Projects
openEuler:20.03:LTS:SP1
kernel
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 347
View file
_service:tar_scm_kernel_repo:kernel.spec
Changed
@@ -12,7 +12,7 @@ %global KernelVer %{version}-%{release}.%{_target_cpu} -%global hulkrelease 2401.3.0 +%global hulkrelease 2401.4.0 %define with_patch 0 @@ -32,7 +32,7 @@ Name: kernel Version: 4.19.90 -Release: %{hulkrelease}.0234 +Release: %{hulkrelease}.0235 Summary: Linux Kernel License: GPLv2 URL: http://www.kernel.org/ @@ -809,6 +809,12 @@ %changelog +* Tue Jan 16 2024 Zhang Changzhong <zhangchangzhong@huawei.com> - 4.19.90-2401.4.0.0235 +- !4006 crypto: hisilicon/sec2: fix memory use-after-free issue +- crypto: hisilicon/sec2: fix memory use-after-free issue +- !3923 net: bridge: multicast: fix UAF of net_bridge +- net: bridge: multicast: fix UAF of net_bridge + * Tue Jan 09 2024 Zhang Changzhong <zhangchangzhong@huawei.com> - 4.19.90-2401.3.0.0234 - !3768 iomap: add support to track dirty state of sub pages - !3845 netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/drivers/crypto/hisilicon/sec2/sec.h
Changed
@@ -39,7 +39,6 @@ struct sec_qp_ctx *qp_ctx; struct sec_cipher_req c_req; - struct list_head backlog_head; int err_type; int req_id; @@ -89,7 +88,6 @@ struct sec_alg_res res[QM_Q_DEPTH]; struct sec_ctx *ctx; spinlock_t req_lock; - struct list_head backlog; struct hisi_acc_sgl_pool *c_in_pool; struct hisi_acc_sgl_pool *c_out_pool; };
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/drivers/crypto/hisilicon/sec2/sec_crypto.c
Changed
@@ -180,10 +180,10 @@ ret = hisi_qp_send(qp_ctx->qp, &req->sec_sqe); if (ctx->fake_req_limit <= atomic_read(&qp_ctx->qp->qp_status.used) && !ret) { - list_add_tail(&req->backlog_head, &qp_ctx->backlog); + req->fake_busy = true; + spin_unlock_bh(&qp_ctx->req_lock); atomic64_inc(&ctx->sec->debug.dfx.send_cnt); atomic64_inc(&ctx->sec->debug.dfx.send_busy_cnt); - spin_unlock_bh(&qp_ctx->req_lock); return -EBUSY; } spin_unlock_bh(&qp_ctx->req_lock); @@ -322,7 +322,6 @@ spin_lock_init(&qp_ctx->req_lock); idr_init(&qp_ctx->req_idr); - INIT_LIST_HEAD(&qp_ctx->backlog); qp_ctx->c_in_pool = hisi_acc_create_sgl_pool(dev, QM_Q_DEPTH, SEC_SGL_SGE_NR); @@ -832,31 +831,10 @@ dev_err(SEC_CTX_DEV(req->ctx), "copy output iv error!\n"); } -static struct sec_req *sec_back_req_clear(struct sec_ctx *ctx, - struct sec_qp_ctx *qp_ctx) -{ - struct sec_req *backlog_req = NULL; - - spin_lock_bh(&qp_ctx->req_lock); - if (ctx->fake_req_limit >= - atomic_read(&qp_ctx->qp->qp_status.used) && - !list_empty(&qp_ctx->backlog)) { - backlog_req = list_first_entry(&qp_ctx->backlog, - typeof(*backlog_req), backlog_head); - list_del(&backlog_req->backlog_head); - } - spin_unlock_bh(&qp_ctx->req_lock); - - return backlog_req; -} - static void sec_skcipher_callback(struct sec_ctx *ctx, struct sec_req *req, int err) { struct skcipher_request *sk_req = req->c_req.sk_req; - struct sec_qp_ctx *qp_ctx = req->qp_ctx; - struct skcipher_request *backlog_sk_req; - struct sec_req *backlog_req; sec_free_req_id(req); @@ -864,14 +842,8 @@ if (!err && ctx->c_ctx.c_mode == SEC_CMODE_CBC && req->c_req.encrypt) sec_update_iv(req, SEC_SKCIPHER); - while (1) { - backlog_req = sec_back_req_clear(ctx, qp_ctx); - if (!backlog_req) - break; - - backlog_sk_req = backlog_req->c_req.sk_req; - backlog_sk_req->base.complete(&backlog_sk_req->base, - -EINPROGRESS); + if (req->fake_busy) { + sk_req->base.complete(&sk_req->base, -EINPROGRESS); atomic64_inc(&ctx->sec->debug.dfx.recv_busy_cnt); } @@ -1017,6 +989,7 @@ req->c_req.sk_req = sk_req; req->c_req.encrypt = encrypt; req->ctx = ctx; + req->fake_busy = false; ret = sec_skcipher_param_check(ctx, req); if (unlikely(ret))
View file
_service:recompress:tar_scm_kernel_repo:kernel.tar.gz/net/bridge/br_multicast.c
Changed
@@ -2068,6 +2068,7 @@ out: spin_unlock_bh(&br->multicast_lock); + br_multicast_stop(br); } int br_multicast_set_router(struct net_bridge *br, unsigned long val)
View file
_service:tar_scm_kernel_repo:SOURCE
Changed
@@ -1 +1 @@ -4.19.90-2401.3.0 +4.19.90-2401.4.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.