Merge remote-tracking branch 'origin/f36' into f36-user-thl-vanilla-fedora

author: Thorsten Leemhuis <fedora@leemhuis.info> 2022-08-11 17:41:32 +0200
committer: Thorsten Leemhuis <fedora@leemhuis.info> 2022-08-11 17:41:32 +0200
commit: 004d836281bad4bdf858b14c2fb7f993566d0387 (patch)
tree: e2ae2e3e664b6cef4dbf3c714f469c536a682864
parent: f38aa32341cbc676a1eb5cae57b8ca0882bd20a8 (diff)
parent: e3d1b985a1b9ba34c99fb54b17b836044e0676d5 (diff)
download: kernel-004d836281bad4bdf858b14c2fb7f993566d0387.tar.gz
kernel-004d836281bad4bdf858b14c2fb7f993566d0387.tar.xz
kernel-004d836281bad4bdf858b14c2fb7f993566d0387.zip
4 files changed, 163 insertions, 8 deletions
diff --git a/Patchlist.changelog b/Patchlist.changelog
index 7e374847f..78dcd535a 100644
--- a/Patchlist.changelog
+++ b/Patchlist.changelog
@@ -1,3 +1,18 @@
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/9602f79ee66be0de1e67917bfc95252c6e596a9c
+ 9602f79ee66be0de1e67917bfc95252c6e596a9c netfilter: nf_tables: do not allow RULE_ID to refer to another chain
+
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/659e3d168cadf504f65adc830287592f0397f8d4
+ 659e3d168cadf504f65adc830287592f0397f8d4 netfilter: nf_tables: do not allow CHAIN_ID to refer to another table
+
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/29e6901364bcdd9d664b3a5bb142063710f66745
+ 29e6901364bcdd9d664b3a5bb142063710f66745 netfilter: nf_tables: do not allow SET_ID to refer to another table
+
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/2aff526ed9ac346017df36be2ee8cf3cb08a85f0
+ 2aff526ed9ac346017df36be2ee8cf3cb08a85f0 net_sched: cls_route: remove from list when handle is 0
+
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/5bd3fa9e52be0ddcacde0c305a19e500f9572606
+ 5bd3fa9e52be0ddcacde0c305a19e500f9572606 posix-cpu-timers: Cleanup CPU timers before freeing them during exec
+
 "https://gitlab.com/cki-project/kernel-ark/-/commit"/f014b0b869404c24a955539ae044dae72f639cce
  f014b0b869404c24a955539ae044dae72f639cce um: Add missing apply_returns()
 
diff --git a/kernel.spec b/kernel.spec
index afb722168..5915c9ea3 100755
--- a/kernel.spec
+++ b/kernel.spec
@@ -127,11 +127,11 @@ Summary: The Linux kernel
 #  the --with-release option overrides this setting.)
 %define debugbuildsenabled 1
 # define buildid .local
-%define specversion 5.18.16
+%define specversion 5.18.17
 %define patchversion 5.18
 %define pkgrelease 200
 %define kversion 5
-%define tarfile_release 5.18.16
+%define tarfile_release 5.18.17
 # This is needed to do merge window version magic
 %define patchlevel 18
 # allow pkg_release to have configurable %%{?dist} tag
@@ -3041,7 +3041,12 @@ fi
 #
 #
 %changelog
-* Wed Aug 03 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.18.16-200]
+* Thu Aug 11 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.18.17-0]
+- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo)
+- netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo)
+- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo)
+- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo)
+- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo)
 - Linux v5.18.16 (Justin M. Forbes)
 
 * Wed Aug 03 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.18.16-0]
diff --git a/patch-5.18-redhat.patch b/patch-5.18-redhat.patch
index 2dd9176fe..c9afbe732 100644
--- a/patch-5.18-redhat.patch
+++ b/patch-5.18-redhat.patch
@@ -30,6 +30,7 @@
  drivers/nvme/host/nvme.h                           |   4 +
  drivers/pci/quirks.c                               |  24 ++++
  drivers/usb/core/hub.c                             |   7 ++
+ fs/exec.c                                          |   3 +
  include/linux/efi.h                                |  24 ++--
  include/linux/lsm_hook_defs.h                      |   2 +
  include/linux/lsm_hooks.h                          |   6 +
@@ -37,15 +38,17 @@
  include/linux/security.h                           |   5 +
  init/Kconfig                                       |   2 +-
  kernel/module_signing.c                            |   9 +-
+ net/netfilter/nf_tables_api.c                      |  17 ++-
+ net/sched/cls_route.c                              |   2 +-
  scripts/tags.sh                                    |   2 +
  security/integrity/platform_certs/load_uefi.c      |   6 +-
  security/lockdown/Kconfig                          |  13 +++
  security/lockdown/lockdown.c                       |   1 +
  security/security.c                                |   6 +
- 44 files changed, 721 insertions(+), 191 deletions(-)
+ 47 files changed, 737 insertions(+), 197 deletions(-)
 
 diff --git a/Makefile b/Makefile
-index 18bcbcd037f0..0d3bf7d650c0 100644
+index ef8c18e5c161..81900a28f77b 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
@@ -1516,6 +1519,20 @@ index 1460857026e0..7e1964891089 100644
  	/* Lock the device, then check to see if we were
  	 * disconnected while waiting for the lock to succeed. */
  	usb_lock_device(hdev);
+diff --git a/fs/exec.c b/fs/exec.c
+index 5a75e92b1a0a..a9f5acf8f0ec 100644
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -1297,6 +1297,9 @@ int begin_new_exec(struct linux_binprm * bprm)
+ 	bprm->mm = NULL;
+
+ #ifdef CONFIG_POSIX_TIMERS
++	spin_lock_irq(&me->sighand->siglock);
++	posix_cpu_timers_exit(me);
++	spin_unlock_irq(&me->sighand->siglock);
+ 	exit_itimers(me);
+ 	flush_itimer_signals();
+ #endif
 diff --git a/include/linux/efi.h b/include/linux/efi.h
 index cc6d2be2ffd5..418d814d2eb7 100644
 --- a/include/linux/efi.h
@@ -1699,6 +1716,124 @@ index 8723ae70ea1f..fb2d773498c2 100644
 +	}
 +	return ret;
  }
+diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
+index de3dc35ce609..30dd77d58f20 100644
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -2472,6 +2472,7 @@ static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy,
+ }
+
+ static struct nft_chain *nft_chain_lookup_byid(const struct net *net,
++					       const struct nft_table *table,
+ 					       const struct nlattr *nla)
+ {
+ 	struct nftables_pernet *nft_net = nft_pernet(net);
+@@ -2482,6 +2483,7 @@ static struct nft_chain *nft_chain_lookup_byid(const struct net *net,
+ 		struct nft_chain *chain = trans->ctx.chain;
+
+ 		if (trans->msg_type == NFT_MSG_NEWCHAIN &&
++		    chain->table == table &&
+ 		    id == nft_trans_chain_id(trans))
+ 			return chain;
+ 	}
+@@ -3369,6 +3371,7 @@ static int nft_table_validate(struct net *net, const struct nft_table *table)
+ }
+
+ static struct nft_rule *nft_rule_lookup_byid(const struct net *net,
++					     const struct nft_chain *chain,
+ 					     const struct nlattr *nla);
+
+ #define NFT_RULE_MAXEXPRS	128
+@@ -3415,7 +3418,7 @@ static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info,
+ 			return -EOPNOTSUPP;
+
+ 	} else if (nla[NFTA_RULE_CHAIN_ID]) {
+-		chain = nft_chain_lookup_byid(net, nla[NFTA_RULE_CHAIN_ID]);
++		chain = nft_chain_lookup_byid(net, table, nla[NFTA_RULE_CHAIN_ID]);
+ 		if (IS_ERR(chain)) {
+ 			NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_CHAIN_ID]);
+ 			return PTR_ERR(chain);
+@@ -3457,7 +3460,7 @@ static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info,
+ 				return PTR_ERR(old_rule);
+ 			}
+ 		} else if (nla[NFTA_RULE_POSITION_ID]) {
+-			old_rule = nft_rule_lookup_byid(net, nla[NFTA_RULE_POSITION_ID]);
++			old_rule = nft_rule_lookup_byid(net, chain, nla[NFTA_RULE_POSITION_ID]);
+ 			if (IS_ERR(old_rule)) {
+ 				NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_POSITION_ID]);
+ 				return PTR_ERR(old_rule);
+@@ -3602,6 +3605,7 @@ static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info,
+ }
+
+ static struct nft_rule *nft_rule_lookup_byid(const struct net *net,
++					     const struct nft_chain *chain,
+ 					     const struct nlattr *nla)
+ {
+ 	struct nftables_pernet *nft_net = nft_pernet(net);
+@@ -3612,6 +3616,7 @@ static struct nft_rule *nft_rule_lookup_byid(const struct net *net,
+ 		struct nft_rule *rule = nft_trans_rule(trans);
+
+ 		if (trans->msg_type == NFT_MSG_NEWRULE &&
++		    trans->ctx.chain == chain &&
+ 		    id == nft_trans_rule_id(trans))
+ 			return rule;
+ 	}
+@@ -3661,7 +3666,7 @@ static int nf_tables_delrule(struct sk_buff *skb, const struct nfnl_info *info,
+
+ 			err = nft_delrule(&ctx, rule);
+ 		} else if (nla[NFTA_RULE_ID]) {
+-			rule = nft_rule_lookup_byid(net, nla[NFTA_RULE_ID]);
++			rule = nft_rule_lookup_byid(net, chain, nla[NFTA_RULE_ID]);
+ 			if (IS_ERR(rule)) {
+ 				NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_ID]);
+ 				return PTR_ERR(rule);
+@@ -3840,6 +3845,7 @@ static struct nft_set *nft_set_lookup_byhandle(const struct nft_table *table,
+ }
+
+ static struct nft_set *nft_set_lookup_byid(const struct net *net,
++					   const struct nft_table *table,
+ 					   const struct nlattr *nla, u8 genmask)
+ {
+ 	struct nftables_pernet *nft_net = nft_pernet(net);
+@@ -3851,6 +3857,7 @@ static struct nft_set *nft_set_lookup_byid(const struct net *net,
+ 			struct nft_set *set = nft_trans_set(trans);
+
+ 			if (id == nft_trans_set_id(trans) &&
++			    set->table == table &&
+ 			    nft_active_genmask(set, genmask))
+ 				return set;
+ 		}
+@@ -3871,7 +3878,7 @@ struct nft_set *nft_set_lookup_global(const struct net *net,
+ 		if (!nla_set_id)
+ 			return set;
+
+-		set = nft_set_lookup_byid(net, nla_set_id, genmask);
++		set = nft_set_lookup_byid(net, table, nla_set_id, genmask);
+ 	}
+ 	return set;
+ }
+@@ -9595,7 +9602,7 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
+ 						 tb[NFTA_VERDICT_CHAIN],
+ 						 genmask);
+ 		} else if (tb[NFTA_VERDICT_CHAIN_ID]) {
+-			chain = nft_chain_lookup_byid(ctx->net,
++			chain = nft_chain_lookup_byid(ctx->net, ctx->table,
+ 						      tb[NFTA_VERDICT_CHAIN_ID]);
+ 			if (IS_ERR(chain))
+ 				return PTR_ERR(chain);
+diff --git a/net/sched/cls_route.c b/net/sched/cls_route.c
+index a35ab8c27866..3f935cbbaff6 100644
+--- a/net/sched/cls_route.c
++++ b/net/sched/cls_route.c
+@@ -526,7 +526,7 @@ static int route4_change(struct net *net, struct sk_buff *in_skb,
+ 	rcu_assign_pointer(f->next, f1);
+ 	rcu_assign_pointer(*fp, f);
+
+-	if (fold && fold->handle && f->handle != fold->handle) {
++	if (fold) {
+ 		th = to_hash(fold->handle);
+ 		h = from_hash(fold->handle >> 16);
+ 		b = rtnl_dereference(head->table[th]);
 diff --git a/scripts/tags.sh b/scripts/tags.sh
 index 16d475b3e203..4e333f14b84e 100755
 --- a/scripts/tags.sh
diff --git a/sources b/sources
index 826fc1829..ca4db52f7 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-5.18.16.tar.xz) = 57f6ccbbc3dfe08ae171737b389b3e25577c893d32ff73e97eae36ce44f97aae254862c0234f3e5f84f8512c2ed20f5fd45f57a06a4ea5e76cdeda7ba421782e
-SHA512 (kernel-abi-stablelists-5.18.16-200.tar.bz2) = d7e2b5a7bf24edff408232d5682384925386183312f9ae2730a1da727b11c37baa619f286332341a97e209f786987ac60b7c1fba2d396bcc5026788a35769425
-SHA512 (kernel-kabi-dw-5.18.16-200.tar.bz2) = f018d6d055f1683900bf23135e8ebebebb511494136b807c29a939f591d3f864bd8f6843724c08f9427247a157487edfd2951fc0500f178041a3a9468ae0d98b
+SHA512 (linux-5.18.17.tar.xz) = fb838f8f93faf83a41d9f42178c1ccd296d2a9e10fd1508f868e3e6d0bae4ebe2fb6ec2537cc3a6c955aec4520f402f53066e769c5be9244410fd3ae47b49faa
+SHA512 (kernel-abi-stablelists-5.18.17-200.tar.bz2) = 1bb833a38b5ac70988e69645bc18045f2df011652f48afb8f073ae393694fec024aaae0999cb606888d99bb010b135c415907c8068649c616a8d939e2b3a3206
+SHA512 (kernel-kabi-dw-5.18.17-200.tar.bz2) = a7bae8b6c6e312475257435f33510d725374b213998d439aaa786c68255871715c4d300738dd72d7eb943989f690e1c0fc73108c0ee329dd5c7f3da8d5239920
author	Thorsten Leemhuis <fedora@leemhuis.info>	2022-08-11 17:41:32 +0200
committer	Thorsten Leemhuis <fedora@leemhuis.info>	2022-08-11 17:41:32 +0200
commit	004d836281bad4bdf858b14c2fb7f993566d0387 (patch)
tree	e2ae2e3e664b6cef4dbf3c714f469c536a682864
parent	f38aa32341cbc676a1eb5cae57b8ca0882bd20a8 (diff)
parent	e3d1b985a1b9ba34c99fb54b17b836044e0676d5 (diff)
download	kernel-004d836281bad4bdf858b14c2fb7f993566d0387.tar.gz kernel-004d836281bad4bdf858b14c2fb7f993566d0387.tar.xz kernel-004d836281bad4bdf858b14c2fb7f993566d0387.zip