All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH AUTOSEL 4.4 1/3] qede: Fix memset corruption
@ 2021-08-30 12:00 Sasha Levin
  2021-08-30 12:01 ` [PATCH AUTOSEL 4.4 2/3] net: fix NULL pointer reference in cipso_v4_doi_free Sasha Levin
  2021-08-30 12:01 ` [PATCH AUTOSEL 4.4 3/3] cryptoloop: add a deprecation warning Sasha Levin
  0 siblings, 2 replies; 3+ messages in thread
From: Sasha Levin @ 2021-08-30 12:00 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Shai Malin, Prabhakar Kushwaha, Ariel Elior, Kees Cook,
	David S . Miller, Sasha Levin, netdev

From: Shai Malin <smalin@marvell.com>

[ Upstream commit e543468869e2532f5d7926e8f417782b48eca3dc ]

Thanks to Kees Cook who detected the problem of memset that starting
from not the first member, but sized for the whole struct.
The better change will be to remove the redundant memset and to clear
only the msix_cnt member.

Signed-off-by: Prabhakar Kushwaha <pkushwaha@marvell.com>
Signed-off-by: Ariel Elior <aelior@marvell.com>
Signed-off-by: Shai Malin <smalin@marvell.com>
Reported-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c
index c677b69bbb0b..22c6eaaf3d9f 100644
--- a/drivers/net/ethernet/qlogic/qede/qede_main.c
+++ b/drivers/net/ethernet/qlogic/qede/qede_main.c
@@ -1918,6 +1918,7 @@ static void qede_sync_free_irqs(struct qede_dev *edev)
 	}
 
 	edev->int_info.used_cnt = 0;
+	edev->int_info.msix_cnt = 0;
 }
 
 static int qede_req_msix_irqs(struct qede_dev *edev)
@@ -2341,7 +2342,6 @@ static int qede_load(struct qede_dev *edev, enum qede_load_mode mode)
 
 err4:
 	qede_sync_free_irqs(edev);
-	memset(&edev->int_info.msix_cnt, 0, sizeof(struct qed_int_info));
 err3:
 	qede_napi_disable_remove(edev);
 err2:
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH AUTOSEL 4.4 2/3] net: fix NULL pointer reference in cipso_v4_doi_free
  2021-08-30 12:00 [PATCH AUTOSEL 4.4 1/3] qede: Fix memset corruption Sasha Levin
@ 2021-08-30 12:01 ` Sasha Levin
  2021-08-30 12:01 ` [PATCH AUTOSEL 4.4 3/3] cryptoloop: add a deprecation warning Sasha Levin
  1 sibling, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2021-08-30 12:01 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: 王贇,
	Abaci, David S . Miller, Sasha Levin, netdev,
	linux-security-module

From: 王贇 <yun.wang@linux.alibaba.com>

[ Upstream commit 733c99ee8be9a1410287cdbb943887365e83b2d6 ]

In netlbl_cipsov4_add_std() when 'doi_def->map.std' alloc
failed, we sometime observe panic:

  BUG: kernel NULL pointer dereference, address:
  ...
  RIP: 0010:cipso_v4_doi_free+0x3a/0x80
  ...
  Call Trace:
   netlbl_cipsov4_add_std+0xf4/0x8c0
   netlbl_cipsov4_add+0x13f/0x1b0
   genl_family_rcv_msg_doit.isra.15+0x132/0x170
   genl_rcv_msg+0x125/0x240

This is because in cipso_v4_doi_free() there is no check
on 'doi_def->map.std' when 'doi_def->type' equal 1, which
is possibe, since netlbl_cipsov4_add_std() haven't initialize
it before alloc 'doi_def->map.std'.

This patch just add the check to prevent panic happen for similar
cases.

Reported-by: Abaci <abaci@linux.alibaba.com>
Signed-off-by: Michael Wang <yun.wang@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ipv4/cipso_ipv4.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index e798e27b3c7d..918fd4bc5534 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -551,14 +551,16 @@ void cipso_v4_doi_free(struct cipso_v4_doi *doi_def)
 	if (!doi_def)
 		return;
 
-	switch (doi_def->type) {
-	case CIPSO_V4_MAP_TRANS:
-		kfree(doi_def->map.std->lvl.cipso);
-		kfree(doi_def->map.std->lvl.local);
-		kfree(doi_def->map.std->cat.cipso);
-		kfree(doi_def->map.std->cat.local);
-		kfree(doi_def->map.std);
-		break;
+	if (doi_def->map.std) {
+		switch (doi_def->type) {
+		case CIPSO_V4_MAP_TRANS:
+			kfree(doi_def->map.std->lvl.cipso);
+			kfree(doi_def->map.std->lvl.local);
+			kfree(doi_def->map.std->cat.cipso);
+			kfree(doi_def->map.std->cat.local);
+			kfree(doi_def->map.std);
+			break;
+		}
 	}
 	kfree(doi_def);
 }
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH AUTOSEL 4.4 3/3] cryptoloop: add a deprecation warning
  2021-08-30 12:00 [PATCH AUTOSEL 4.4 1/3] qede: Fix memset corruption Sasha Levin
  2021-08-30 12:01 ` [PATCH AUTOSEL 4.4 2/3] net: fix NULL pointer reference in cipso_v4_doi_free Sasha Levin
@ 2021-08-30 12:01 ` Sasha Levin
  1 sibling, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2021-08-30 12:01 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Christoph Hellwig, Jens Axboe, Sasha Levin, linux-block

From: Christoph Hellwig <hch@lst.de>

[ Upstream commit 222013f9ac30b9cec44301daa8dbd0aae38abffb ]

Support for cryptoloop has been officially marked broken and deprecated
in favor of dm-crypt (which supports the same broken algorithms if
needed) in Linux 2.6.4 (released in March 2004), and support for it has
been entirely removed from losetup in util-linux 2.23 (released in April
2013).  Add a warning and a deprecation schedule.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210827163250.255325-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/block/Kconfig      | 4 ++--
 drivers/block/cryptoloop.c | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/block/Kconfig b/drivers/block/Kconfig
index c794e215ea3d..324abc8d53fa 100644
--- a/drivers/block/Kconfig
+++ b/drivers/block/Kconfig
@@ -267,7 +267,7 @@ config BLK_DEV_LOOP_MIN_COUNT
 	  dynamically allocated with the /dev/loop-control interface.
 
 config BLK_DEV_CRYPTOLOOP
-	tristate "Cryptoloop Support"
+	tristate "Cryptoloop Support (DEPRECATED)"
 	select CRYPTO
 	select CRYPTO_CBC
 	depends on BLK_DEV_LOOP
@@ -279,7 +279,7 @@ config BLK_DEV_CRYPTOLOOP
 	  WARNING: This device is not safe for journaled file systems like
 	  ext3 or Reiserfs. Please use the Device Mapper crypto module
 	  instead, which can be configured to be on-disk compatible with the
-	  cryptoloop device.
+	  cryptoloop device.  cryptoloop support will be removed in Linux 5.16.
 
 source "drivers/block/drbd/Kconfig"
 
diff --git a/drivers/block/cryptoloop.c b/drivers/block/cryptoloop.c
index 99e773cb70d0..d3d1f24ca7a3 100644
--- a/drivers/block/cryptoloop.c
+++ b/drivers/block/cryptoloop.c
@@ -201,6 +201,8 @@ init_cryptoloop(void)
 
 	if (rc)
 		printk(KERN_ERR "cryptoloop: loop_register_transfer failed\n");
+	else
+		pr_warn("the cryptoloop driver has been deprecated and will be removed in in Linux 5.16\n");
 	return rc;
 }
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-08-30 12:02 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-30 12:00 [PATCH AUTOSEL 4.4 1/3] qede: Fix memset corruption Sasha Levin
2021-08-30 12:01 ` [PATCH AUTOSEL 4.4 2/3] net: fix NULL pointer reference in cipso_v4_doi_free Sasha Levin
2021-08-30 12:01 ` [PATCH AUTOSEL 4.4 3/3] cryptoloop: add a deprecation warning Sasha Levin

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.