[PATCH OLK-5.10 0/3] backport mainline bugfix
From: Felix Fu <fuzhen5@huawei.com> Eric Snowberg (1): KEYS: Create static version of public_key_verify_signature Georgia Garcia (1): apparmor: fix invalid reference on profile->disconnected Xiu Jianfeng (1): audit: correct audit_filter_inodes() definition include/crypto/public_key.h | 9 +++++++++ kernel/audit.h | 2 +- security/apparmor/policy.c | 1 + security/apparmor/policy_unpack.c | 5 +++-- 4 files changed, 14 insertions(+), 3 deletions(-) -- 2.34.1
From: Georgia Garcia <georgia.garcia@canonical.com> mainline inclusion from mainline-v6.7-rc1 commit 8884ba07786c718771cf7b78cb3024924b27ec2b category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9SY02 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... -------------------------------- profile->disconnected was storing an invalid reference to the disconnected path. Fix it by duplicating the string using aa_unpack_strdup and freeing accordingly. Fixes: 72c8a768641d ("apparmor: allow profiles to provide info to disconnected paths") Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Conflicts: security/apparmor/policy_unpack.c security/apparmor/policy.c [Because b11e51dd7 not merged, so change aa_unpack_str_dup to unpack_str_dup, it just has been renamed] Signed-off-by: Felix Fu <fuzhen5@huawei.com> --- security/apparmor/policy.c | 1 + security/apparmor/policy_unpack.c | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index fcf22577f606..600aeba802f1 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -218,6 +218,7 @@ void aa_free_profile(struct aa_profile *profile) aa_put_ns(profile->ns); kfree_sensitive(profile->rename); + kfree_sensitive(profile->disconnected); aa_free_file_rules(&profile->file); aa_free_cap_rules(&profile->caps); diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 6c2a536173b5..0e6e32a6fe67 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -678,7 +678,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) const char *info = "failed to unpack profile"; size_t ns_len; struct rhashtable_params params = { 0 }; - char *key = NULL; + char *key = NULL, *disconnected = NULL; struct aa_data *data; int i, error = -EPROTO; kernel_cap_t tmpcap; @@ -736,7 +736,8 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) } /* disconnected attachment string is optional */ - (void) unpack_str(e, &profile->disconnected, "disconnected"); + (void) unpack_strdup(e, &disconnected, "disconnected"); + profile->disconnected = disconnected; /* per profile debug flags (complain, audit) */ if (!unpack_nameX(e, AA_STRUCT, "flags")) { -- 2.34.1
From: Xiu Jianfeng <xiujianfeng@huawei.com> mainline inclusion from mainline-v6.6-rc1 commit bf98354280bff22bc9e57c698d485c9e1c0b04f3 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9SY02 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... -------------------------------- After changes in commit 0590b9335a1c ("fixing audit rule ordering mess, part 1"), audit_filter_inodes() returns void, so if CONFIG_AUDITSYSCALL not defined, it should be do {} while(0). Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Conflicts: kernel/audit.h [Fix context conflicts] Signed-off-by: Felix Fu <fuzhen5@huawei.com> --- kernel/audit.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/audit.h b/kernel/audit.h index 1918019e6aaf..9084d553b97b 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -326,7 +326,7 @@ static inline int audit_signal_info_syscall(struct task_struct *t) return 0; } -#define audit_filter_inodes(t, c) AUDIT_DISABLED +#define audit_filter_inodes(t, c) do { } while (0) #endif /* CONFIG_AUDITSYSCALL */ extern char *audit_unpack_string(void **bufp, size_t *remain, size_t len); -- 2.34.1
From: Eric Snowberg <eric.snowberg@oracle.com> mainline inclusion from mainline-v6.4-rc1 commit 7f8da9915fcc6386edf86471bf31e162845930a4 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9SY02 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... -------------------------------- The kernel test robot reports undefined reference to public_key_verify_signature when CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE is not defined. Create a static version in this case and return -EINVAL. Fixes: db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> gested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Felix Fu <fuzhen5@huawei.com> --- include/crypto/public_key.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 041e2c023a8e..28748a6b0a1d 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -90,7 +90,16 @@ extern int create_signature(struct kernel_pkey_params *, const void *, void *); extern int verify_signature(const struct key *, const struct public_key_signature *); +#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) int public_key_verify_signature(const struct public_key *pkey, const struct public_key_signature *sig); +#else +static inline +int public_key_verify_signature(const struct public_key *pkey, + const struct public_key_signature *sig) +{ + return -EINVAL; +} +#endif #endif /* _LINUX_PUBLIC_KEY_H */ -- 2.34.1
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/8184 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/E... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/8184 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/E...
participants (2)
-
felix -
patchwork bot