Merge tag 'ASB-2021-02-05_4.19-stable' of https://android.googlesource.com/kernel/common
https://source.android.com/security/bulletin/2021-02-01 CVE-2017-18509 CVE-2020-10767 * tag 'ASB-2021-02-05_4.19-stable': (809 commits) ANDROID: GKI: fix up abi issues with 4.19.172 Linux 4.19.172 fs: fix lazytime expiration handling in __writeback_single_inode() writeback: Drop I_DIRTY_TIME_EXPIRE dm integrity: conditionally disable "recalculate" feature tools: Factor HOSTCC, HOSTLD, HOSTAR definitions tracing: Fix race in trace_open and buffer resize call HID: wacom: Correct NULL dereference on AES pen proximity futex: Handle faults correctly for PI futexes futex: Simplify fixup_pi_state_owner() futex: Use pi_state_update_owner() in put_pi_state() rtmutex: Remove unused argument from rt_mutex_proxy_unlock() futex: Provide and use pi_state_update_owner() futex: Replace pointless printk in fixup_owner() futex: Ensure the correct return value from futex_lock_pi() futex: Prevent exit livelock futex: Provide distinct return value when owner is exiting futex: Add mutex around futex exit futex: Provide state handling for exec() as well futex: Sanitize exit state handling ... Change-Id: Ieba6ee3a91a05d504e1f829a84e7d364e7d983f2 Conflicts: arch/arm64/boot/dts/rockchip/rk3328.dtsi drivers/md/Kconfig drivers/usb/gadget/function/f_uac2.c
This commit is contained in:
Tao Huang
@@ -415,7 +415,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
|
||||
loff_t i_size;
|
||||
int rc;
|
||||
struct file *f = file;
|
||||
bool new_file_instance = false, modified_mode = false;
|
||||
bool new_file_instance = false;
|
||||
|
||||
/*
|
||||
* For consistency, fail file's opened with the O_DIRECT flag on
|
||||
@@ -433,18 +433,10 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
|
||||
O_TRUNC | O_CREAT | O_NOCTTY | O_EXCL);
|
||||
flags |= O_RDONLY;
|
||||
f = dentry_open(&file->f_path, flags, file->f_cred);
|
||||
if (IS_ERR(f)) {
|
||||
/*
|
||||
* Cannot open the file again, lets modify f_mode
|
||||
* of original and continue
|
||||
*/
|
||||
pr_info_ratelimited("Unable to reopen file for reading.\n");
|
||||
f = file;
|
||||
f->f_mode |= FMODE_READ;
|
||||
modified_mode = true;
|
||||
} else {
|
||||
new_file_instance = true;
|
||||
}
|
||||
if (IS_ERR(f))
|
||||
return PTR_ERR(f);
|
||||
|
||||
new_file_instance = true;
|
||||
}
|
||||
|
||||
i_size = i_size_read(file_inode(f));
|
||||
@@ -459,8 +451,6 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
|
||||
out:
|
||||
if (new_file_instance)
|
||||
fput(f);
|
||||
else if (modified_mode)
|
||||
f->f_mode &= ~FMODE_READ;
|
||||
return rc;
|
||||
}
|
||||
|
||||
@@ -651,7 +641,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len,
|
||||
return calc_buffer_shash(buf, len, hash);
|
||||
}
|
||||
|
||||
static void __init ima_pcrread(int idx, u8 *pcr)
|
||||
static void ima_pcrread(int idx, u8 *pcr)
|
||||
{
|
||||
if (!ima_tpm_chip)
|
||||
return;
|
||||
|
||||
@@ -277,7 +277,9 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
||||
struct inode *inode;
|
||||
|
||||
audit_log_format(ab, " name=");
|
||||
spin_lock(&a->u.dentry->d_lock);
|
||||
audit_log_untrustedstring(ab, a->u.dentry->d_name.name);
|
||||
spin_unlock(&a->u.dentry->d_lock);
|
||||
|
||||
inode = d_backing_inode(a->u.dentry);
|
||||
if (inode) {
|
||||
@@ -295,8 +297,9 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
||||
dentry = d_find_alias(inode);
|
||||
if (dentry) {
|
||||
audit_log_format(ab, " name=");
|
||||
audit_log_untrustedstring(ab,
|
||||
dentry->d_name.name);
|
||||
spin_lock(&dentry->d_lock);
|
||||
audit_log_untrustedstring(ab, dentry->d_name.name);
|
||||
spin_unlock(&dentry->d_lock);
|
||||
dput(dentry);
|
||||
}
|
||||
audit_log_format(ab, " dev=");
|
||||
|
||||
@@ -1619,7 +1619,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
||||
* inode_doinit with a dentry, before these inodes could
|
||||
* be used again by userspace.
|
||||
*/
|
||||
goto out;
|
||||
goto out_invalid;
|
||||
}
|
||||
|
||||
len = INITCONTEXTLEN;
|
||||
@@ -1735,7 +1735,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
||||
* could be used again by userspace.
|
||||
*/
|
||||
if (!dentry)
|
||||
goto out;
|
||||
goto out_invalid;
|
||||
rc = selinux_genfs_get_sid(dentry, sclass,
|
||||
sbsec->flags, &sid);
|
||||
dput(dentry);
|
||||
@@ -1748,11 +1748,10 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
||||
out:
|
||||
spin_lock(&isec->lock);
|
||||
if (isec->initialized == LABEL_PENDING) {
|
||||
if (!sid || rc) {
|
||||
if (rc) {
|
||||
isec->initialized = LABEL_INVALID;
|
||||
goto out_unlock;
|
||||
}
|
||||
|
||||
isec->initialized = LABEL_INITIALIZED;
|
||||
isec->sid = sid;
|
||||
}
|
||||
@@ -1760,6 +1759,15 @@ out:
|
||||
out_unlock:
|
||||
spin_unlock(&isec->lock);
|
||||
return rc;
|
||||
|
||||
out_invalid:
|
||||
spin_lock(&isec->lock);
|
||||
if (isec->initialized == LABEL_PENDING) {
|
||||
isec->initialized = LABEL_INVALID;
|
||||
isec->sid = sid;
|
||||
}
|
||||
spin_unlock(&isec->lock);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Convert a Linux signal to an access vector. */
|
||||
|
||||
Reference in New Issue
Block a user