Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v5.15.208 2025-03-13T11:50:18+00:00 2025-03-13T11:50:18+00:00 Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2024-12-16T10:38:40+00:00 urn:sha1:b2bd5857a0d6973ebbcb4d9831ddcaebbd257be1 [ Upstream commit 3df7546fc03b8f004eee0b9e3256369f7d096685 ] syzbot is reporting too large allocation warning at tomoyo_write_control(), for one can write a very very long line without new line character. To fix this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE, for practically a valid line should be always shorter than 32KB where the "too small to fail" memory-allocation rule applies. One might try to write a valid line that is longer than 32KB, but such request will likely fail with -ENOMEM. Therefore, I feel that separately returning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant. There is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE. Reported-by: syzbot+7536f77535e5210a5c76@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=7536f77535e5210a5c76 Reported-by: Leo Stone <leocstone@gmail.com> Closes: https://lkml.kernel.org/r/20241216021459.178759-2-leocstone@gmail.com Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-03-06T14:38:48+00:00 Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2024-03-01T13:04:06+00:00 urn:sha1:7d930a4da17958f869ef679ee0e4a8729337affc commit 2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815 upstream. Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems. Reported-by: Sam Sun <samsun1006219@gmail.com> Closes: https://lkml.kernel.org/r/CAEkJfYNDspuGxYx5kym8Lvp--D36CMDUErg4rxfWFJuPbbji8g@mail.gmail.com Fixes: bd03a3e4c9a9 ("TOMOYO: Add policy namespace support.") Cc: <stable@vger.kernel.org> # Linux 3.1+ Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2020-12-06T04:44:57+00:00 Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2020-12-06T04:44:57+00:00 urn:sha1:15269fb193108ba8a3774507d0bbd70949ab610d Spotted by developers and codespell program. Co-developed-by: Xiaoming Ni <nixiaoming@huawei.com> Signed-off-by: Xiaoming Ni <nixiaoming@huawei.com> Co-developed-by: Souptick Joarder <jrdr.linux@gmail.com> Signed-off-by: Souptick Joarder <jrdr.linux@gmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2020-11-27T10:36:11+00:00 Zheng Zengkai zhengzengkai@huawei.com 2020-11-26T14:38:15+00:00 urn:sha1:1b6b924efeb9e46f0ca2ebe5b9bb6b276defe52d Since tomoyo_memory_ok() will check for null pointer returned by kzalloc() in tomoyo_assign_profile(), tomoyo_assign_namespace(), tomoyo_get_name() and tomoyo_commit_ok(), then emit OOM warnings if needed. And this is the expected behavior as informed by Tetsuo Handa. Let's add __GFP_NOWARN to kzalloc() in those related functions. Besides, to achieve this goal, remove the null check for entry right after kzalloc() in tomoyo_assign_namespace(). Reported-by: Hulk Robot <hulkci@huawei.com> Suggested-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2020-08-23T22:36:59+00:00 Gustavo A. R. Silva gustavoars@kernel.org 2020-08-23T22:36:59+00:00 urn:sha1:df561f6688fef775baa341a0f5d960becd248b11 Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> 2020-06-03T00:12:07+00:00 Linus Torvalds torvalds@linux-foundation.org 2020-06-03T00:12:07+00:00 urn:sha1:91681e8480af21dcab2c0d91bb1b7851cbc83d81 Pull tomoyo update from Tetsuo Handa: "One patch for suppressing coccicheck's warning" * tag 'tomoyo-pr-20200601' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1: tomoyo: use true for bool variable 2020-05-29T15:02:29+00:00 Al Viro viro@zeniv.linux.org.uk 2020-04-23T14:20:06+00:00 urn:sha1:00fca6b53a88f600c59bae3828e1c2fdce58be0d address is passed only to get_user() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2020-05-11T23:39:53+00:00 Zou Wei zou_wei@huawei.com 2020-04-14T08:19:48+00:00 urn:sha1:27acbf41be3928999b3a291fceee2a4b50218f00 Fixes coccicheck warning: security/tomoyo/common.c:1028:2-13: WARNING: Assignment of 0/1 to bool variable Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Zou Wei <zou_wei@huawei.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2020-01-02T03:53:49+00:00 Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2020-01-02T03:53:49+00:00 urn:sha1:a8772fad0172aeae339144598b809fd8d4823331 syzbot is reporting that there is a race at tomoyo_stat_update() [1]. Although it is acceptable to fail to track exact number of times policy was updated, convert to atomic_t because this is not a hot path. [1] https://syzkaller.appspot.com/bug?id=a4d7b973972eeed410596e6604580e0133b0fc04 Reported-by: syzbot <syzbot+efea72d4a0a1d03596cd@syzkaller.appspotmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2019-12-16T14:02:27+00:00 Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2019-12-16T10:16:48+00:00 urn:sha1:6bd5ce6089b561f5392460bfb654dea89356ab1b John Garry has reported that allmodconfig kernel on arm64 causes flood of "RCU-list traversed in non-reader section!!" warning. I don't know what change caused this warning, but this warning is safe because TOMOYO uses SRCU lock instead. Let's suppress this warning by explicitly telling that the caller is holding SRCU lock. Reported-and-tested-by: John Garry <john.garry@huawei.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>