diff options
author | Vignesh Raghavendra <vigneshr@ti.com> | 2022-06-12 15:11:39 +0530 |
---|---|---|
committer | Vignesh Raghavendra <vigneshr@ti.com> | 2022-06-12 15:11:39 +0530 |
commit | 7d8201c5206f591356ecfd4ffea97f33ea0208aa (patch) | |
tree | bf1d077450d2b994951b7e94dc57f23cbec7f32b /security | |
parent | 3231c97207ced08a916a642409ed7e49f578980f (diff) | |
parent | 70dd2d169d08f059ff25a41278ab7c658b1d2af8 (diff) |
Merge tag 'v5.10.120' of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux into ti-linux-5.10.y
This is the 5.10.120 stable release
* tag 'v5.10.120' of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux: (394 commits)
Linux 5.10.120
bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
bpf: Fix potential array overflow in bpf_trampoline_get_progs()
NFSD: Fix possible sleep during nfsd4_release_lockowner()
NFS: Memory allocation failures are not server fatal errors
docs: submitting-patches: Fix crossref to 'The canonical patch format'
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
tpm: Fix buffer access in tpm2_get_tpm_pt()
HID: multitouch: add quirks to enable Lenovo X12 trackpoint
HID: multitouch: Add support for Google Whiskers Touchpad
raid5: introduce MD_BROKEN
dm verity: set DM_TARGET_IMMUTABLE feature flag
dm stats: add cond_resched when looping over entries
dm crypt: make printing of the key constant-time
dm integrity: fix error code in dm_integrity_ctr()
ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries
Bluetooth: hci_qca: Use del_timer_sync() before freeing
zsmalloc: fix races between asynchronous zspage free and page migration
crypto: ecrdsa - Fix incorrect use of vli_cmp
crypto: caam - fix i.MX6SX entropy delay value
...
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/security.c | 2 | ||||
-rw-r--r-- | security/selinux/nlmsgtab.c | 4 | ||||
-rw-r--r-- | security/selinux/ss/hashtab.c | 3 |
3 files changed, 7 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c index d9d42d64f89f..360706cdabab 100644 --- a/security/security.c +++ b/security/security.c @@ -59,10 +59,12 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { [LOCKDOWN_DEBUGFS] = "debugfs access", [LOCKDOWN_XMON_WR] = "xmon write access", [LOCKDOWN_BPF_WRITE_USER] = "use of bpf to write user RAM", + [LOCKDOWN_DBG_WRITE_KERNEL] = "use of kgdb/kdb to write kernel RAM", [LOCKDOWN_INTEGRITY_MAX] = "integrity", [LOCKDOWN_KCORE] = "/proc/kcore access", [LOCKDOWN_KPROBES] = "use of kprobes", [LOCKDOWN_BPF_READ] = "use of bpf to read kernel RAM", + [LOCKDOWN_DBG_READ_KERNEL] = "use of kgdb/kdb to read kernel RAM", [LOCKDOWN_PERF] = "unsafe use of perf", [LOCKDOWN_TRACEFS] = "use of tracefs", [LOCKDOWN_XMON_RW] = "xmon read and write access", diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index b69231918686..c4fb57e90b6a 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c @@ -123,6 +123,8 @@ static const struct nlmsg_perm nlmsg_xfrm_perms[] = { XFRM_MSG_NEWSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, { XFRM_MSG_GETSPDINFO, NETLINK_XFRM_SOCKET__NLMSG_READ }, { XFRM_MSG_MAPPING, NETLINK_XFRM_SOCKET__NLMSG_READ }, + { XFRM_MSG_SETDEFAULT, NETLINK_XFRM_SOCKET__NLMSG_WRITE }, + { XFRM_MSG_GETDEFAULT, NETLINK_XFRM_SOCKET__NLMSG_READ }, }; static const struct nlmsg_perm nlmsg_audit_perms[] = @@ -186,7 +188,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm) * structures at the top of this file with the new mappings * before updating the BUILD_BUG_ON() macro! */ - BUILD_BUG_ON(XFRM_MSG_MAX != XFRM_MSG_MAPPING); + BUILD_BUG_ON(XFRM_MSG_MAX != XFRM_MSG_GETDEFAULT); err = nlmsg_perm(nlmsg_type, perm, nlmsg_xfrm_perms, sizeof(nlmsg_xfrm_perms)); break; diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c index 7335f67ce54e..e8960a59586c 100644 --- a/security/selinux/ss/hashtab.c +++ b/security/selinux/ss/hashtab.c @@ -178,7 +178,8 @@ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig, kmem_cache_free(hashtab_node_cachep, cur); } } - kmem_cache_free(hashtab_node_cachep, new); + kfree(new->htable); + memset(new, 0, sizeof(*new)); return -ENOMEM; } |