1. 28 May, 2021 4 commits
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.13-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 5ff2756a
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
      "Stable fixes:
         - Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
         - Fix Oops in xs_tcp_send_request() when transport is disconnected
         - Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
      
        Bugfixes:
         - Fix instances where signal_pending() should be fatal_signal_pending()
         - fix an incorrect limit in filelayout_decode_layout()
         - Fixes for the SUNRPC backlogged RPC queue
         - Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
         - Revert commit 586a0787 ("Clean up rpcrdma_prepare_readch()")"
      
      * tag 'nfs-for-5.13-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        nfs: Remove trailing semicolon in macros
        xprtrdma: Revert 586a0787
        NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
        NFS: Clean up reset of the mirror accounting variables
        NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
        NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
        SUNRPC: More fixes for backlog congestion
        SUNRPC: Fix Oops in xs_tcp_send_request() when transport is disconnected
        NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
        SUNRPC in case of backlog, hand free slots directly to waiting task
        pNFS/NFSv4: Remove redundant initialization of 'rd_size'
        NFS: fix an incorrect limit in filelayout_decode_layout()
        fs/nfs: Use fatal_signal_pending instead of signal_pending
      5ff2756a
    • Linus Torvalds's avatar
      Merge tag 'sound-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · fc683f96
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A slightly high volume at this time due to pending ASoC fixes.
      
        While there are a few generic simple-card fixes for regressions, most
        of the changes are device-specific fixes: ASoC Intel SOF, codec
        clocks, other codec / platform fixes as well as usual HD-audio and
        USB-audio"
      
      * tag 'sound-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (37 commits)
        ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8
        ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8
        ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8
        ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8
        ALSA: hda/realtek: Chain in pop reduction fixup for ThinkStation P340
        ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static
        ALSA: hda/realtek: the bass speaker can't output sound on Yoga 9i
        ALSA: hda/realtek: Headphone volume is controlled by Front mixer
        ALSA: usb-audio: scarlett2: Improve driver startup messages
        ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci
        ALSA: usb-audio: fix control-request direction
        ASoC: qcom: lpass-cpu: Use optional clk APIs
        ASoC: cs35l33: fix an error code in probe()
        ASoC: SOF: Intel: hda: don't send DAI_CONFIG IPC for older firmware
        ASoC: fsl: fix SND_SOC_IMX_RPMSG dependency
        ASoC: cs42l52: Minor tidy up of error paths
        ASoC: cs35l32: Add missing regmap use_single config
        ASoC: cs35l34: Add missing regmap use_single config
        ASoC: cs42l73: Add missing regmap use_single config
        ASoC: cs53l30: Add missing regmap use_single config
        ...
      fc683f96
    • Linus Torvalds's avatar
      Merge tag 'clang-features-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 8508b97a
      Linus Torvalds authored
      Pull clang feature fixes from Kees Cook:
      
       - Correctly pass stack frame size checking under LTO (Nick Desaulniers)
      
       - Avoid CFI mismatches by checking initcall_t types (Marco Elver)
      
      * tag 'clang-features-v5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        Makefile: LTO: have linker check -Wframe-larger-than
        init: verify that function is initcall_t at compile-time
      8508b97a
    • Linus Torvalds's avatar
      Merge tag 'mips-fixes_5.13_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux · afdd1470
      Linus Torvalds authored
      Pull MIPS fixes from Thomas Bogendoerfer:
      
       - fix function/preempt trace hangs
      
       - a few build fixes
      
      * tag 'mips-fixes_5.13_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
        MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER
        MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
        MIPS: launch.h: add include guard to prevent build errors
        MIPS: alchemy: xxs1500: add gpio-au1000.h header file
      afdd1470
  2. 27 May, 2021 15 commits
  3. 26 May, 2021 6 commits
  4. 25 May, 2021 15 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · f5d28712
      David S. Miller authored
      
      
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2021-05-26
      
      The following pull-request contains BPF updates for your *net* tree.
      
      We've added 14 non-merge commits during the last 14 day(s) which contain
      a total of 17 files changed, 513 insertions(+), 231 deletions(-).
      
      The main changes are:
      
      1) Fix bpf_skb_change_head() helper to reset mac_len, from Jussi Maki.
      
      2) Fix masking direction swap upon off-reg sign change, from Daniel Borkmann.
      
      3) Fix BPF offloads in verifier by reordering driver callback, from Yinjun Zhang.
      
      4) BPF selftest for ringbuf mmap ro/rw restrictions, from Andrii Nakryiko.
      
      5) Follow-up fixes to nested bprintf per-cpu buffers, from Florent Revest.
      
      6) Fix bpftool sock_release attach point help info, from Liu Jian.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f5d28712
    • David S. Miller's avatar
      Merge branch 'mptcp-fixes' · 6dfa87b4
      David S. Miller authored
      
      
      Mat Martineau says:
      
      ====================
      MPTCP fixes
      
      Here are a few fixes for the -net tree.
      
      Patch 1 fixes an attempt to access a tcp-specific field that does not
      exist in mptcp sockets.
      
      Patches 2 and 3 remove warning/error log output that could be flooded.
      
      Patch 4 performs more validation on address advertisement echo packets
      to improve RFC 8684 compliance.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6dfa87b4
    • Davide Caratti's avatar
      mptcp: validate 'id' when stopping the ADD_ADDR retransmit timer · d58300c3
      Davide Caratti authored
      when Linux receives an echo-ed ADD_ADDR, it checks the IP address against
      the list of "announced" addresses. In case of a positive match, the timer
      that handles retransmissions is stopped regardless of the 'Address Id' in
      the received packet: this behaviour does not comply with RFC8684 3.4.1.
      
      Fix it by validating the 'Address Id' in received echo-ed ADD_ADDRs.
      Tested using packetdrill, with the following captured output:
      
       unpatched kernel:
      
       Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0xfd2e62517888fe29,mptcp dss ack 3007449509], length 0
       In  <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 1 1.2.3.4,mptcp dss ack 3013740213], length 0
       Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0xfd2e62517888fe29,mptcp dss ack 3007449509], length 0
       In  <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 90 198.51.100.2,mptcp dss ack 3013740213], length 0
              ^^^ retransmission is stopped here, but 'Address Id' is 90
      
       patched kernel:
      
       Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0x1cf372d59e05f4b8,mptcp dss ack 3007449509], length 0
       In  <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 1 1.2.3.4,mptcp dss ack 1672384568], length 0
       Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0x1cf372d59e05f4b8,mptcp dss ack 3007449509], length 0
       In  <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 90 198.51.100.2,mptcp dss ack 1672384568], length 0
       Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0x1cf372d59e05f4b8,mptcp dss ack 3007449509], length 0
       In  <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 1 198.51.100.2,mptcp dss ack 1672384568], length 0
              ^^^ retransmission is stopped here, only when both 'Address Id' and 'IP Address' match
      
      Fixes: 00cfd77b
      
       ("mptcp: retransmit ADD_ADDR when timeout")
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d58300c3
    • Paolo Abeni's avatar
      mptcp: avoid error message on infinite mapping · 3ed0a585
      Paolo Abeni authored
      Another left-over. Avoid flooding dmesg with useless text,
      we already have a MIB for that event.
      
      Fixes: 648ef4b8
      
       ("mptcp: Implement MPTCP receive path")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3ed0a585
    • Paolo Abeni's avatar
      mptcp: drop unconditional pr_warn on bad opt · 3812ce89
      Paolo Abeni authored
      This is a left-over of early day. A malicious peer can flood
      the kernel logs with useless messages, just drop it.
      
      Fixes: f296234c
      
       ("mptcp: Add handling of incoming MP_JOIN requests")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3812ce89
    • Paolo Abeni's avatar
      mptcp: avoid OOB access in setsockopt() · 20b5759f
      Paolo Abeni authored
      We can't use tcp_set_congestion_control() on an mptcp socket, as
      such function can end-up accessing a tcp-specific field -
      prior_ssthresh - causing an OOB access.
      
      To allow propagating the correct ca algo on subflow, cache the ca
      name at initialization time.
      
      Additionally avoid overriding the user-selected CA (if any) at
      clone time.
      
      Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/182
      Fixes: aa1fbd94
      
       ("mptcp: sockopt: add TCP_CONGESTION and TCP_INFO")
      Acked-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      20b5759f
    • Simon Horman's avatar
      nfp: update maintainer and mailing list addresses · bab09fe2
      Simon Horman authored
      
      
      Some of Netronome's activities and people have moved over to Corigine,
      including NFP driver maintenance and myself.
      Signed-off-by: default avatarSimon Horman <simon.horman@corigine.com>
      Signed-off-by: default avatarLouis Peens <louis.peens@corigine.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bab09fe2
    • Stefan Chulski's avatar
      net: mvpp2: add buffer header handling in RX · 17f9c1b6
      Stefan Chulski authored
      If Link Partner sends frames larger than RX buffer size, MAC mark it
      as oversize but still would pass it to the Packet Processor.
      In this scenario, Packet Processor scatter frame between multiple buffers,
      but only a single buffer would be returned to the Buffer Manager pool and
      it would not refill the poll.
      
      Patch add handling of oversize error with buffer header handling, so all
      buffers would be returned to the Buffer Manager pool.
      
      Fixes: 3f518509
      
       ("ethernet: Add new driver for Marvell Armada 375 network unit")
      Reported-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarStefan Chulski <stefanc@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      17f9c1b6
    • Jiapeng Chong's avatar
      bnx2x: Fix missing error code in bnx2x_iov_init_one() · 65161c35
      Jiapeng Chong authored
      
      
      Eliminate the follow smatch warning:
      
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c:1227
      bnx2x_iov_init_one() warn: missing error code 'err'.
      Reported-by: default avatarAbaci Robot <abaci@linux.alibaba.com>
      Signed-off-by: default avatarJiapeng Chong <jiapeng.chong@linux.alibaba.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      65161c35
    • Vlad Buslov's avatar
      net: zero-initialize tc skb extension on allocation · 9453d45e
      Vlad Buslov authored
      Function skb_ext_add() doesn't initialize created skb extension with any
      value and leaves it up to the user. However, since extension of type
      TC_SKB_EXT originally contained only single value tc_skb_ext->chain its
      users used to just assign the chain value without setting whole extension
      memory to zero first. This assumption changed when TC_SKB_EXT extension was
      extended with additional fields but not all users were updated to
      initialize the new fields which leads to use of uninitialized memory
      afterwards. UBSAN log:
      
      [  778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28
      [  778.301495] load of value 107 is not a valid value for type '_Bool'
      [  778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2
      [  778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
      [  778.307901] Call Trace:
      [  778.308680]  <IRQ>
      [  778.309358]  dump_stack+0xbb/0x107
      [  778.310307]  ubsan_epilogue+0x5/0x40
      [  778.311167]  __ubsan_handle_load_invalid_value.cold+0x43/0x48
      [  778.312454]  ? memset+0x20/0x40
      [  778.313230]  ovs_flow_key_extract.cold+0xf/0x14 [openvswitch]
      [  778.314532]  ovs_vport_receive+0x19e/0x2e0 [openvswitch]
      [  778.315749]  ? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch]
      [  778.317188]  ? create_prof_cpu_mask+0x20/0x20
      [  778.318220]  ? arch_stack_walk+0x82/0xf0
      [  778.319153]  ? secondary_startup_64_no_verify+0xb0/0xbb
      [  778.320399]  ? stack_trace_save+0x91/0xc0
      [  778.321362]  ? stack_trace_consume_entry+0x160/0x160
      [  778.322517]  ? lock_release+0x52e/0x760
      [  778.323444]  netdev_frame_hook+0x323/0x610 [openvswitch]
      [  778.324668]  ? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch]
      [  778.325950]  __netif_receive_skb_core+0x771/0x2db0
      [  778.327067]  ? lock_downgrade+0x6e0/0x6f0
      [  778.328021]  ? lock_acquire+0x565/0x720
      [  778.328940]  ? generic_xdp_tx+0x4f0/0x4f0
      [  778.329902]  ? inet_gro_receive+0x2a7/0x10a0
      [  778.330914]  ? lock_downgrade+0x6f0/0x6f0
      [  778.331867]  ? udp4_gro_receive+0x4c4/0x13e0
      [  778.332876]  ? lock_release+0x52e/0x760
      [  778.333808]  ? dev_gro_receive+0xcc8/0x2380
      [  778.334810]  ? lock_downgrade+0x6f0/0x6f0
      [  778.335769]  __netif_receive_skb_list_core+0x295/0x820
      [  778.336955]  ? process_backlog+0x780/0x780
      [  778.337941]  ? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core]
      [  778.339613]  ? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0
      [  778.341033]  ? kvm_clock_get_cycles+0x14/0x20
      [  778.342072]  netif_receive_skb_list_internal+0x5f5/0xcb0
      [  778.343288]  ? __kasan_kmalloc+0x7a/0x90
      [  778.344234]  ? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core]
      [  778.345676]  ? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core]
      [  778.347140]  ? __netif_receive_skb_list_core+0x820/0x820
      [  778.348351]  ? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core]
      [  778.349688]  ? napi_gro_flush+0x26c/0x3c0
      [  778.350641]  napi_complete_done+0x188/0x6b0
      [  778.351627]  mlx5e_napi_poll+0x373/0x1b80 [mlx5_core]
      [  778.352853]  __napi_poll+0x9f/0x510
      [  778.353704]  ? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core]
      [  778.355158]  net_rx_action+0x34c/0xa40
      [  778.356060]  ? napi_threaded_poll+0x3d0/0x3d0
      [  778.357083]  ? sched_clock_cpu+0x18/0x190
      [  778.358041]  ? __common_interrupt+0x8e/0x1a0
      [  778.359045]  __do_softirq+0x1ce/0x984
      [  778.359938]  __irq_exit_rcu+0x137/0x1d0
      [  778.360865]  irq_exit_rcu+0xa/0x20
      [  778.361708]  common_interrupt+0x80/0xa0
      [  778.362640]  </IRQ>
      [  778.363212]  asm_common_interrupt+0x1e/0x40
      [  778.364204] RIP: 0010:native_safe_halt+0xe/0x10
      [  778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00
      [  778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246
      [  778.370570] RAX: ffff88842de46a80 RBX: ffffffff84425840 RCX: ffffffff83418468
      [  778.372143] RDX: 000000000026f1da RSI: 0000000000000004 RDI: ffffffff8343af5e
      [  778.373722] RBP: fffffbfff0884b08 R08: 0000000000000000 R09: ffff88842de46bcb
      [  778.375292] R10: ffffed1085bc8d79 R11: 0000000000000001 R12: 0000000000000000
      [  778.376860] R13: ffffffff851124a0 R14: 0000000000000000 R15: dffffc0000000000
      [  778.378491]  ? rcu_eqs_enter.constprop.0+0xb8/0xe0
      [  778.379606]  ? default_idle_call+0x5e/0xe0
      [  778.380578]  default_idle+0xa/0x10
      [  778.381406]  default_idle_call+0x96/0xe0
      [  778.382350]  do_idle+0x3d4/0x550
      [  778.383153]  ? arch_cpu_idle_exit+0x40/0x40
      [  778.384143]  cpu_startup_entry+0x19/0x20
      [  778.385078]  start_kernel+0x3c7/0x3e5
      [  778.385978]  secondary_startup_64_no_verify+0xb0/0xbb
      
      Fix the issue by providing new function tc_skb_ext_alloc() that allocates
      tc skb extension and initializes its memory to 0 before returning it to the
      caller. Change all existing users to use new API instead of calling
      skb_ext_add() directly.
      
      Fixes: 038ebb1a ("net/sched: act_ct: fix miss set mru for ovs after defrag in act_ct")
      Fixes: d29334c1
      
       ("net/sched: act_api: fix miss set post_ct for ovs after do conntrack in act_ct")
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Acked-by: default avatarCong Wang <cong.wang@bytedance.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9453d45e
    • Yang Li's avatar
      net: hns: Fix kernel-doc · c1cf1afd
      Yang Li authored
      
      
      Fix function name in hns_ethtool.c kernel-doc comment
      to remove these warnings found by clang_w1.
      
      drivers/net/ethernet/hisilicon/hns/hns_ethtool.c:202: warning: expecting
      prototype for hns_nic_set_link_settings(). Prototype was for
      hns_nic_set_link_ksettings() instead.
      drivers/net/ethernet/hisilicon/hns/hns_ethtool.c:837: warning: expecting
      prototype for get_ethtool_stats(). Prototype was for
      hns_get_ethtool_stats() instead.
      drivers/net/ethernet/hisilicon/hns/hns_ethtool.c:894: warning:
      expecting prototype for get_strings(). Prototype was for
      hns_get_strings() instead.
      Reported-by: default avatarAbaci Robot <abaci@linux.alibaba.com>
      Fixes: 'commit 262b38cd
      
       ("net: ethernet: hisilicon: hns: use phydev
      from struct net_device")'
      Signed-off-by: default avatarYang Li <yang.lee@linux.alibaba.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c1cf1afd
    • Xin Long's avatar
      sctp: fix the proc_handler for sysctl encap_port · b2540cdc
      Xin Long authored
      proc_dointvec() cannot do min and max check for setting a value
      when extra1/extra2 is set, so change it to proc_dointvec_minmax()
      for sysctl encap_port.
      
      Fixes: e8a3001c
      
       ("sctp: add encap_port for netns sock asoc and transport")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b2540cdc
    • Xin Long's avatar
      sctp: add the missing setting for asoc encap_port · 297739bd
      Xin Long authored
      This patch is to add the missing setting back for asoc encap_port.
      
      Fixes: 8dba2960
      
       ("sctp: add SCTP_REMOTE_UDP_ENCAPS_PORT sockopt")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      297739bd
    • Kees Cook's avatar
      proc: Check /proc/$pid/attr/ writes against file opener · bfb819ea
      Kees Cook authored
      Fix another "confused deputy" weakness[1]. Writes to /proc/$pid/attr/
      files need to check the opener credentials, since these fds do not
      transition state across execve(). Without this, it is possible to
      trick another process (which may have different credentials) to write
      to its own /proc/$pid/attr/ files, leading to unexpected and possibly
      exploitable behaviors.
      
      [1] https://www.kernel.org/doc/html/latest/security/credentials.html?highlight=confused#open-file-credentials
      
      Fixes: 1da177e4
      
       ("Linux-2.6.12-rc2")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bfb819ea
    • Mikulas Patocka's avatar
      dm snapshot: properly fix a crash when an origin has no snapshots · 7e768532
      Mikulas Patocka authored
      
      
      If an origin target has no snapshots, o->split_boundary is set to 0.
      This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split().
      
      Fix this by initializing chunk_size, and in turn split_boundary, to
      rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits
      into "unsigned" type.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      7e768532