1. 22 Jul, 2022 9 commits
  2. 21 Jul, 2022 24 commits
  3. 20 Jul, 2022 7 commits
    • Justin Stitt's avatar
      netfilter: xt_TPROXY: remove pr_debug invocations · aa8c7cdb
      Justin Stitt authored
      pr_debug calls are no longer needed in this file.
      
      Pablo suggested "a patch to remove these pr_debug calls". This patch has
      some other beneficial collateral as it also silences multiple Clang
      -Wformat warnings that were present in the pr_debug calls.
      
      diff from v1 -> v2:
      * converted if statement one-liner style
      * x == NULL is now !x
      Suggested-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      Reviewed-by: default avatarNathan Chancellor <nathan@kernel.org>
      Signed-off-by: default avatarJustin Stitt <justinstitt@google.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      aa8c7cdb
    • Florian Westphal's avatar
      netfilter: flowtable: prefer refcount_inc · f02e7dc4
      Florian Westphal authored
      With refcount_inc_not_zero, we'd also need a smp_rmb or similar,
      followed by a test of the CONFIRMED bit.
      
      However, the ct pointer is taken from skb->_nfct, its refcount must
      not be 0 (else, we'd already have a use-after-free bug).
      
      Use refcount_inc() instead to clarify the ct refcount is expected to
      be at least 1.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      f02e7dc4
    • Christophe JAILLET's avatar
      netfilter: ipvs: Use the bitmap API to allocate bitmaps · 5787db7c
      Christophe JAILLET authored
      Use bitmap_zalloc()/bitmap_free() instead of hand-writing them.
      
      It is less verbose and it improves the semantic.
      Signed-off-by: default avatarChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
      Acked-by: default avatarSimon Horman <horms@verge.net.au>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      5787db7c
    • Linus Torvalds's avatar
      watchqueue: make sure to serialize 'wqueue->defunct' properly · 353f7988
      Linus Torvalds authored
      When the pipe is closed, we mark the associated watchqueue defunct by
      calling watch_queue_clear().  However, while that is protected by the
      watchqueue lock, new watchqueue entries aren't actually added under that
      lock at all: they use the pipe->rd_wait.lock instead, and looking up
      that pipe happens without any locking.
      
      The watchqueue code uses the RCU read-side section to make sure that the
      wqueue entry itself hasn't disappeared, but that does not protect the
      pipe_info in any way.
      
      So make sure to actually hold the wqueue lock when posting watch events,
      properly serializing against the pipe being torn down.
      Reported-by: default avatarNoam Rathaus <noamr@ssd-disclosure.com>
      Cc: Greg KH <gregkh@linuxfoundation.org>
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      353f7988
    • Eric Snowberg's avatar
      lockdown: Fix kexec lockdown bypass with ima policy · 543ce63b
      Eric Snowberg authored
      The lockdown LSM is primarily used in conjunction with UEFI Secure Boot.
      This LSM may also be used on machines without UEFI.  It can also be
      enabled when UEFI Secure Boot is disabled.  One of lockdown's features
      is to prevent kexec from loading untrusted kernels.  Lockdown can be
      enabled through a bootparam or after the kernel has booted through
      securityfs.
      
      If IMA appraisal is used with the "ima_appraise=log" boot param,
      lockdown can be defeated with kexec on any machine when Secure Boot is
      disabled or unavailable.  IMA prevents setting "ima_appraise=log" from
      the boot param when Secure Boot is enabled, but this does not cover
      cases where lockdown is used without Secure Boot.
      
      To defeat lockdown, boot without Secure Boot and add ima_appraise=log to
      the kernel command line; then:
      
        $ echo "integrity" > /sys/kernel/security/lockdown
        $ echo "appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig" > \
          /sys/kernel/security/ima/policy
        $ kexec -ls unsigned-kernel
      
      Add a call to verify ima appraisal is set to "enforce" whenever lockdown
      is enabled.  This fixes CVE-2022-21505.
      
      Cc: stable@vger.kernel.org
      Fixes: 29d3c1c8 ("kexec: Allow kexec_file() with appropriate IMA policy when locked down")
      Signed-off-by: default avatarEric Snowberg <eric.snowberg@oracle.com>
      Acked-by: default avatarMimi Zohar <zohar@linux.ibm.com>
      Reviewed-by: default avatarJohn Haxby <john.haxby@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      543ce63b
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-5.19-20220720' of... · 44484fa8
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-5.19-20220720' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      this is a pull request of 2 patches for net/master.
      
      The first patch is by me and fixes the detection of the mcp251863 in
      the mcp251xfd driver.
      
      The last patch is by Liang He and adds a missing of_node_put() in the
      rcar_canfd driver.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      44484fa8
    • Alex Elder's avatar
      net: ipa: initialize ring indexes to 0 · 5fb859f7
      Alex Elder authored
      When a GSI channel is initially allocated, and after it has been
      reset, the hardware assumes its ring index is 0.  And although we
      do initialize channels this way, the comments in the IPA code don't
      really explain this.  For event rings, it doesn't matter what value
      we use initially, so using 0 is just fine.
      
      Add some information about the assumptions made by hardware above
      the definition of the gsi_ring structure in "gsi.h".
      
      Zero the index field for all rings (channel and event) when the ring
      is allocated.  As a result, that function initializes all fields in
      the structure.
      
      Stop zeroing the index the top of gsi_channel_program().  Initially
      we'll use the index value set when the channel ring was allocated.
      And we'll explicitly zero the index value in gsi_channel_reset()
      before programming the hardware, adding a comment explaining why
      it's required.
      
      For event rings, use the index initialized by gsi_ring_alloc()
      rather than 0 when ringing the doorbell in gsi_evt_ring_program().
      (It'll still be zero, but we won't assume that to be the case.)
      
      Use a local variable in gsi_evt_ring_program() that represents the
      address of the event ring's ring structure.
      Signed-off-by: default avatarAlex Elder <elder@linaro.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5fb859f7