Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v5.0.15 2019-04-05T20:34:19+00:00 2019-04-05T20:34:19+00:00 John Johansen john.johansen@canonical.com 2019-02-12T11:35:40+00:00 urn:sha1:4c6df358aa872d4c29956c18a8a09e55f48e732c [ Upstream commit d8dbb581d4f86a2ac669c056fc71a28ebeb367f4 ] if secmark rules fail to unpack a double free happens resulting in the following oops [ 1295.584074] audit: type=1400 audit(1549970525.256:51): apparmor="STATUS" info="failed to unpack profile secmark rules" error=-71 profile="unconfined" name="/root/test" pid=29882 comm="apparmor_parser" name="/root/test" offset=120 [ 1374.042334] ------------[ cut here ]------------ [ 1374.042336] kernel BUG at mm/slub.c:294! [ 1374.042404] invalid opcode: 0000 [#1] SMP PTI [ 1374.042436] CPU: 0 PID: 29921 Comm: apparmor_parser Not tainted 4.20.7-042007-generic #201902061234 [ 1374.042461] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 [ 1374.042489] RIP: 0010:kfree+0x164/0x180 [ 1374.042502] Code: 74 05 41 0f b6 72 51 4c 89 d7 e8 37 cd f8 ff eb 8b 41 b8 01 00 00 00 48 89 d9 48 89 da 4c 89 d6 e8 11 f6 ff ff e9 72 ff ff ff <0f> 0b 49 8b 42 08 a8 01 75 c2 0f 0b 48 8b 3d a9 f4 19 01 e9 c5 fe [ 1374.042552] RSP: 0018:ffffaf7b812d7b90 EFLAGS: 00010246 [ 1374.042568] RAX: ffff91e437679200 RBX: ffff91e437679200 RCX: ffff91e437679200 [ 1374.042589] RDX: 00000000000088b6 RSI: ffff91e43da27060 RDI: ffff91e43d401a80 [ 1374.042609] RBP: ffffaf7b812d7ba8 R08: 0000000000027080 R09: ffffffffa6627a6d [ 1374.042629] R10: ffffd3af41dd9e40 R11: ffff91e43a1740dc R12: ffff91e3f52e8000 [ 1374.042650] R13: ffffffffa6627a6d R14: ffffffffffffffb9 R15: 0000000000000001 [ 1374.042675] FS: 00007f928df77740(0000) GS:ffff91e43da00000(0000) knlGS:0000000000000000 [ 1374.042697] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1374.042714] CR2: 000055a0c3ab6b50 CR3: 0000000079ed8004 CR4: 0000000000360ef0 [ 1374.042737] Call Trace: [ 1374.042750] kzfree+0x2d/0x40 [ 1374.042763] aa_free_profile+0x12b/0x270 [ 1374.042776] unpack_profile+0xc1/0xf10 [ 1374.042790] aa_unpack+0x115/0x4e0 [ 1374.042802] aa_replace_profiles+0x8e/0xcc0 [ 1374.042817] ? kvmalloc_node+0x6d/0x80 [ 1374.042831] ? __check_object_size+0x166/0x192 [ 1374.042845] policy_update+0xcf/0x1b0 [ 1374.042858] profile_load+0x7d/0xa0 [ 1374.042871] __vfs_write+0x3a/0x190 [ 1374.042883] ? apparmor_file_permission+0x1a/0x20 [ 1374.042899] ? security_file_permission+0x31/0xc0 [ 1374.042918] ? _cond_resched+0x19/0x30 [ 1374.042931] vfs_write+0xab/0x1b0 [ 1374.042963] ksys_write+0x55/0xc0 [ 1374.043004] __x64_sys_write+0x1a/0x20 [ 1374.043046] do_syscall_64+0x5a/0x110 [ 1374.043087] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: 9caafbe2b4cf ("apparmor: Parse secmark policy") Reported-by: Alex Murray <alex.murray@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-02-01T16:01:39+00:00 John Johansen john.johansen@canonical.com 2019-01-24T21:53:05+00:00 urn:sha1:d6d478aee003e19ef90321176552a8ad2929a47f aa_label_merge() can return NULL for memory allocations failures make sure to handle and set the correct error in this case. Reported-by: Peng Hao <peng.hao2@zte.com.cn> Signed-off-by: John Johansen <john.johansen@canonical.com> 2019-02-01T12:12:57+00:00 Petr Vorel pvorel@suse.cz 2018-11-12T10:59:12+00:00 urn:sha1:a1a02062ad466052a34a8c4323143ccf9726eb52 when compiled without CONFIG_IPV6: security/apparmor/lsm.c:1601:21: warning: ‘apparmor_ipv6_postroute’ defined but not used [-Wunused-function] static unsigned int apparmor_ipv6_postroute(void *priv, ^~~~~~~~~~~~~~~~~~~~~~~ Reported-by: Jordan Glover <Golden_Miller83@protonmail.ch> Tested-by: Jordan Glover <Golden_Miller83@protonmail.ch> Signed-off-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: John Johansen <john.johansen@canonical.com> 2019-01-05T21:25:58+00:00 Linus Torvalds torvalds@linux-foundation.org 2019-01-05T21:25:58+00:00 urn:sha1:505b050fdf42097883b2d37b8e796e1f11dbef50 Pull vfs mount API prep from Al Viro: "Mount API prereqs. Mostly that's LSM mount options cleanups. There are several minor fixes in there, but nothing earth-shattering (leaks on failure exits, mostly)" * 'mount.part1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (27 commits) mount_fs: suppress MAC on MS_SUBMOUNT as well as MS_KERNMOUNT smack: rewrite smack_sb_eat_lsm_opts() smack: get rid of match_token() smack: take the guts of smack_parse_opts_str() into a new helper LSM: new method: ->sb_add_mnt_opt() selinux: rewrite selinux_sb_eat_lsm_opts() selinux: regularize Opt_... names a bit selinux: switch away from match_token() selinux: new helper - selinux_add_opt() LSM: bury struct security_mnt_opts smack: switch to private smack_mnt_opts selinux: switch to private struct selinux_mnt_opts LSM: hide struct security_mnt_opts from any generic code selinux: kill selinux_sb_get_mnt_opts() LSM: turn sb_eat_lsm_opts() into a method nfs_remount(): don't leak, don't ignore LSM options quietly btrfs: sanitize security_mnt_opts use selinux; don't open-code a loop in sb_finish_set_opts() LSM: split ->sb_set_mnt_opts() out of ->sb_kern_mount() new helper: security_sb_eat_lsm_opts() ... 2018-12-27T21:53:32+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-12-27T21:53:32+00:00 urn:sha1:b71acb0e372160167bf6d5500b88b30b52ccef6e Pull crypto updates from Herbert Xu: "API: - Add 1472-byte test to tcrypt for IPsec - Reintroduced crypto stats interface with numerous changes - Support incremental algorithm dumps Algorithms: - Add xchacha12/20 - Add nhpoly1305 - Add adiantum - Add streebog hash - Mark cts(cbc(aes)) as FIPS allowed Drivers: - Improve performance of arm64/chacha20 - Improve performance of x86/chacha20 - Add NEON-accelerated nhpoly1305 - Add SSE2 accelerated nhpoly1305 - Add AVX2 accelerated nhpoly1305 - Add support for 192/256-bit keys in gcmaes AVX - Add SG support in gcmaes AVX - ESN for inline IPsec tx in chcr - Add support for CryptoCell 703 in ccree - Add support for CryptoCell 713 in ccree - Add SM4 support in ccree - Add SM3 support in ccree - Add support for chacha20 in caam/qi2 - Add support for chacha20 + poly1305 in caam/jr - Add support for chacha20 + poly1305 in caam/qi2 - Add AEAD cipher support in cavium/nitrox" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (130 commits) crypto: skcipher - remove remnants of internal IV generators crypto: cavium/nitrox - Fix build with !CONFIG_DEBUG_FS crypto: salsa20-generic - don't unnecessarily use atomic walk crypto: skcipher - add might_sleep() to skcipher_walk_virt() crypto: x86/chacha - avoid sleeping under kernel_fpu_begin() crypto: cavium/nitrox - Added AEAD cipher support crypto: mxc-scc - fix build warnings on ARM64 crypto: api - document missing stats member crypto: user - remove unused dump functions crypto: chelsio - Fix wrong error counter increments crypto: chelsio - Reset counters on cxgb4 Detach crypto: chelsio - Handle PCI shutdown event crypto: chelsio - cleanup:send addr as value in function argument crypto: chelsio - Use same value for both channel in single WR crypto: chelsio - Swap location of AAD and IV sent in WR crypto: chelsio - remove set but not used variable 'kctx_len' crypto: ux500 - Use proper enum in hash_set_dma_transfer crypto: ux500 - Use proper enum in cryp_set_dma_transfer crypto: aesni - Add scatter/gather avx stubs, and use them in C crypto: aesni - Introduce partial block macro .. 2018-12-20T16:32:56+00:00 David Howells dhowells@redhat.com 2018-11-01T23:07:23+00:00 urn:sha1:e262e32d6bde0f77fb0c95d977482fc872c51996 Only the mount namespace code that implements mount(2) should be using the MS_* flags. Suppress them inside the kernel unless uapi/linux/mount.h is included. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Reviewed-by: David Howells <dhowells@redhat.com> 2018-12-12T22:58:51+00:00 Paul Gortmaker paul.gortmaker@windriver.com 2018-12-09T20:36:29+00:00 urn:sha1:876979c9308b7228cdaf6785909c57eebc85d911 Historically a lot of these existed because we did not have a distinction between what was modular code and what was providing support to modules via EXPORT_SYMBOL and friends. That changed when we forked out support for the latter into the export.h file. This means we should be able to reduce the usage of module.h in code that is obj-y Makefile or bool Kconfig. The advantage in removing such instances is that module.h itself sources about 15 other headers; adding significantly to what we feed cpp, and it can obscure what headers we are effectively using. Since module.h might have been the implicit source for init.h (for __init) and for export.h (for EXPORT_SYMBOL) we consider each instance for the presence of either and replace as needed. Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: John Johansen <john.johansen@canonical.com> Cc: Mimi Zohar <zohar@linux.ibm.com> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: David Howells <dhowells@redhat.com> Cc: linux-security-module@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: keyrings@vger.kernel.org Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: James Morris <james.morris@microsoft.com> 2018-11-20T06:26:55+00:00 Eric Biggers ebiggers@google.com 2018-11-14T20:21:11+00:00 urn:sha1:3d234b3313cd12157946522fe35f5a4574f31169 'shash' algorithms are always synchronous, so passing CRYPTO_ALG_ASYNC in the mask to crypto_alloc_shash() has no effect. Many users therefore already don't pass it, but some still do. This inconsistency can cause confusion, especially since the way the 'mask' argument works is somewhat counterintuitive. Thus, just remove the unneeded CRYPTO_ALG_ASYNC flags. This patch shouldn't change any actual behavior. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-11-02T17:04:26+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-11-02T17:04:26+00:00 urn:sha1:d81f50bd34646d8373b989e55180c0fc9af94e0b Pull apparmor updates from John Johansen: "Features/Improvements: - replace spin_is_locked() with lockdep - add base support for secmark labeling and matching Cleanups: - clean an indentation issue, remove extraneous space - remove no-op permission check in policy_unpack - fix checkpatch missing spaces error in Parse secmark policy - fix network performance issue in aa_label_sk_perm Bug fixes: - add #ifdef checks for secmark filtering - fix an error code in __aa_create_ns() - don't try to replace stale label in ptrace checks - fix failure to audit context info in build_change_hat - check buffer bounds when mapping permissions mask - fully initialize aa_perms struct when answering userspace query - fix uninitialized value in aa_split_fqname" * tag 'apparmor-pr-2018-11-01' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: apparmor: clean an indentation issue, remove extraneous space apparmor: fix checkpatch error in Parse secmark policy apparmor: add #ifdef checks for secmark filtering apparmor: Fix uninitialized value in aa_split_fqname apparmor: don't try to replace stale label in ptraceme check apparmor: Replace spin_is_locked() with lockdep apparmor: Allow filtering based on secmark policy apparmor: Parse secmark policy apparmor: Add a wildcard secid apparmor: don't try to replace stale label in ptrace access check apparmor: Fix network performance issue in aa_label_sk_perm 2018-11-02T05:34:25+00:00 Colin Ian King colin.king@canonical.com 2018-10-30T14:11:31+00:00 urn:sha1:566f52ece7bd1099d20dfe2f6f0801896643cf8f Trivial fix to clean up an indentation issue, remove space Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>