vfs_read+0x37/0x150 [<ffffffff81357020>] ? security_file_permission+0xa0/0xc0 [<ffffffff81246156>] vfs_read+0x96/0x130 [<ffffffff81247635>] SyS_read+0x55/0xc0 [<ffffffff817eb872>] entry_SYSCALL_64_fastpath+0x1a/0xa4 Reported-by: Ondrej Kozina <okozina@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Ondrej Kozina <okozina@redhat.com> cc: stable@vger.kernel.org Signed-off-by: James Morris <james.l.morris@oracle.com> |
||
|
Herbert Xu
|
456bee986e |
KEYS: Fix skcipher IV clobbering
The IV must not be modified by the skcipher operation so we need
to duplicate it.
Fixes:
|
||
|
Linus Torvalds
|
7a1e8b80fb |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Highlights:
- TPM core and driver updates/fixes
- IPv6 security labeling (CALIPSO)
- Lots of Apparmor fixes
- Seccomp: remove 2-phase API, close hole where ptrace can change
syscall #"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (156 commits)
apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling
tpm: Add TPM 2.0 support to the Nuvoton i2c driver (NPCT6xx family)
tpm: Factor out common startup code
tpm: use devm_add_action_or_reset
tpm2_i2c_nuvoton: add irq validity check
tpm: read burstcount from TPM_STS in one 32-bit transaction
tpm: fix byte-order for the value read by tpm2_get_tpm_pt
tpm_tis_core: convert max timeouts from msec to jiffies
apparmor: fix arg_size computation for when setprocattr is null terminated
apparmor: fix oops, validate buffer size in apparmor_setprocattr()
apparmor: do not expose kernel stack
apparmor: fix module parameters can be changed after policy is locked
apparmor: fix oops in profile_unpack() when policy_db is not present
apparmor: don't check for vmalloc_addr if kvzalloc() failed
apparmor: add missing id bounds check on dfa verification
apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task
apparmor: use list_next_entry instead of list_entry_next
apparmor: fix refcount race when finding a child profile
apparmor: fix ref count leak when profile sha1 hash is read
apparmor: check that xindex is in trans_table bounds
...
|
||
|
Linus Torvalds
|
bbce2ad2d7 |
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu: "Here is the crypto update for 4.8: API: - first part of skcipher low-level conversions - add KPP (Key-agreement Protocol Primitives) interface. Algorithms: - fix IPsec/cryptd reordering issues that affects aesni - RSA no longer does explicit leading zero removal - add SHA3 - add DH - add ECDH - improve DRBG performance by not doing CTR by hand Drivers: - add x86 AVX2 multibuffer SHA256/512 - add POWER8 optimised crc32c - add xts support to vmx - add DH support to qat - add RSA support to caam - add Layerscape support to caam - add SEC1 AEAD support to talitos - improve performance by chaining requests in marvell/cesa - add support for Araneus Alea I USB RNG - add support for Broadcom BCM5301 RNG - add support for Amlogic Meson RNG - add support Broadcom NSP SoC RNG" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (180 commits) crypto: vmx - Fix aes_p8_xts_decrypt build failure crypto: vmx - Ignore generated files crypto: vmx - Adding support for XTS crypto: vmx - Adding asm subroutines for XTS crypto: skcipher - add comment for skcipher_alg->base crypto: testmgr - Print akcipher algorithm name crypto: marvell - Fix wrong flag used for GFP in mv_cesa_dma_add_iv_op crypto: nx - off by one bug in nx_of_update_msc() crypto: rsa-pkcs1pad - fix rsa-pkcs1pad request struct crypto: scatterwalk - Inline start/map/done crypto: scatterwalk - Remove unnecessary BUG in scatterwalk_start crypto: scatterwalk - Remove unnecessary advance in scatterwalk_pagedone crypto: scatterwalk - Fix test in scatterwalk_done crypto: api - Optimise away crypto_yield when hard preemption is on crypto: scatterwalk - add no-copy support to copychunks crypto: scatterwalk - Remove scatterwalk_bytes_sglen crypto: omap - Stop using crypto scatterwalk_bytes_sglen crypto: skcipher - Remove top-level givcipher interface crypto: user - Remove crypto_lookup_skcipher call crypto: cts - Convert to skcipher ... |
||
|
Herbert Xu
|
d56d72c6a0 |
KEYS: Use skcipher for big keys
This patch replaces use of the obsolete blkcipher with skcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David Howells <dhowells@redhat.com> |
||
|
Dan Carpenter
|
38327424b4 |
KEYS: potential uninitialized variable
If __key_link_begin() failed then "edit" would be uninitialized. I've
added a check to fix that.
This allows a random user to crash the kernel, though it's quite
difficult to achieve. There are three ways it can be done as the user
would have to cause an error to occur in __key_link():
(1) Cause the kernel to run out of memory. In practice, this is difficult
to achieve without ENOMEM cropping up elsewhere and aborting the
attempt.
(2) Revoke the destination keyring between the keyring ID being looked up
and it being tested for revocation. In practice, this is difficult to
time correctly because the KEYCTL_REJECT function can only be used
from the request-key upcall process. Further, users can only make use
of what's in /sbin/request-key.conf, though this does including a
rejection debugging test - which means that the destination keyring
has to be the caller's session keyring in practice.
(3) Have just enough key quota available to create a key, a new session
keyring for the upcall and a link in the session keyring, but not then
sufficient quota to create a link in the nominated destination keyring
so that it fails with EDQUOT.
The bug can be triggered using option (3) above using something like the
following:
echo 80 >/proc/sys/kernel/keys/root_maxbytes
keyctl request2 user debug:fred negate @t
The above sets the quota to something much lower (80) to make the bug
easier to trigger, but this is dependent on the system. Note also that
the name of the keyring created contains a random number that may be
between 1 and 10 characters in size, so may throw the test off by
changing the amount of quota used.
Assuming the failure occurs, something like the following will be seen:
kfree_debugcheck: out of range ptr 6b6b6b6b6b6b6b68h
------------[ cut here ]------------
kernel BUG at ../mm/slab.c:2821!
...
RIP: 0010:[<ffffffff811600f9>] kfree_debugcheck+0x20/0x25
RSP: 0018:ffff8804014a7de8 EFLAGS: 00010092
RAX: 0000000000000034 RBX: 6b6b6b6b6b6b6b68 RCX: 0000000000000000
RDX: 0000000000040001 RSI: 00000000000000f6 RDI: 0000000000000300
RBP: ffff8804014a7df0 R08: 0000000000000001 R09: 0000000000000000
R10: ffff8804014a7e68 R11: 0000000000000054 R12: 0000000000000202
R13: ffffffff81318a66 R14: 0000000000000000 R15: 0000000000000001
...
Call Trace:
kfree+0xde/0x1bc
assoc_array_cancel_edit+0x1f/0x36
__key_link_end+0x55/0x63
key_reject_and_link+0x124/0x155
keyctl_reject_key+0xb6/0xe0
keyctl_negate_key+0x10/0x12
SyS_keyctl+0x9f/0xe7
do_syscall_64+0x63/0x13a
entry_SYSCALL64_slow_path+0x25/0x25
Fixes:
|
||
|
David Howells
|
965475acca |
KEYS: Strip trailing spaces
Strip some trailing spaces. Signed-off-by: David Howells <dhowells@redhat.com> |
||
|
Stephan Mueller
|
4693fc734d |
KEYS: Add placeholder for KDF usage with DH
The values computed during Diffie-Hellman key exchange are often used in combination with key derivation functions to create cryptographic keys. Add a placeholder for a later implementation to configure a key derivation function that will transform the Diffie-Hellman result returned by the KEYCTL_DH_COMPUTE command. [This patch was stripped down from a patch produced by Mat Martineau that had a bug in the compat code - so for the moment Stephan's patch simply requires that the placeholder argument must be NULL] Original-signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com> |
||
|
David Howells
|
d55201ce08 |
Merge branch 'keys-trust' into keys-next
Here's a set of patches that changes how certificates/keys are determined
to be trusted. That's currently a two-step process:
(1) Up until recently, when an X.509 certificate was parsed - no matter
the source - it was judged against the keys in .system_keyring,
assuming those keys to be trusted if they have KEY_FLAG_TRUSTED set
upon them.
This has just been changed such that any key in the .ima_mok keyring,
if configured, may also be used to judge the trustworthiness of a new
certificate, whether or not the .ima_mok keyring is meant to be
consulted for whatever process is being undertaken.
If a certificate is determined to be trustworthy, KEY_FLAG_TRUSTED
will be set upon a key it is loaded into (if it is loaded into one),
no matter what the key is going to be loaded for.
(2) If an X.509 certificate is loaded into a key, then that key - if
KEY_FLAG_TRUSTED gets set upon it - can be linked into any keyring
with KEY_FLAG_TRUSTED_ONLY set upon it. This was meant to be the
system keyring only, but has been extended to various IMA keyrings.
A user can at will link any key marked KEY_FLAG_TRUSTED into any
keyring marked KEY_FLAG_TRUSTED_ONLY if the relevant permissions masks
permit it.
These patches change that:
(1) Trust becomes a matter of consulting the ring of trusted keys supplied
when the trust is evaluated only.
(2) Every keyring can be supplied with its own manager function to
restrict what may be added to that keyring. This is called whenever a
key is to be linked into the keyring to guard against a key being
created in one keyring and then linked across.
This function is supplied with the keyring and the key type and
payload[*] of the key being linked in for use in its evaluation. It
is permitted to use other data also, such as the contents of other
keyrings such as the system keyrings.
[*] The type and payload are supplied instead of a key because as an
optimisation this function may be called whilst creating a key and
so may reject the proposed key between preparse and allocation.
(3) A default manager function is provided that permits keys to be
restricted to only asymmetric keys that are vouched for by the
contents of the system keyring.
A second manager function is provided that just rejects with EPERM.
(4) A key allocation flag, KEY_ALLOC_BYPASS_RESTRICTION, is made available
so that the kernel can initialise keyrings with keys that form the
root of the trust relationship.
(5) KEY_FLAG_TRUSTED and KEY_FLAG_TRUSTED_ONLY are removed, along with
key_preparsed_payload::trusted.
This change also makes it possible in future for userspace to create a private
set of trusted keys and then to have it sealed by setting a manager function
where the private set is wholly independent of the kernel's trust
relationships.
Further changes in the set involve extracting certain IMA special keyrings
and making them generally global:
(*) .system_keyring is renamed to .builtin_trusted_keys and remains read
only. It carries only keys built in to the kernel. It may be where
UEFI keys should be loaded - though that could better be the new
secondary keyring (see below) or a separate UEFI keyring.
(*) An optional secondary system keyring (called .secondary_trusted_keys)
is added to replace the IMA MOK keyring.
(*) Keys can be added to the secondary keyring by root if the keys can
be vouched for by either ring of system keys.
(*) Module signing and kexec only use .builtin_trusted_keys and do not use
the new secondary keyring.
(*) Config option SYSTEM_TRUSTED_KEYS now depends on ASYMMETRIC_KEY_TYPE as
that's the only type currently permitted on the system keyrings.
(*) A new config option, IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY,
is provided to allow keys to be added to IMA keyrings, subject to the
restriction that such keys are validly signed by a key already in the
system keyrings.
If this option is enabled, but secondary keyrings aren't, additions to
the IMA keyrings will be restricted to signatures verifiable by keys in
the builtin system keyring only.
Signed-off-by: David Howells <dhowells@redhat.com>
|
||
|
Mat Martineau
|
ddbb411487 |
KEYS: Add KEYCTL_DH_COMPUTE command
This adds userspace access to Diffie-Hellman computations through a new keyctl() syscall command to calculate shared secrets or public keys using input parameters stored in the keyring. Input key ids are provided in a struct due to the current 5-arg limit for the keyctl syscall. Only user keys are supported in order to avoid exposing the content of logon or encrypted keys. The output is written to the provided buffer, based on the assumption that the values are only needed in userspace. Future support for other types of key derivation would involve a new command, like KEYCTL_ECDH_COMPUTE. Once Diffie-Hellman support is included in the crypto API, this code can be converted to use the crypto API to take advantage of possible hardware acceleration and reduce redundant code. Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David Howells <dhowells@redhat.com> |
||
|
Kirill Marinushkin
|
13100a72f4 |
Security: Keys: Big keys stored encrypted
Solved TODO task: big keys saved to shmem file are now stored encrypted. The encryption key is randomly generated and saved to payload[big_key_data]. Signed-off-by: Kirill Marinushkin <k.marinushkin@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> |