commit: 67c2e8751c49d2e96eeeda342993dbe62cff4869 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Fri Feb 11 12:36:49 2022 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Fri Feb 11 12:36:49 2022 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=67c2e875
Linux patch 4.19.229 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 ++ 1228_linux-4.19.229.patch | 122 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) diff --git a/0000_README b/0000_README index e1d00b7a..760533fa 100644 --- a/0000_README +++ b/0000_README @@ -951,6 +951,10 @@ Patch: 1227_linux-4.19.228.patch From: https://www.kernel.org Desc: Linux 4.19.228 +Patch: 1228_linux-4.19.229.patch +From: https://www.kernel.org +Desc: Linux 4.19.229 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1228_linux-4.19.229.patch b/1228_linux-4.19.229.patch new file mode 100644 index 00000000..58d708f7 --- /dev/null +++ b/1228_linux-4.19.229.patch @@ -0,0 +1,122 @@ +diff --git a/Makefile b/Makefile +index 1779149108cff..e8be2ea115da2 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 4 + PATCHLEVEL = 19 +-SUBLEVEL = 228 ++SUBLEVEL = 229 + EXTRAVERSION = + NAME = "People's Front" + +diff --git a/drivers/mmc/host/moxart-mmc.c b/drivers/mmc/host/moxart-mmc.c +index 5553a5643f405..5c81dc7371db7 100644 +--- a/drivers/mmc/host/moxart-mmc.c ++++ b/drivers/mmc/host/moxart-mmc.c +@@ -696,12 +696,12 @@ static int moxart_remove(struct platform_device *pdev) + if (!IS_ERR(host->dma_chan_rx)) + dma_release_channel(host->dma_chan_rx); + mmc_remove_host(mmc); +- mmc_free_host(mmc); + + writel(0, host->base + REG_INTERRUPT_MASK); + writel(0, host->base + REG_POWER_CONTROL); + writel(readl(host->base + REG_CLOCK_CONTROL) | CLK_OFF, + host->base + REG_CLOCK_CONTROL); ++ mmc_free_host(mmc); + } + return 0; + } +diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c +index 5456611874eb5..ced2b3f3547c6 100644 +--- a/kernel/cgroup/cgroup-v1.c ++++ b/kernel/cgroup/cgroup-v1.c +@@ -577,6 +577,14 @@ static ssize_t cgroup_release_agent_write(struct kernfs_open_file *of, + + BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX); + ++ /* ++ * Release agent gets called with all capabilities, ++ * require capabilities to set release agent. ++ */ ++ if ((of->file->f_cred->user_ns != &init_user_ns) || ++ !capable(CAP_SYS_ADMIN)) ++ return -EPERM; ++ + cgrp = cgroup_kn_lock_live(of->kn, false); + if (!cgrp) + return -ENODEV; +@@ -1048,6 +1056,7 @@ static int cgroup1_remount(struct kernfs_root *kf_root, int *flags, char *data) + { + int ret = 0; + struct cgroup_root *root = cgroup_root_from_kf(kf_root); ++ struct cgroup_namespace *ns = current->nsproxy->cgroup_ns; + struct cgroup_sb_opts opts; + u16 added_mask, removed_mask; + +@@ -1061,6 +1070,12 @@ static int cgroup1_remount(struct kernfs_root *kf_root, int *flags, char *data) + if (opts.subsys_mask != root->subsys_mask || opts.release_agent) + pr_warn("option changes via remount are deprecated (pid=%d comm=%s)\n", + task_tgid_nr(current), current->comm); ++ /* See cgroup1_mount release_agent handling */ ++ if (opts.release_agent && ++ ((ns->user_ns != &init_user_ns) || !capable(CAP_SYS_ADMIN))) { ++ ret = -EINVAL; ++ goto out_unlock; ++ } + + added_mask = opts.subsys_mask & ~root->subsys_mask; + removed_mask = root->subsys_mask & ~opts.subsys_mask; +@@ -1224,6 +1239,15 @@ struct dentry *cgroup1_mount(struct file_system_type *fs_type, int flags, + ret = -EPERM; + goto out_unlock; + } ++ /* ++ * Release agent gets called with all capabilities, ++ * require capabilities to set release agent. ++ */ ++ if (opts.release_agent && ++ ((ns->user_ns != &init_user_ns) || !capable(CAP_SYS_ADMIN))) { ++ ret = -EINVAL; ++ goto out_unlock; ++ } + + root = kzalloc(sizeof(*root), GFP_KERNEL); + if (!root) { +diff --git a/net/tipc/link.c b/net/tipc/link.c +index bd28ac7f2195a..0d2ee4eb131f5 100644 +--- a/net/tipc/link.c ++++ b/net/tipc/link.c +@@ -1579,13 +1579,16 @@ static int tipc_link_proto_rcv(struct tipc_link *l, struct sk_buff *skb, + u16 peers_tol = msg_link_tolerance(hdr); + u16 peers_prio = msg_linkprio(hdr); + u16 rcv_nxt = l->rcv_nxt; +- u16 dlen = msg_data_sz(hdr); ++ u32 dlen = msg_data_sz(hdr); + int mtyp = msg_type(hdr); + bool reply = msg_probe(hdr); + void *data; + char *if_name; + int rc = 0; + ++ if (dlen > U16_MAX) ++ goto exit; ++ + if (tipc_link_is_blocked(l) || !xmitq) + goto exit; + +diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c +index 23706ee166074..7b6c1c5c30dc8 100644 +--- a/net/tipc/monitor.c ++++ b/net/tipc/monitor.c +@@ -457,6 +457,8 @@ void tipc_mon_rcv(struct net *net, void *data, u16 dlen, u32 addr, + state->probing = false; + + /* Sanity check received domain record */ ++ if (new_member_cnt > MAX_MON_DOMAIN) ++ return; + if (dlen < dom_rec_len(arrv_dom, 0)) + return; + if (dlen != dom_rec_len(arrv_dom, new_member_cnt))
