xavi/android_kernel_m2note/net/netlink, branch ng-7.1.2

netlink: fix uninit-value in netlink_sendmsg

2019-05-03T16:56:20+00:00

commit 6091f09c2f79730d895149bcfe3d66140288cd0e upstream. syzbot reported : BUG: KMSAN: uninit-value in ffs arch/x86/include/asm/bitops.h:432 [inline] BUG: KMSAN: uninit-value in netlink_sendmsg+0xb26/0x1310 net/netlink/af_netlink.c:1851 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Change-Id: I65447ae00ea872c090e506fee72b9e5f2171748b Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings

netlink: make sure nladdr has correct size in netlink_connect()

2019-05-03T16:54:38+00:00

commit 7880287981b60a6808f39f297bb66936e8bdf57a upstream. KMSAN reports use of uninitialized memory in the case when |alen| is smaller than sizeof(struct sockaddr_nl), and therefore |nladdr| isn't fully copied from the userspace. Change-Id: I86efa7b5e35e21ef51da3a3d18d834421cb37895 Signed-off-by: Alexander Potapenko Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2") Reviewed-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Ben Hutchings

net: Fix permission check in netlink_connect()

2019-05-03T16:54:26+00:00

netlink_sendmsg() was changed to prevent non-root processes from sending messages with dst_pid != 0. netlink_connect() however still only checks if nladdr->nl_groups is set. This patch modifies netlink_connect() to check for the same condition. Change-Id: I3179755947077de1d2a92a7573fbdac65314e6dc Signed-off-by: Mike Pecovnik Signed-off-by: David S. Miller

Replace with globally

2018-11-29T16:49:05+00:00

This was entirely automated, using the script by Al: PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*' sed -i -e "s!$PATT!#include !" \ $(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h) to do the replacement at the end of the merge window. Requested-by: Al Viro Signed-off-by: Linus Torvalds Signed-off-by: Moyster

BACKPORT: netlink: add a start callback for starting a netlink dump

2018-04-13T12:50:23+00:00

commit fc9e50f5a5a4e1fa9ba2756f745a13e693cf6a06 upstream. The start callback allows the caller to set up a context for the dump callbacks. Presumably, the context can then be destroyed in the done callback. Signed-off-by: Tom Herbert Signed-off-by: David S. Miller Cc: Guenter Roeck Signed-off-by: Greg Kroah-Hartman (cherry picked from commit 142afbc6b2f33832f332ce5b561aa817edfff0b4) Change-Id: Ibaaffde651e76be2defeaa081ae56ca9e8f93602

UPSTREAM: genetlink: fix usage of NLM_F_EXCL or NLM_F_REPLACE

2018-04-13T12:47:21+00:00

Currently, it is not possible to use neither NLM_F_EXCL nor NLM_F_REPLACE from genetlink. This is due to this checking in genl_family_rcv_msg: if (nlh->nlmsg_flags & NLM_F_DUMP) NLM_F_DUMP is NLM_F_MATCH|NLM_F_ROOT. Thus, if NLM_F_EXCL or NLM_F_REPLACE flag is set, genetlink believes that you're requesting a dump and it calls the .dumpit callback. The solution that I propose is to refine this checking to make it stricter: if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) And given the combination NLM_F_REPLACE and NLM_F_EXCL does not make sense to me, it removes the ambiguity. There was a patch that tried to fix this some time ago (0ab03c2 netlink: test for all flags of the NLM_F_DUMP composite) but it tried to resolve this ambiguity in *all* existing netlink subsystems, not only genetlink. That patch was reverted since it broke iproute2, which is using NLM_F_ROOT to request the dump of the routing cache. Signed-off-by: Pablo Neira Ayuso Signed-off-by: David S. Miller (cherry picked from commit e1ee3673a83cc02b6b5e43c9e647d8dd5e1c4e26) Change-Id: I1e7dfdfb1accfd22a171eb9a9a993e5b191dd27f

netlink: Queue the kernel socket after setting the flag.

2017-04-16T13:03:37+00:00

Queueing the socket after setting the NETLINK_KERNEL_SOCKET on the kernel socket. This change is required in-order to avoid the BUG check which is caused due to race condition between setting this flag and a message from the app space for this kernel netlink sock. Change-Id: I19a8edf2fe009a3020b194684a6172654f8f257a CRs-Fixed: 681815 Signed-off-by: Vinay Krishna Eranna

netlink: Fix dump skb leak/double free

2017-04-13T10:35:36+00:00

When we free cb->skb after a dump, we do it after releasing the lock. This means that a new dump could have started in the time being and we'll end up freeing their skb instead of ours. This patch saves the skb and module before we unlock so we free the right memory. Change-Id: Icdf8adc86b334c32d2f820b5b203989b294fb19f Fixes: 16b304f3404f ("netlink: Eliminate kmalloc in netlink dump operation.") Reported-by: Baozeng Ding Signed-off-by: Herbert Xu Acked-by: Cong Wang Signed-off-by: David S. Miller

netlink: Eliminate kmalloc in netlink dump operation.

2017-04-13T10:35:36+00:00

Following patch stores struct netlink_callback in netlink_sock to avoid allocating and freeing it on every netlink dump msg. Only one dump operation is allowed for a given socket at a time therefore we can safely convert cb pointer to cb struct inside netlink_sock. Change-Id: I376b6feef396010e3ebd98673a30518b62af9425 Signed-off-by: Pravin B Shelar Signed-off-by: David S. Miller

random: sprinkle e/f/prandom in places that deplete entropy often

2016-09-10T10:06:52+00:00