Skip to content
Snippets Groups Projects
  1. Nov 29, 2021
  2. Nov 27, 2021
  3. Nov 24, 2021
  4. Nov 23, 2021
  5. Nov 22, 2021
  6. Nov 18, 2021
    • Xu Jia's avatar
      ipv4: fix uninitialized warnings in fnhe_remove_oldest() · f9072e26
      Xu Jia authored
      
      hulk inclusion
      category: bugfix
      bugzilla: 177871
      CVE: NA
      
      -------------------------------------------------
      
      The following warning is falsely reported since commit
      e2eea86c (ipv4: make exception cache less predictible):
      
        error: ‘oldest_p’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
          *oldest_p = oldest->fnhe_next;
          ~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
        net/ipv4/route.c:602:44: note: ‘oldest_p’ was declared here
          struct fib_nh_exception __rcu **fnhe_p, **oldest_p;
      
      Fix and avoid the alarm.
      
      Signed-off-by: default avatarXu Jia <xujia39@huawei.com>
      Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
      Reviewed-by: default avatarWei Yongjun <weiyongjun1@huawei.com>
      Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
      f9072e26
    • zhenwei pi's avatar
      crypto: public_key: fix overflow during implicit conversion · d0562f6c
      zhenwei pi authored
      
      stable inclusion
      from linux-4.19.207
      commit aab312696d37de80502ca633b40184de24f22917
      
      --------------------------------
      
      commit f985911b7bc75d5c98ed24d8aaa8b94c590f7c6a upstream.
      
      Hit kernel warning like this, it can be reproduced by verifying 256
      bytes datafile by keyctl command, run script:
      RAWDATA=rawdata
      SIGDATA=sigdata
      
      modprobe pkcs8_key_parser
      
      rm -rf *.der *.pem *.pfx
      rm -rf $RAWDATA
      dd if=/dev/random of=$RAWDATA bs=256 count=1
      
      openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem \
        -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=xx.com/emailAddress=yy@xx.com"
      
      KEY_ID=`openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER | keyctl \
        padd asymmetric 123 @s`
      
      keyctl pkey_sign $KEY_ID 0 $RAWDATA enc=pkcs1 hash=sha1 > $SIGDATA
      keyctl pkey_verify $KEY_ID 0 $RAWDATA $SIGDATA enc=pkcs1 hash=sha1
      
      Then the kernel reports:
       WARNING: CPU: 5 PID: 344556 at crypto/rsa-pkcs1pad.c:540
         pkcs1pad_verify+0x160/0x190
       ...
       Call Trace:
        public_key_verify_signature+0x282/0x380
        ? software_key_query+0x12d/0x180
        ? keyctl_pkey_params_get+0xd6/0x130
        asymmetric_key_verify_signature+0x66/0x80
        keyctl_pkey_verify+0xa5/0x100
        do_syscall_64+0x35/0xb0
        entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      The reason of this issue, in function 'asymmetric_key_verify_signature':
      '.digest_size(u8) = params->in_len(u32)' leads overflow of an u8 value,
      so use u32 instead of u8 for digest_size field. And reorder struct
      public_key_signature, it saves 8 bytes on a 64-bit machine.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarzhenwei pi <pizhenwei@bytedance.com>
      Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
      d0562f6c
    • Nikolay Aleksandrov's avatar
      net: bridge: fix stale eth hdr pointer in br_dev_xmit · c7cc377d
      Nikolay Aleksandrov authored
      
      mainline inclusion
      from mainline-v5.6-rc4
      commit 823d81b0
      category: bugfix
      bugzilla: 185773
      CVE: NA
      
      -------------------------------------------------
      
      In br_dev_xmit() we perform vlan filtering in br_allowed_ingress() but
      if the packet has the vlan header inside (e.g. bridge with disabled
      tx-vlan-offload) then the vlan filtering code will use skb_vlan_untag()
      to extract the vid before filtering which in turn calls pskb_may_pull()
      and we may end up with a stale eth pointer. Moreover the cached eth header
      pointer will generally be wrong after that operation. Remove the eth header
      caching and just use eth_hdr() directly, the compiler does the right thing
      and calculates it only once so we don't lose anything.
      
      Fixes: 057658cb ("bridge: suppress arp pkts on BR_NEIGH_SUPPRESS ports")
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarHuang Guobin <huangguobin4@huawei.com>
      Reviewed-by: default avatarWei Yongjun <weiyongjun1@huawei.com>
      Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
      c7cc377d
  7. Nov 17, 2021
  8. Nov 15, 2021
  9. Nov 12, 2021