mailweb.openeuler.org
Manage this list
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
2024
November
October
September
August
July
June
May
April
March
February
January
2023
December
November
October
September
August
July
June
May
April
March
February
January
2022
December
November
October
September
August
July
June
May
April
March
February
January
2021
December
November
October
September
August
July
June
May
April
March
February
January
2020
December
November
October
September
August
July
June
May
April
March
February
January
2019
December
List overview
Download
Kernel
September 2024
----- 2024 -----
November 2024
October 2024
September 2024
August 2024
July 2024
June 2024
May 2024
April 2024
March 2024
February 2024
January 2024
----- 2023 -----
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
----- 2022 -----
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
April 2022
March 2022
February 2022
January 2022
----- 2021 -----
December 2021
November 2021
October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
----- 2020 -----
December 2020
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
----- 2019 -----
December 2019
kernel@openeuler.org
84 participants
915 discussions
Start a n
N
ew thread
[PATCH OLK-5.10] netfilter: tproxy: bail out if IP has been disabled on the device
by Yongqiang Liu
20 Sep '24
20 Sep '24
From: Florian Westphal <fw(a)strlen.de> stable inclusion from stable-v5.10.219 commit 07eeedafc59c45fe5de43958128542be3784764c category: bugfix bugzilla:
https://gitee.com/src-openeuler/kernel/issues/IA7D8P
CVE: CVE-2024-36270 Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
-------------------------------- [ Upstream commit 21a673bddc8fd4873c370caf9ae70ffc6d47e8d3 ] syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [..] RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62 Call Trace: nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline] nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168 __in_dev_get_rcu() can return NULL, so check for this. Reported-and-tested-by: syzbot+b94a6818504ea90d7661(a)syzkaller.appspotmail.com Fixes: cc6eb4338569 ("tproxy: use the interface primary IP address as a default value for --on-ip") Signed-off-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Yongqiang Liu <liuyongqiang13(a)huawei.com> --- net/ipv4/netfilter/nf_tproxy_ipv4.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv4/netfilter/nf_tproxy_ipv4.c b/net/ipv4/netfilter/nf_tproxy_ipv4.c index 61cb2341f50f..7c1a0cd9f435 100644 --- a/net/ipv4/netfilter/nf_tproxy_ipv4.c +++ b/net/ipv4/netfilter/nf_tproxy_ipv4.c @@ -58,6 +58,8 @@ __be32 nf_tproxy_laddr4(struct sk_buff *skb, __be32 user_laddr, __be32 daddr) laddr = 0; indev = __in_dev_get_rcu(skb->dev); + if (!indev) + return daddr; in_dev_for_each_ifa_rcu(ifa, indev) { if (ifa->ifa_flags & IFA_F_SECONDARY) -- 2.34.1
2
1
0
0
[PATCH openEuler-22.03-LTS-SP1] netfilter: tproxy: bail out if IP has been disabled on the device
by Yongqiang Liu
20 Sep '24
20 Sep '24
From: Florian Westphal <fw(a)strlen.de> stable inclusion from stable-v5.10.219 commit 07eeedafc59c45fe5de43958128542be3784764c category: bugfix bugzilla:
https://gitee.com/src-openeuler/kernel/issues/IA7D8P
CVE: CVE-2024-36270 Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
-------------------------------- [ Upstream commit 21a673bddc8fd4873c370caf9ae70ffc6d47e8d3 ] syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [..] RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62 Call Trace: nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline] nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168 __in_dev_get_rcu() can return NULL, so check for this. Reported-and-tested-by: syzbot+b94a6818504ea90d7661(a)syzkaller.appspotmail.com Fixes: cc6eb4338569 ("tproxy: use the interface primary IP address as a default value for --on-ip") Signed-off-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Yongqiang Liu <liuyongqiang13(a)huawei.com> --- net/ipv4/netfilter/nf_tproxy_ipv4.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv4/netfilter/nf_tproxy_ipv4.c b/net/ipv4/netfilter/nf_tproxy_ipv4.c index 61cb2341f50f..7c1a0cd9f435 100644 --- a/net/ipv4/netfilter/nf_tproxy_ipv4.c +++ b/net/ipv4/netfilter/nf_tproxy_ipv4.c @@ -58,6 +58,8 @@ __be32 nf_tproxy_laddr4(struct sk_buff *skb, __be32 user_laddr, __be32 daddr) laddr = 0; indev = __in_dev_get_rcu(skb->dev); + if (!indev) + return daddr; in_dev_for_each_ifa_rcu(ifa, indev) { if (ifa->ifa_flags & IFA_F_SECONDARY) -- 2.34.1
2
1
0
0
[PATCH OLK-6.6] arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 register
by yangjinqian
19 Sep '24
19 Sep '24
From: Nianyao Tang <tangnianyao(a)huawei.com> mainline inclusion from mainline-v6.11-rc1 commit e8cde32f111f7f5681a7bad3ec747e9e697569a9 category: other bugzilla:
https://gitee.com/openeuler/kernel/issues/IAS9Z8
CVE: NA Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?id=…
------------------------------------------------------------------------------- Enable ECBHB bits in ID_AA64MMFR1 register as per ARM DDI 0487K.a specification. When guest OS read ID_AA64MMFR1_EL1, kvm emulate this reg using ftr_id_aa64mmfr1 and always return ID_AA64MMFR1_EL1.ECBHB=0 to guest. It results in guest syscall jump to tramp ventry, which is not needed in implementation with ID_AA64MMFR1_EL1.ECBHB=1. Let's make the guest syscall process the same as the host. Signed-off-by: Nianyao Tang <tangnianyao(a)huawei.com> Link:
https://lore.kernel.org/r/20240611122049.2758600-1-tangnianyao@huawei.com
Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Jinqian Yang <yangjinqian1(a)huawei.com> Signed-off-by: Zhou Wang <wangzhou1(a)hisilicon.com> --- arch/arm64/kernel/cpufeature.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index f94bc6eb83e0..eb700e404aac 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -367,6 +367,7 @@ static const struct arm64_ftr_bits ftr_id_aa64mmfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64mmfr1[] = { + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_EL1_ECBHB_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_EL1_TIDCP1_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_EL1_AFP_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_EL1_HCX_SHIFT, 4, 0), -- 2.33.0
2
1
0
0
[PATCH openEuler-22.03-LTS-SP1 0/1] fix CVE-2024-46723
by Liao Chen
19 Sep '24
19 Sep '24
fix CVE-2024-46723 Tim Huang (1): [Backport] drm/amdgpu: fix ucode out-of-bounds read warning drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.34.1
2
2
0
0
[PATCH openEuler-1.0-LTS 0/1] fix CVE-2024-46723
by Liao Chen
19 Sep '24
19 Sep '24
fix CVE-2024-46723 Tim Huang (1): drm/amdgpu: fix ucode out-of-bounds read warning drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.34.1
2
2
0
0
[PATCH OLK-5.10 0/1] fix CVE-2024-46723
by Liao Chen
19 Sep '24
19 Sep '24
fix CVE-2024-46723 Tim Huang (1): drm/amdgpu: fix ucode out-of-bounds read warning drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.34.1
2
2
0
0
[PATCH OLK-6.6 0/1] fix CVE-2024-46723
by Liao Chen
19 Sep '24
19 Sep '24
fix CVE-2024-46723 Tim Huang (1): [Backport] drm/amdgpu: fix ucode out-of-bounds read warning drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.34.1
3
5
0
0
[PATCH OLK-6.6 0/1] CVE-2024-46785
by Yuntao Liu
19 Sep '24
19 Sep '24
CVE-2024-46785 Steven Rostedt (1): eventfs: Use list_del_rcu() for SRCU protected list variable fs/tracefs/event_inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.34.1
2
2
0
0
[PATCH OLK-6.6] [Backport] smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
by Li Lingfeng
19 Sep '24
19 Sep '24
From: ChenXiaoSong <chenxiaosong(a)kylinos.cn> mainline inclusion from mainline-v6.11-rc5 commit 4e8771a3666c8f216eefd6bd2fd50121c6c437db category: bugfix bugzilla:
https://gitee.com/src-openeuler/kernel/issues/IARWV6
CVE: CVE-2024-46742 Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
-------------------------------- null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL. Fix this by check if 'lease_ctx_info' is NULL. Additionally, remove the redundant parentheses in parse_durable_handle_context(). Signed-off-by: ChenXiaoSong <chenxiaosong(a)kylinos.cn> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Li Lingfeng <lilingfeng3(a)huawei.com> --- fs/smb/server/oplock.c | 2 +- fs/smb/server/smb2pdu.c | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/fs/smb/server/oplock.c b/fs/smb/server/oplock.c index a8f52c4ebbda..e546ffa57b55 100644 --- a/fs/smb/server/oplock.c +++ b/fs/smb/server/oplock.c @@ -1510,7 +1510,7 @@ void create_lease_buf(u8 *rbuf, struct lease *lease) * parse_lease_state() - parse lease context containted in file open request * @open_req: buffer containing smb2 file open(create) request * - * Return: oplock state, -ENOENT if create lease context not found + * Return: allocated lease context object on success, otherwise NULL */ struct lease_ctx_info *parse_lease_state(void *open_req) { diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 4d91210e6acf..7f8b55c39e84 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -2761,8 +2761,8 @@ static int parse_durable_handle_context(struct ksmbd_work *work, } } - if (((lc && (lc->req_state & SMB2_LEASE_HANDLE_CACHING_LE)) || - req_op_level == SMB2_OPLOCK_LEVEL_BATCH)) { + if ((lc && (lc->req_state & SMB2_LEASE_HANDLE_CACHING_LE)) || + req_op_level == SMB2_OPLOCK_LEVEL_BATCH) { dh_info->CreateGuid = durable_v2_blob->CreateGuid; dh_info->persistent = @@ -2782,8 +2782,8 @@ static int parse_durable_handle_context(struct ksmbd_work *work, goto out; } - if (((lc && (lc->req_state & SMB2_LEASE_HANDLE_CACHING_LE)) || - req_op_level == SMB2_OPLOCK_LEVEL_BATCH)) { + if ((lc && (lc->req_state & SMB2_LEASE_HANDLE_CACHING_LE)) || + req_op_level == SMB2_OPLOCK_LEVEL_BATCH) { ksmbd_debug(SMB, "Request for durable open\n"); dh_info->type = dh_idx; } @@ -3414,7 +3414,7 @@ int smb2_open(struct ksmbd_work *work) goto err_out1; } } else { - if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) { + if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE && lc) { if (S_ISDIR(file_inode(filp)->i_mode)) { lc->req_state &= ~SMB2_LEASE_WRITE_CACHING_LE; lc->is_dir = true; -- 2.31.1
2
1
0
0
[PATCH OLK-5.10] smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
by Li Lingfeng
19 Sep '24
19 Sep '24
From: ChenXiaoSong <chenxiaosong(a)kylinos.cn> mainline inclusion from mainline-v6.11-rc5 commit 4e8771a3666c8f216eefd6bd2fd50121c6c437db category: bugfix bugzilla:
https://gitee.com/src-openeuler/kernel/issues/IARWV6
CVE: CVE-2024-46742 Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…
-------------------------------- null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL. Fix this by check if 'lease_ctx_info' is NULL. Additionally, remove the redundant parentheses in parse_durable_handle_context(). Signed-off-by: ChenXiaoSong <chenxiaosong(a)kylinos.cn> Signed-off-by: Steve French <stfrench(a)microsoft.com> Conflicts: fs/smb/server/oplock.c fs/smb/server/smb2pdu.c [Commit c8efcc786146 ("ksmbd: add support for durable handles v1/v2") add parse_durable_handle_context(); Commit 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") move oplock.c and smb2pdu.c from fs/ksmbd/ to fs/smb/server/.] Signed-off-by: Li Lingfeng <lilingfeng3(a)huawei.com> --- fs/ksmbd/oplock.c | 2 +- fs/ksmbd/smb2pdu.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ksmbd/oplock.c b/fs/ksmbd/oplock.c index 6df455a54b70..3324bb226c79 100644 --- a/fs/ksmbd/oplock.c +++ b/fs/ksmbd/oplock.c @@ -1389,7 +1389,7 @@ void create_lease_buf(u8 *rbuf, struct lease *lease) * parse_lease_state() - parse lease context containted in file open request * @open_req: buffer containing smb2 file open(create) request * - * Return: oplock state, -ENOENT if create lease context not found + * Return: allocated lease context object on success, otherwise NULL */ struct lease_ctx_info *parse_lease_state(void *open_req) { diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c index 50ef53115cab..a5f71fd7b1a8 100644 --- a/fs/ksmbd/smb2pdu.c +++ b/fs/ksmbd/smb2pdu.c @@ -3115,7 +3115,7 @@ int smb2_open(struct ksmbd_work *work) goto err_out; } } else { - if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) { + if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE && lc) { req_op_level = smb2_map_lease_to_oplock(lc->req_state); ksmbd_debug(SMB, "lease req for(%s) req oplock state 0x%x, lease state 0x%x\n", -- 2.31.1
2
1
0
0
← Newer
1
...
45
46
47
48
49
50
51
...
92
Older →
Jump to page:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
Results per page:
10
25
50
100
200