Unnamed repository; edit this file 'description' to name the repository. https://gitea.privatedns.org/xavi/android_kernel_m2note/atom?h=o-8.1 2019-07-20T10:23:46+00:00 2019-07-20T10:23:46+00:00 Eric Dumazet edumazet@google.com 2019-06-16T00:40:56+00:00 urn:sha1:f49ffac5c216de8b6df43e3def979fd87d47833c commit f070ef2ac66716357066b683fb0baf55f8191a2e upstream. Jonathan Looney reported that a malicious peer can force a sender to fragment its retransmit queue into tiny skbs, inflating memory usage and/or overflow 32bit counters. TCP allows an application to queue up to sk_sndbuf bytes, so we need to give some allowance for non malicious splitting of retransmit queue. A new SNMP counter is added to monitor how many times TCP did not allow to split an skb if the allowance was exceeded. Note that this counter might increase in the case applications use SO_SNDBUF socket option to lower sk_sndbuf. CVE-2019-11478 : tcp_fragment, prevent fragmenting a packet when the socket is already using more than half the allowed space Change-Id: I594a9f68263f774fa6f0824042bc287bba6dc927 Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Jonathan Looney <jtl@netflix.com> Acked-by: Neal Cardwell <ncardwell@google.com> Acked-by: Yuchung Cheng <ycheng@google.com> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Cc: Bruce Curtis <brucec@netflix.com> Cc: Jonathan Lemon <jonathan.lemon@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-07-06T10:03:00+00:00 Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2013-07-24T20:44:02+00:00 urn:sha1:8a9a47f959d30b6aa72456ccf6bf5b5e0608a16e Since everybody sets kstrdup()ed constant string to "struct xattr"->name but nobody modifies "struct xattr"->name , we can omit kstrdup() and its failure checking by constifying ->name member of "struct xattr". Change-Id: I84a47af13e3c77b394218cc12ac8901d87b0fd69 Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Joel Becker <jlbec@evilplan.org> [ocfs2] Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Reviewed-by: Paul Moore <paul@paul-moore.com> Tested-by: Paul Moore <paul@paul-moore.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 2018-11-29T09:58:50+00:00 Martijn Coenen maco@android.com 2018-08-25T20:50:56+00:00 urn:sha1:b2adfccfb720b09fe21812bf5fcce7cb424fa540 This allows the context manager to retrieve information about nodes that it holds a reference to, such as the current number of references to those nodes. Such information can for example be used to determine whether the servicemanager is the only process holding a reference to a node. This information can then be passed on to the process holding the node, which can in turn decide whether it wants to shut down to reduce resource usage. Signed-off-by: Martijn Coenen <maco@android.com> 2018-05-16T13:44:33+00:00 fire855 thefire855@gmail.com 2018-01-14T00:08:30+00:00 urn:sha1:0c0d52db903cbb5119c8011cd1af0f4f0685bef0 This reverts commit 4383cfbb3fe503cff5d7384986eb1b1b34133c01. 2017-12-14T18:18:39+00:00 Satish Kodishala skodisha@codeaurora.org 2014-05-09T06:09:06+00:00 urn:sha1:74407c802f78116041a75f24e25872f8523f2960 Add support for copying length and userptr fields from user space private buffers to kernel space and vice versa. Change-Id: Ia7d41aa312544bb0960670af58623b0dc0435a8a Signed-off-by: Satish Kodishala <skodisha@codeaurora.org> 2017-11-18T18:14:56+00:00 Greg Kroah-Hartman gregkh@linuxfoundation.org 2017-09-19T13:07:17+00:00 urn:sha1:c3c1ef987f8ae0a66d484a1afdeea384fd6f2d04 commit bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb Andrey Konovalov reported a possible out-of-bounds problem for a USB interface association descriptor. He writes: It seems there's no proper size check of a USB_DT_INTERFACE_ASSOCIATION descriptor. It's only checked that the size is >= 2 in usb_parse_configuration(), so find_iad() might do out-of-bounds access to intf_assoc->bInterfaceCount. And he's right, we don't check for crazy descriptors of this type very well, so resolve this problem. Yet another issue found by syzkaller... Change-Id: I2cc3b5a66d16abd0fc567d69457fc90a45eb12d8 Reported-by: Andrey Konovalov <andreyknvl@google.com> Tested-by: Andrey Konovalov <andreyknvl@google.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2017-10-14T13:55:44+00:00 Lorenzo Colitti lorenzo@google.com 2017-08-10T17:11:33+00:00 urn:sha1:35df392e033b116bda3db0b444bfab95d285d706 On systems that use mark-based routing it may be necessary for routing lookups to use marks in order for packets to be routed correctly. An example of such a system is Android, which uses socket marks to route packets via different networks. Currently, routing lookups in tunnel mode always use a mark of zero, making routing incorrect on such systems. This patch adds a new output_mark element to the xfrm state and a corresponding XFRMA_OUTPUT_MARK netlink attribute. The output mark differs from the existing xfrm mark in two ways: 1. The xfrm mark is used to match xfrm policies and states, while the xfrm output mark is used to set the mark (and influence the routing) of the packets emitted by those states. 2. The existing mark is constrained to be a subset of the bits of the originating socket or transformed packet, but the output mark is arbitrary and depends only on the state. The use of a separate mark provides additional flexibility. For example: - A packet subject to two transforms (e.g., transport mode inside tunnel mode) can have two different output marks applied to it, one for the transport mode SA and one for the tunnel mode SA. - On a system where socket marks determine routing, the packets emitted by an IPsec tunnel can be routed based on a mark that is determined by the tunnel, not by the marks of the unencrypted packets. - Support for setting the output marks can be introduced without breaking any existing setups that employ both mark-based routing and xfrm tunnel mode. Simply changing the code to use the xfrm mark for routing output packets could xfrm mark could change behaviour in a way that breaks these setups. If the output mark is unspecified or set to zero, the mark is not set or changed. [backport of upstream 077fbac405bfc6d41419ad6c1725804ad4e9887c] Bug: 63589535 Test: https://android-review.googlesource.com/452776/ passes Tested: make allyesconfig; make -j64 Tested: https://android-review.googlesource.com/452776 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Change-Id: I76120fba036e21780ced31ad390faf491ea81e52 2017-10-04T13:53:17+00:00 Chao Yu yuchao0@huawei.com 2017-07-25T16:01:41+00:00 urn:sha1:d325963ab68359588df09e98532d632c528b449a This patch adds to support plain project quota. Signed-off-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> 2017-09-16T17:09:16+00:00 Tim Murray timmurray@google.com 2017-03-23T05:02:20+00:00 urn:sha1:7872edf0e328681e781eed97a744a61e38c19a10 Add a new ioctl to binder to control whether FIFO inheritance should happen. In particular, hwbinder should inherit FIFO priority from callers, but standard binder threads should not. Test: boots bug 36516194 Signed-off-by: Tim Murray <timmurray@google.com> Change-Id: I8100c4364b7d15d1bf00a8ca5c286e4d4b23ce85 2017-09-16T17:09:16+00:00 Lukas0610 mail@lukasberger.at 2017-09-15T21:26:55+00:00 urn:sha1:8ad3d9e51a317ef56817c2edb8c9ae3febf953aa Change-Id: I857ef86b2d502293fb8c37398383dceaa21dd29f Signed-off-by: Mister Oyster <oysterized@gmail.com>