April 2021 - Linux-stable-mirror

[PATCH 14/24] USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check

by Johan Hovold

Changing the port closing-wait parameter is a privileged operation so make sure to return -EPERM if a regular user tries to change it. Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/ti_usb_3410_5052.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/usb/serial/ti_usb_3410_5052.c b/drivers/usb/serial/ti_usb_3410_5052.c index 4b497c1e850b..bb50098a0ce6 100644 --- a/drivers/usb/serial/ti_usb_3410_5052.c +++ b/drivers/usb/serial/ti_usb_3410_5052.c @@ -1418,14 +1418,19 @@ static int ti_set_serial_info(struct tty_struct *tty, struct serial_struct *ss) { struct usb_serial_port *port = tty->driver_data; - struct ti_port *tport = usb_get_serial_port_data(port); + struct tty_port *tport = &port->port; unsigned cwait; cwait = ss->closing_wait; if (cwait != ASYNC_CLOSING_WAIT_NONE) cwait = msecs_to_jiffies(10 * ss->closing_wait); - tport->tp_port->port.closing_wait = cwait; + if (!capable(CAP_SYS_ADMIN)) { + if (cwait != tport->closing_wait) + return -EPERM; + } + + tport->closing_wait = cwait; return 0; } -- 2.26.3

3 years, 10 months

1
0
0 0

[PATCH 14/16] tty: mxser: fix TIOCSSERIAL permission check

by Johan Hovold

Changing the port type and closing_wait parameter are privileged operations so make sure to return -EPERM if a regular user tries to change them. Note that the closing_wait parameter would not actually have been changed but the return value did not indicate that. Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/tty/mxser.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/tty/mxser.c b/drivers/tty/mxser.c index 914b23071961..2d8e76263a25 100644 --- a/drivers/tty/mxser.c +++ b/drivers/tty/mxser.c @@ -1270,6 +1270,7 @@ static int mxser_set_serial_info(struct tty_struct *tty, if (!capable(CAP_SYS_ADMIN)) { if ((ss->baud_base != info->baud_base) || (close_delay != info->port.close_delay) || + (closing_wait != info->port.closing_wait) || ((ss->flags & ~ASYNC_USR_MASK) != (info->port.flags & ~ASYNC_USR_MASK))) { mutex_unlock(&port->mutex); return -EPERM; @@ -1296,11 +1297,11 @@ static int mxser_set_serial_info(struct tty_struct *tty, baud = ss->baud_base / ss->custom_divisor; tty_encode_baud_rate(tty, baud, baud); } - } - info->type = ss->type; + info->type = ss->type; - process_txrx_fifo(info); + process_txrx_fifo(info); + } if (tty_port_initialized(port)) { if (flags != (port->flags & ASYNC_SPD_MASK)) { -- 2.26.3

3 years, 10 months

1
0
0 0

[PATCH 13/16] tty: mxser: fix TIOCSSERIAL jiffies conversions

by Johan Hovold

The port close_delay and closing wait parameters set by TIOCSSERIAL are specified in jiffies, while the values returned by TIOCGSERIAL are specified in centiseconds. Add the missing conversions so that TIOCSSERIAL works as expected also when HZ is not 100. Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/tty/mxser.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/drivers/tty/mxser.c b/drivers/tty/mxser.c index 4203b64bccdb..914b23071961 100644 --- a/drivers/tty/mxser.c +++ b/drivers/tty/mxser.c @@ -1208,19 +1208,26 @@ static int mxser_get_serial_info(struct tty_struct *tty, { struct mxser_port *info = tty->driver_data; struct tty_port *port = &info->port; + unsigned int closing_wait, close_delay; if (tty->index == MXSER_PORTS) return -ENOTTY; mutex_lock(&port->mutex); + + close_delay = jiffies_to_msecs(info->port.close_delay) / 10; + closing_wait = info->port.closing_wait; + if (closing_wait != ASYNC_CLOSING_WAIT_NONE) + closing_wait = jiffies_to_msecs(closing_wait) / 10; + ss->type = info->type, ss->line = tty->index, ss->port = info->ioaddr, ss->irq = info->board->irq, ss->flags = info->port.flags, ss->baud_base = info->baud_base, - ss->close_delay = info->port.close_delay, - ss->closing_wait = info->port.closing_wait, + ss->close_delay = close_delay; + ss->closing_wait = closing_wait; ss->custom_divisor = info->custom_divisor, mutex_unlock(&port->mutex); return 0; @@ -1233,7 +1240,7 @@ static int mxser_set_serial_info(struct tty_struct *tty, struct tty_port *port = &info->port; speed_t baud; unsigned long sl_flags; - unsigned int flags; + unsigned int flags, close_delay, closing_wait; int retval = 0; if (tty->index == MXSER_PORTS) @@ -1255,9 +1262,14 @@ static int mxser_set_serial_info(struct tty_struct *tty, flags = port->flags & ASYNC_SPD_MASK; + close_delay = msecs_to_jiffies(ss->close_delay * 10); + closing_wait = ss->closing_wait; + if (closing_wait != ASYNC_CLOSING_WAIT_NONE) + closing_wait = msecs_to_jiffies(closing_wait * 10); + if (!capable(CAP_SYS_ADMIN)) { if ((ss->baud_base != info->baud_base) || - (ss->close_delay != info->port.close_delay) || + (close_delay != info->port.close_delay) || ((ss->flags & ~ASYNC_USR_MASK) != (info->port.flags & ~ASYNC_USR_MASK))) { mutex_unlock(&port->mutex); return -EPERM; @@ -1271,8 +1283,8 @@ static int mxser_set_serial_info(struct tty_struct *tty, */ port->flags = ((port->flags & ~ASYNC_FLAGS) | (ss->flags & ASYNC_FLAGS)); - port->close_delay = ss->close_delay * HZ / 100; - port->closing_wait = ss->closing_wait * HZ / 100; + port->close_delay = close_delay; + port->closing_wait = closing_wait; if ((port->flags & ASYNC_SPD_MASK) == ASYNC_SPD_CUST && (ss->baud_base != info->baud_base || ss->custom_divisor != -- 2.26.3

3 years, 10 months

1
0
0 0

[PATCH 11/16] tty: moxa: fix TIOCSSERIAL permission check

by Johan Hovold

Changing the port close delay or type are privileged operations so make sure to return -EPERM if a regular user tries to change them. Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/tty/moxa.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c index 5b7bc7af8b1e..63e440d900ff 100644 --- a/drivers/tty/moxa.c +++ b/drivers/tty/moxa.c @@ -2048,6 +2048,7 @@ static int moxa_set_serial_info(struct tty_struct *tty, struct serial_struct *ss) { struct moxa_port *info = tty->driver_data; + unsigned int close_delay; if (tty->index == MAX_PORTS) return -EINVAL; @@ -2059,19 +2060,24 @@ static int moxa_set_serial_info(struct tty_struct *tty, ss->baud_base != 921600) return -EPERM; + close_delay = msecs_to_jiffies(ss->close_delay * 10); + mutex_lock(&info->port.mutex); if (!capable(CAP_SYS_ADMIN)) { - if (((ss->flags & ~ASYNC_USR_MASK) != + if (close_delay != info->port.close_delay || + ss->type != info->type || + ((ss->flags & ~ASYNC_USR_MASK) != (info->port.flags & ~ASYNC_USR_MASK))) { mutex_unlock(&info->port.mutex); return -EPERM; } - } - info->port.close_delay = msecs_to_jiffies(ss->close_delay * 10); + } else { + info->port.close_delay = close_delay; - MoxaSetFifo(info, ss->type == PORT_16550A); + MoxaSetFifo(info, ss->type == PORT_16550A); - info->type = ss->type; + info->type = ss->type; + } mutex_unlock(&info->port.mutex); return 0; } -- 2.26.3

3 years, 10 months

1
0
0 0

[PATCH 10/16] tty: moxa: fix TIOCSSERIAL jiffies conversions

by Johan Hovold

The port close_delay parameter set by TIOCSSERIAL is specified in jiffies, while the value returned by TIOCGSERIAL is specified in centiseconds. Add the missing conversions so that TIOCGSERIAL works as expected also when HZ is not 100. Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/tty/moxa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c index 32eb6b5e510f..5b7bc7af8b1e 100644 --- a/drivers/tty/moxa.c +++ b/drivers/tty/moxa.c @@ -2038,7 +2038,7 @@ static int moxa_get_serial_info(struct tty_struct *tty, ss->line = info->port.tty->index, ss->flags = info->port.flags, ss->baud_base = 921600, - ss->close_delay = info->port.close_delay; + ss->close_delay = jiffies_to_msecs(info->port.close_delay) / 10; mutex_unlock(&info->port.mutex); return 0; } @@ -2067,7 +2067,7 @@ static int moxa_set_serial_info(struct tty_struct *tty, return -EPERM; } } - info->port.close_delay = ss->close_delay * HZ / 100; + info->port.close_delay = msecs_to_jiffies(ss->close_delay * 10); MoxaSetFifo(info, ss->type == PORT_16550A); -- 2.26.3

3 years, 10 months

1
0
0 0

[PATCH 08/16] tty: amiserial: fix TIOCSSERIAL permission check

by Johan Hovold

Changing the port closing_wait parameter is a privileged operation. Add the missing check to TIOCSSERIAL so that -EPERM is returned in case an unprivileged user tries to change the closing-wait setting. Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/tty/amiserial.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/amiserial.c b/drivers/tty/amiserial.c index 0c8157fab17f..ec6802ba2bf8 100644 --- a/drivers/tty/amiserial.c +++ b/drivers/tty/amiserial.c @@ -970,6 +970,7 @@ static int set_serial_info(struct tty_struct *tty, struct serial_struct *ss) if (!serial_isroot()) { if ((ss->baud_base != state->baud_base) || (ss->close_delay != port->close_delay) || + (ss->closing_wait != port->closing_wait) || (ss->xmit_fifo_size != state->xmit_fifo_size) || ((ss->flags & ~ASYNC_USR_MASK) != (port->flags & ~ASYNC_USR_MASK))) { -- 2.26.3

3 years, 10 months

1
0
0 0

[PATCH 05/16] staging: greybus: uart: fix TIOCSSERIAL jiffies conversions

by Johan Hovold

The port close_delay and closing_wait parameters set by TIOCSSERIAL are specified in jiffies and not milliseconds. Add the missing conversions so that TIOCSSERIAL works as expected also when HZ is not 1000. Fixes: e68453ed28c5 ("greybus: uart-gb: now builds, more framework added") Cc: stable(a)vger.kernel.org # 4.9 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/staging/greybus/uart.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/staging/greybus/uart.c b/drivers/staging/greybus/uart.c index 607378bfebb7..29846dc1e1bf 100644 --- a/drivers/staging/greybus/uart.c +++ b/drivers/staging/greybus/uart.c @@ -614,10 +614,12 @@ static int get_serial_info(struct tty_struct *tty, ss->line = gb_tty->minor; ss->xmit_fifo_size = 16; ss->baud_base = 9600; - ss->close_delay = gb_tty->port.close_delay / 10; + ss->close_delay = jiffies_to_msecs(gb_tty->port.close_delay) / 10; ss->closing_wait = gb_tty->port.closing_wait == ASYNC_CLOSING_WAIT_NONE ? - ASYNC_CLOSING_WAIT_NONE : gb_tty->port.closing_wait / 10; + ASYNC_CLOSING_WAIT_NONE : + jiffies_to_msecs(gb_tty->port.closing_wait) / 10; + return 0; } @@ -629,9 +631,10 @@ static int set_serial_info(struct tty_struct *tty, unsigned int close_delay; int retval = 0; - close_delay = ss->close_delay * 10; + close_delay = msecs_to_jiffies(ss->close_delay * 10); closing_wait = ss->closing_wait == ASYNC_CLOSING_WAIT_NONE ? - ASYNC_CLOSING_WAIT_NONE : ss->closing_wait * 10; + ASYNC_CLOSING_WAIT_NONE : + msecs_to_jiffies(ss->closing_wait * 10); mutex_lock(&gb_tty->port.mutex); if (!capable(CAP_SYS_ADMIN)) { -- 2.26.3

3 years, 10 months

1
0
0 0

[PATCH 02/16] staging: fwserial: fix TIOCSSERIAL permission check

by Johan Hovold

Changing the port close-delay parameter is a privileged operation so make sure to return -EPERM if a regular user tries to change it. Fixes: 7355ba3445f2 ("staging: fwserial: Add TTY-over-Firewire serial driver") Cc: stable(a)vger.kernel.org # 3.8 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/staging/fwserial/fwserial.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/staging/fwserial/fwserial.c b/drivers/staging/fwserial/fwserial.c index c963848522b1..440d11423812 100644 --- a/drivers/staging/fwserial/fwserial.c +++ b/drivers/staging/fwserial/fwserial.c @@ -1232,20 +1232,24 @@ static int set_serial_info(struct tty_struct *tty, struct serial_struct *ss) { struct fwtty_port *port = tty->driver_data; + unsigned int cdelay; if (ss->irq != 0 || ss->port != 0 || ss->custom_divisor != 0 || ss->baud_base != 400000000) return -EPERM; + cdelay = msecs_to_jiffies(ss->close_delay * 10); + mutex_lock(&port->port.mutex); if (!capable(CAP_SYS_ADMIN)) { - if (((ss->flags & ~ASYNC_USR_MASK) != + if (cdelay != port->port.close_delay || + ((ss->flags & ~ASYNC_USR_MASK) != (port->port.flags & ~ASYNC_USR_MASK))) { mutex_unlock(&port->port.mutex); return -EPERM; } } - port->port.close_delay = msecs_to_jiffies(ss->close_delay * 10); + port->port.close_delay = cdelay; mutex_unlock(&port->port.mutex); return 0; -- 2.26.3

3 years, 10 months

1
0
0 0

[PATCH 01/16] staging: fwserial: fix TIOCSSERIAL jiffies conversions

by Johan Hovold

The port close_delay parameter set by TIOCSSERIAL is specified in jiffies, while the value returned by TIOCGSERIAL is specified in centiseconds. Add the missing conversions so that TIOCGSERIAL works as expected also when HZ is not 100. Fixes: 7355ba3445f2 ("staging: fwserial: Add TTY-over-Firewire serial driver") Cc: stable(a)vger.kernel.org # 3.8 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/staging/fwserial/fwserial.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/staging/fwserial/fwserial.c b/drivers/staging/fwserial/fwserial.c index c368082aae1a..c963848522b1 100644 --- a/drivers/staging/fwserial/fwserial.c +++ b/drivers/staging/fwserial/fwserial.c @@ -1223,7 +1223,7 @@ static int get_serial_info(struct tty_struct *tty, ss->flags = port->port.flags; ss->xmit_fifo_size = FWTTY_PORT_TXFIFO_LEN; ss->baud_base = 400000000; - ss->close_delay = port->port.close_delay; + ss->close_delay = jiffies_to_msecs(port->port.close_delay) / 10; mutex_unlock(&port->port.mutex); return 0; } @@ -1245,7 +1245,7 @@ static int set_serial_info(struct tty_struct *tty, return -EPERM; } } - port->port.close_delay = ss->close_delay * HZ / 100; + port->port.close_delay = msecs_to_jiffies(ss->close_delay * 10); mutex_unlock(&port->port.mutex); return 0; -- 2.26.3

3 years, 10 months

1
0
0 0

[PATCH 4.9 00/35] 4.9.265-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.265 release. There are 35 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 07 Apr 2021 08:50:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.265-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.265-rc1 Paul Moore <paul(a)paul-moore.com> audit: fix a net reference leak in audit_list_rules_send() Paul Moore <paul(a)paul-moore.com> audit: fix a net reference leak in audit_send_reply() Atul Gopinathan <atulgopinathan(a)gmail.com> staging: rtl8192e: Change state information from u16 to u8 Atul Gopinathan <atulgopinathan(a)gmail.com> staging: rtl8192e: Fix incorrect source in memcpy() Johan Hovold <johan(a)kernel.org> USB: cdc-acm: fix use-after-free after probe failure Oliver Neukum <oneukum(a)suse.com> USB: cdc-acm: downgrade message to debug Oliver Neukum <oneukum(a)suse.com> cdc-acm: fix BREAK rx code path adding necessary calls Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: xhci-mtk: fix broken streams issue on 0.96 xHCI Vincent Palatin <vpalatin(a)chromium.org> USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem Zheyu Ma <zheyuma97(a)gmail.com> firewire: nosy: Fix a use-after-free bug in nosy_ioctl() Dinghao Liu <dinghao.liu(a)zju.edu.cn> extcon: Fix error handling in extcon_dev_register Wang Panzhenzhuan <randy.wang(a)rock-chips.com> pinctrl: rockchip: fix restore error in resume Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> reiserfs: update reiserfs_xattrs_initialized() condition Ilya Lipnitskiy <ilya.lipnitskiy(a)gmail.com> mm: fix race by making init_zero_pfn() early_initcall Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix stack trace event size Hui Wang <hui.wang(a)canonical.com> ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook Ikjoon Jang <ikjn(a)chromium.org> ALSA: usb-audio: Apply sample rate quirk to Logitech Connect Jesper Dangaard Brouer <brouer(a)redhat.com> bpf: Remove MTU check in __bpf_skb_max_len Tong Zhang <ztong0001(a)gmail.com> net: wan/lmc: unregister device when no matching device is found Doug Brown <doug(a)schmorgal.com> appletalk: Fix skb allocation size in loopback case zhangyi (F) <yi.zhang(a)huawei.com> ext4: do not iput inode under running transaction in ext4_rename() Sameer Pujar <spujar(a)nvidia.com> ASoC: rt5659: Update MCLK rate in set_sysclk() Tong Zhang <ztong0001(a)gmail.com> staging: comedi: cb_pcidas64: fix request_irq() warn Tong Zhang <ztong0001(a)gmail.com> staging: comedi: cb_pcidas: fix request_irq() warn Alexey Dobriyan <adobriyan(a)gmail.com> scsi: qla2xxx: Fix broken #endif placement Lv Yunlong <lyl2019(a)mail.ustc.edu.cn> scsi: st: Fix a use after free in st_open() Laurent Vivier <lvivier(a)redhat.com> vhost: Fix vhost_vq_reset() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc: Force inlining of cpu_has_feature() to avoid build failure Benjamin Rood <benjaminjrood(a)gmail.com> ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe Hans de Goede <hdegoede(a)redhat.com> ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 Hans de Goede <hdegoede(a)redhat.com> ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 J. Bruce Fields <bfields(a)redhat.com> rpc: fix NULL dereference on kmalloc failure Zhaolong Zhang <zhangzl2013(a)126.com> ext4: fix bh ref count on error paths Jakub Kicinski <kuba(a)kernel.org> ipv6: weaken the v4mapped source check David Brazdil <dbrazdil(a)google.com> selinux: vsock: Set SID for socket returned by accept() ------------- Diffstat: Makefile | 4 +-- arch/powerpc/include/asm/cpu_has_feature.h | 4 +-- drivers/extcon/extcon.c | 1 + drivers/firewire/nosy.c | 9 ++++-- drivers/net/wan/lmc/lmc_main.c | 2 ++ drivers/pinctrl/pinctrl-rockchip.c | 13 +++++--- drivers/scsi/qla2xxx/qla_target.h | 2 +- drivers/scsi/st.c | 2 +- drivers/staging/comedi/drivers/cb_pcidas.c | 2 +- drivers/staging/comedi/drivers/cb_pcidas64.c | 2 +- drivers/staging/rtl8192e/rtllib.h | 2 +- drivers/staging/rtl8192e/rtllib_rx.c | 2 +- drivers/usb/class/cdc-acm.c | 12 +++++-- drivers/usb/core/quirks.c | 4 +++ drivers/usb/host/xhci-mtk.c | 10 +++++- drivers/vhost/vhost.c | 2 +- fs/ext4/inode.c | 6 ++-- fs/ext4/namei.c | 18 +++++------ fs/reiserfs/xattr.h | 2 +- kernel/audit.c | 48 +++++++++++++++++----------- kernel/audit.h | 2 +- kernel/auditfilter.c | 13 ++++---- kernel/trace/trace.c | 3 +- mm/memory.c | 2 +- net/appletalk/ddp.c | 33 ++++++++++++------- net/core/filter.c | 7 ++-- net/dccp/ipv6.c | 5 +++ net/ipv6/ip6_input.c | 10 ------ net/ipv6/tcp_ipv6.c | 5 +++ net/sunrpc/auth_gss/svcauth_gss.c | 11 ++++--- net/vmw_vsock/af_vsock.c | 1 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/rt5640.c | 4 +-- sound/soc/codecs/rt5651.c | 4 +-- sound/soc/codecs/rt5659.c | 5 +++ sound/soc/codecs/sgtl5000.c | 2 +- sound/usb/quirks.c | 1 + 37 files changed, 157 insertions(+), 99 deletions(-)

3 years, 10 months

6
44
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror April 2021