1. 12 Sep, 2021 2 commits
    • Liu Jian's avatar
      igmp: Add ip_mc_list lock in ip_check_mc_rcu · 961447ff
      Liu Jian authored
      commit 23d2b940
      I got below panic when doing fuzz test:
      Kernel panic - not syncing: panic_on_warn set ...
      CPU: 0 PID: 4056 Comm: syz-executor.3 Tainted: G    B             5.14.0-rc1-00195-gcff5c4254439-dirty #2
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
      Call Trace:
      RIP: 0033:0x462eb9
      Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8
       48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48>
       3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
      RSP: 002b:00007f3df5af1c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
      RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462eb9
      RDX: 0000000000000312 RSI: 0000000020001700 RDI: 0000000000000007
      RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3df5af26bc
      R13: 00000000004c372d R14: 0000000000700b10 R15: 00000000ffffffff
      It is one use-after-free in ip_check_mc_rcu.
      In ip_mc_del_src, the ip_sf_list of pmc has been freed under pmc->lock protection.
      But access to ip_sf_list in ip_check_mc_rcu is not protected by the lock.
      Signed-off-by: default avatarLiu Jian <liujian56@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarLee Jones <lee.jones@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Hans de Goede's avatar
      firmware: dmi: Move product_sku info to the end of the modalias · fa2dd4cd
      Hans de Goede authored
      commit f97a2103 upstream.
      Commit e26f023e ("firmware/dmi: Include product_sku info to modalias")
      added a new field to the modalias in the middle of the modalias, breaking
      some existing udev/hwdb matches on the whole modalias without a wildcard
      ('*') in between the pvr and rvn fields.
      All modalias matches in e.g. :
      deliberately end in ':*' so that new fields can be added at *the end* of
      the modalias, but adding a new field in the middle like this breaks things.
      Move the new sku field to the end of the modalias to fix some hwdb
      entries no longer matching.
      The new sku field has already been put to use in 2 new hwdb entries:
      The wildcard use before and after the sku in these matches means that they
      should keep working with the sku moved to the end.
      Note that there is a second instance of in essence the same problem,
      commit f5152f4d ("firmware/dmi: Report DMI Bios & EC firmware release")
      Added 2 new br and efr fields in the middle of the modalias. This too
      breaks some hwdb modalias matches, but this has gone unnoticed for over
      a year. So some newer hwdb modalias matches actually depend on these
      fields being in the middle of the string. Moving these to the end now
      would break 3 hwdb entries, while fixing 8 entries.
      Since there is no good answer for the new br and efr fields I have chosen
      to leave these as is. Instead I'll submit a hwdb update to put a wildcard
      at the place where these fields may or may not be present depending on the
      kernel version.
      BugLink: https://github.com/systemd/systemd/issues/20550
      Link: https://github.com/systemd/systemd/pull/20562
      Fixes: e26f023e
       ("firmware/dmi: Include product_sku info to modalias")
      Cc: stable@vger.kernel.org
      Cc: Kai-Chuan Hsieh <kaichuan.hsieh@canonical.com>
      Cc: Erwan Velu <e.velu@criteo.com>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarJean Delvare <jdelvare@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
  2. 08 Sep, 2021 25 commits
  3. 03 Sep, 2021 13 commits