github actions: Use reusable workflow for upstream commit checking #7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions bot
pushed a commit
that referenced
this pull request
Oct 21, 2025
[ Upstream commit 48918ca ] The test starts a workload and then opens events. If the events fail to open, for example because of perf_event_paranoid, the gopipe of the workload is leaked and the file descriptor leak check fails when the test exits. To avoid this cancel the workload when opening the events fails. Before: ``` $ perf test -vv 7 7: PERF_RECORD_* events & perf_sample fields: --- start --- test child forked, pid 1189568 Using CPUID GenuineIntel-6-B7-1 ------------------------------------------------------------ perf_event_attr: type 0 (PERF_TYPE_HARDWARE) config 0xa00000000 (cpu_atom/PERF_COUNT_HW_CPU_CYCLES/) disabled 1 ------------------------------------------------------------ sys_perf_event_open: pid 0 cpu -1 group_fd -1 flags 0x8 sys_perf_event_open failed, error -13 ------------------------------------------------------------ perf_event_attr: type 0 (PERF_TYPE_HARDWARE) config 0xa00000000 (cpu_atom/PERF_COUNT_HW_CPU_CYCLES/) disabled 1 exclude_kernel 1 ------------------------------------------------------------ sys_perf_event_open: pid 0 cpu -1 group_fd -1 flags 0x8 = 3 ------------------------------------------------------------ perf_event_attr: type 0 (PERF_TYPE_HARDWARE) config 0x400000000 (cpu_core/PERF_COUNT_HW_CPU_CYCLES/) disabled 1 ------------------------------------------------------------ sys_perf_event_open: pid 0 cpu -1 group_fd -1 flags 0x8 sys_perf_event_open failed, error -13 ------------------------------------------------------------ perf_event_attr: type 0 (PERF_TYPE_HARDWARE) config 0x400000000 (cpu_core/PERF_COUNT_HW_CPU_CYCLES/) disabled 1 exclude_kernel 1 ------------------------------------------------------------ sys_perf_event_open: pid 0 cpu -1 group_fd -1 flags 0x8 = 3 Attempt to add: software/cpu-clock/ ..after resolving event: software/config=0/ cpu-clock -> software/cpu-clock/ ------------------------------------------------------------ perf_event_attr: type 1 (PERF_TYPE_SOFTWARE) size 136 config 0x9 (PERF_COUNT_SW_DUMMY) sample_type IP|TID|TIME|CPU read_format ID|LOST disabled 1 inherit 1 mmap 1 comm 1 enable_on_exec 1 task 1 sample_id_all 1 mmap2 1 comm_exec 1 ksymbol 1 bpf_event 1 { wakeup_events, wakeup_watermark } 1 ------------------------------------------------------------ sys_perf_event_open: pid 1189569 cpu 0 group_fd -1 flags 0x8 sys_perf_event_open failed, error -13 perf_evlist__open: Permission denied ---- end(-2) ---- Leak of file descriptor 6 that opened: 'pipe:[14200347]' ---- unexpected signal (6) ---- iFailed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon Failed to read build ID for //anon #0 0x565358f6666e in child_test_sig_handler builtin-test.c:311 #1 0x7f29ce849df0 in __restore_rt libc_sigaction.c:0 #2 0x7f29ce89e95c in __pthread_kill_implementation pthread_kill.c:44 #3 0x7f29ce849cc2 in raise raise.c:27 #4 0x7f29ce8324ac in abort abort.c:81 #5 0x565358f662d4 in check_leaks builtin-test.c:226 #6 0x565358f6682e in run_test_child builtin-test.c:344 #7 0x565358ef7121 in start_command run-command.c:128 ctrliq#8 0x565358f67273 in start_test builtin-test.c:545 ctrliq#9 0x565358f6771d in __cmd_test builtin-test.c:647 ctrliq#10 0x565358f682bd in cmd_test builtin-test.c:849 ctrliq#11 0x565358ee5ded in run_builtin perf.c:349 ctrliq#12 0x565358ee6085 in handle_internal_command perf.c:401 ctrliq#13 0x565358ee61de in run_argv perf.c:448 ctrliq#14 0x565358ee6527 in main perf.c:555 ctrliq#15 0x7f29ce833ca8 in __libc_start_call_main libc_start_call_main.h:74 ctrliq#16 0x7f29ce833d65 in __libc_start_main@@GLIBC_2.34 libc-start.c:128 ctrliq#17 0x565358e391c1 in _start perf[851c1] 7: PERF_RECORD_* events & perf_sample fields : FAILED! ``` After: ``` $ perf test 7 7: PERF_RECORD_* events & perf_sample fields : Skip (permissions) ``` Fixes: 16d00fe ("perf tests: Move test__PERF_RECORD into separate object") Signed-off-by: Ian Rogers <irogers@google.com> Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Athira Rajeev <atrajeev@linux.ibm.com> Cc: Chun-Tse Shao <ctshao@google.com> Cc: Howard Chu <howardchu95@gmail.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: James Clark <james.clark@linaro.org> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Kan Liang <kan.liang@linux.intel.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
github-actions bot
pushed a commit
that referenced
this pull request
Oct 21, 2025
commit 0570327 upstream. Before disabling SR-IOV via config space accesses to the parent PF, sriov_disable() first removes the PCI devices representing the VFs. Since commit 9d16947 ("PCI: Add global pci_lock_rescan_remove()") such removal operations are serialized against concurrent remove and rescan using the pci_rescan_remove_lock. No such locking was ever added in sriov_disable() however. In particular when commit 18f9e9d ("PCI/IOV: Factor out sriov_add_vfs()") factored out the PCI device removal into sriov_del_vfs() there was still no locking around the pci_iov_remove_virtfn() calls. On s390 the lack of serialization in sriov_disable() may cause double remove and list corruption with the below (amended) trace being observed: PSW: 0704c00180000000 0000000c914e4b38 (klist_put+56) GPRS: 000003800313fb48 0000000000000000 0000000100000001 0000000000000001 00000000f9b520a8 0000000000000000 0000000000002fbd 00000000f4cc9480 0000000000000001 0000000000000000 0000000000000000 0000000180692828 00000000818e8000 000003800313fe2c 000003800313fb20 000003800313fad8 #0 [3800313fb20] device_del at c9158ad5c #1 [3800313fb88] pci_remove_bus_device at c915105ba #2 [3800313fbd0] pci_iov_remove_virtfn at c9152f198 #3 [3800313fc28] zpci_iov_remove_virtfn at c90fb67c0 #4 [3800313fc60] zpci_bus_remove_device at c90fb6104 #5 [3800313fca0] __zpci_event_availability at c90fb3dca #6 [3800313fd08] chsc_process_sei_nt0 at c918fe4a2 #7 [3800313fd60] crw_collect_info at c91905822 ctrliq#8 [3800313fe10] kthread at c90feb390 ctrliq#9 [3800313fe68] __ret_from_fork at c90f6aa64 ctrliq#10 [3800313fe98] ret_from_fork at c9194f3f2. This is because in addition to sriov_disable() removing the VFs, the platform also generates hot-unplug events for the VFs. This being the reverse operation to the hotplug events generated by sriov_enable() and handled via pdev->no_vf_scan. And while the event processing takes pci_rescan_remove_lock and checks whether the struct pci_dev still exists, the lack of synchronization makes this checking racy. Other races may also be possible of course though given that this lack of locking persisted so long observable races seem very rare. Even on s390 the list corruption was only observed with certain devices since the platform events are only triggered by config accesses after the removal, so as long as the removal finished synchronously they would not race. Either way the locking is missing so fix this by adding it to the sriov_del_vfs() helper. Just like PCI rescan-remove, locking is also missing in sriov_add_vfs() including for the error case where pci_stop_and_remove_bus_device() is called without the PCI rescan-remove lock being held. Even in the non-error case, adding new PCI devices and buses should be serialized via the PCI rescan-remove lock. Add the necessary locking. Fixes: 18f9e9d ("PCI/IOV: Factor out sriov_add_vfs()") Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Reviewed-by: Benjamin Block <bblock@linux.ibm.com> Reviewed-by: Farhan Ali <alifm@linux.ibm.com> Reviewed-by: Julian Ruess <julianr@linux.ibm.com> Cc: stable@vger.kernel.org Link: https://patch.msgid.link/20250826-pci_fix_sriov_disable-v1-1-2d0bc938f2a3@linux.ibm.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
2 times, most recently
from
d2c041a to
3c985a1
Compare
github-actions bot
pushed a commit
that referenced
this pull request
Oct 24, 2025
JIRA: https://issues.redhat.com/browse/RHEL-112997 commit ffa1e7a Author: Thomas Hellström <thomas.hellstrom@linux.intel.com> Date: Tue Mar 18 10:55:48 2025 +0100 block: Make request_queue lockdep splats show up earlier In recent kernels, there are lockdep splats around the struct request_queue::io_lockdep_map, similar to [1], but they typically don't show up until reclaim with writeback happens. Having multiple kernel versions released with a known risc of kernel deadlock during reclaim writeback should IMHO be addressed and backported to -stable with the highest priority. In order to have these lockdep splats show up earlier, preferrably during system initialization, prime the struct request_queue::io_lockdep_map as GFP_KERNEL reclaim- tainted. This will instead lead to lockdep splats looking similar to [2], but without the need for reclaim + writeback happening. [1]: [ 189.762244] ====================================================== [ 189.762432] WARNING: possible circular locking dependency detected [ 189.762441] 6.14.0-rc6-xe+ #6 Tainted: G U [ 189.762450] ------------------------------------------------------ [ 189.762459] kswapd0/119 is trying to acquire lock: [ 189.762467] ffff888110ceb710 (&q->q_usage_counter(io)ctrliq#26){++++}-{0:0}, at: __submit_bio+0x76/0x230 [ 189.762485] but task is already holding lock: [ 189.762494] ffffffff834c97c0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0xbe/0xb00 [ 189.762507] which lock already depends on the new lock. [ 189.762519] the existing dependency chain (in reverse order) is: [ 189.762529] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 189.762540] fs_reclaim_acquire+0xc5/0x100 [ 189.762548] kmem_cache_alloc_lru_noprof+0x4a/0x480 [ 189.762558] alloc_inode+0xaa/0xe0 [ 189.762566] iget_locked+0x157/0x330 [ 189.762573] kernfs_get_inode+0x1b/0x110 [ 189.762582] kernfs_get_tree+0x1b0/0x2e0 [ 189.762590] sysfs_get_tree+0x1f/0x60 [ 189.762597] vfs_get_tree+0x2a/0xf0 [ 189.762605] path_mount+0x4cd/0xc00 [ 189.762613] __x64_sys_mount+0x119/0x150 [ 189.762621] x64_sys_call+0x14f2/0x2310 [ 189.762630] do_syscall_64+0x91/0x180 [ 189.762637] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 189.762647] -> #1 (&root->kernfs_rwsem){++++}-{3:3}: [ 189.762659] down_write+0x3e/0xf0 [ 189.762667] kernfs_remove+0x32/0x60 [ 189.762676] sysfs_remove_dir+0x4f/0x60 [ 189.762685] __kobject_del+0x33/0xa0 [ 189.762709] kobject_del+0x13/0x30 [ 189.762716] elv_unregister_queue+0x52/0x80 [ 189.762725] elevator_switch+0x68/0x360 [ 189.762733] elv_iosched_store+0x14b/0x1b0 [ 189.762756] queue_attr_store+0x181/0x1e0 [ 189.762765] sysfs_kf_write+0x49/0x80 [ 189.762773] kernfs_fop_write_iter+0x17d/0x250 [ 189.762781] vfs_write+0x281/0x540 [ 189.762790] ksys_write+0x72/0xf0 [ 189.762798] __x64_sys_write+0x19/0x30 [ 189.762807] x64_sys_call+0x2a3/0x2310 [ 189.762815] do_syscall_64+0x91/0x180 [ 189.762823] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 189.762833] -> #0 (&q->q_usage_counter(io)ctrliq#26){++++}-{0:0}: [ 189.762845] __lock_acquire+0x1525/0x2760 [ 189.762854] lock_acquire+0xca/0x310 [ 189.762861] blk_mq_submit_bio+0x8a2/0xba0 [ 189.762870] __submit_bio+0x76/0x230 [ 189.762878] submit_bio_noacct_nocheck+0x323/0x430 [ 189.762888] submit_bio_noacct+0x2cc/0x620 [ 189.762896] submit_bio+0x38/0x110 [ 189.762904] __swap_writepage+0xf5/0x380 [ 189.762912] swap_writepage+0x3c7/0x600 [ 189.762920] shmem_writepage+0x3da/0x4f0 [ 189.762929] pageout+0x13f/0x310 [ 189.762937] shrink_folio_list+0x61c/0xf60 [ 189.763261] evict_folios+0x378/0xcd0 [ 189.763584] try_to_shrink_lruvec+0x1b0/0x360 [ 189.763946] shrink_one+0x10e/0x200 [ 189.764266] shrink_node+0xc02/0x1490 [ 189.764586] balance_pgdat+0x563/0xb00 [ 189.764934] kswapd+0x1e8/0x430 [ 189.765249] kthread+0x10b/0x260 [ 189.765559] ret_from_fork+0x44/0x70 [ 189.765889] ret_from_fork_asm+0x1a/0x30 [ 189.766198] other info that might help us debug this: [ 189.767089] Chain exists of: &q->q_usage_counter(io)ctrliq#26 --> &root->kernfs_rwsem --> fs_reclaim [ 189.767971] Possible unsafe locking scenario: [ 189.768555] CPU0 CPU1 [ 189.768849] ---- ---- [ 189.769136] lock(fs_reclaim); [ 189.769421] lock(&root->kernfs_rwsem); [ 189.769714] lock(fs_reclaim); [ 189.770016] rlock(&q->q_usage_counter(io)ctrliq#26); [ 189.770305] *** DEADLOCK *** [ 189.771167] 1 lock held by kswapd0/119: [ 189.771453] #0: ffffffff834c97c0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0xbe/0xb00 [ 189.771770] stack backtrace: [ 189.772351] CPU: 4 UID: 0 PID: 119 Comm: kswapd0 Tainted: G U 6.14.0-rc6-xe+ #6 [ 189.772353] Tainted: [U]=USER [ 189.772354] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 2001 02/01/2023 [ 189.772354] Call Trace: [ 189.772355] <TASK> [ 189.772356] dump_stack_lvl+0x6e/0xa0 [ 189.772359] dump_stack+0x10/0x18 [ 189.772360] print_circular_bug.cold+0x17a/0x1b7 [ 189.772363] check_noncircular+0x13a/0x150 [ 189.772365] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 189.772368] __lock_acquire+0x1525/0x2760 [ 189.772368] ? ret_from_fork_asm+0x1a/0x30 [ 189.772371] lock_acquire+0xca/0x310 [ 189.772372] ? __submit_bio+0x76/0x230 [ 189.772375] ? lock_release+0xd5/0x2c0 [ 189.772376] blk_mq_submit_bio+0x8a2/0xba0 [ 189.772378] ? __submit_bio+0x76/0x230 [ 189.772380] __submit_bio+0x76/0x230 [ 189.772382] ? trace_hardirqs_on+0x1e/0xe0 [ 189.772384] submit_bio_noacct_nocheck+0x323/0x430 [ 189.772386] ? submit_bio_noacct_nocheck+0x323/0x430 [ 189.772387] ? __might_sleep+0x58/0xa0 [ 189.772390] submit_bio_noacct+0x2cc/0x620 [ 189.772391] ? count_memcg_events+0x68/0x90 [ 189.772393] submit_bio+0x38/0x110 [ 189.772395] __swap_writepage+0xf5/0x380 [ 189.772396] swap_writepage+0x3c7/0x600 [ 189.772397] shmem_writepage+0x3da/0x4f0 [ 189.772401] pageout+0x13f/0x310 [ 189.772406] shrink_folio_list+0x61c/0xf60 [ 189.772409] ? isolate_folios+0xe80/0x16b0 [ 189.772410] ? mark_held_locks+0x46/0x90 [ 189.772412] evict_folios+0x378/0xcd0 [ 189.772414] ? evict_folios+0x34a/0xcd0 [ 189.772415] ? lock_is_held_type+0xa3/0x130 [ 189.772417] try_to_shrink_lruvec+0x1b0/0x360 [ 189.772420] shrink_one+0x10e/0x200 [ 189.772421] shrink_node+0xc02/0x1490 [ 189.772423] ? shrink_node+0xa08/0x1490 [ 189.772424] ? shrink_node+0xbd8/0x1490 [ 189.772425] ? mem_cgroup_iter+0x366/0x480 [ 189.772427] balance_pgdat+0x563/0xb00 [ 189.772428] ? balance_pgdat+0x563/0xb00 [ 189.772430] ? trace_hardirqs_on+0x1e/0xe0 [ 189.772431] ? finish_task_switch.isra.0+0xcb/0x330 [ 189.772433] ? __switch_to_asm+0x33/0x70 [ 189.772437] kswapd+0x1e8/0x430 [ 189.772438] ? __pfx_autoremove_wake_function+0x10/0x10 [ 189.772440] ? __pfx_kswapd+0x10/0x10 [ 189.772441] kthread+0x10b/0x260 [ 189.772443] ? __pfx_kthread+0x10/0x10 [ 189.772444] ret_from_fork+0x44/0x70 [ 189.772446] ? __pfx_kthread+0x10/0x10 [ 189.772447] ret_from_fork_asm+0x1a/0x30 [ 189.772450] </TASK> [2]: [ 8.760253] ====================================================== [ 8.760254] WARNING: possible circular locking dependency detected [ 8.760255] 6.14.0-rc6-xe+ #7 Tainted: G U [ 8.760256] ------------------------------------------------------ [ 8.760257] (udev-worker)/674 is trying to acquire lock: [ 8.760259] ffff888100e39148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_remove+0x32/0x60 [ 8.760265] but task is already holding lock: [ 8.760266] ffff888110dc7680 (&q->q_usage_counter(io)ctrliq#27){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x12/0x30 [ 8.760272] which lock already depends on the new lock. [ 8.760272] the existing dependency chain (in reverse order) is: [ 8.760273] -> #2 (&q->q_usage_counter(io)ctrliq#27){++++}-{0:0}: [ 8.760276] blk_alloc_queue+0x30a/0x350 [ 8.760279] blk_mq_alloc_queue+0x6b/0xe0 [ 8.760281] scsi_alloc_sdev+0x276/0x3c0 [ 8.760284] scsi_probe_and_add_lun+0x22a/0x440 [ 8.760286] __scsi_scan_target+0x109/0x230 [ 8.760288] scsi_scan_channel+0x65/0xc0 [ 8.760290] scsi_scan_host_selected+0xff/0x140 [ 8.760292] do_scsi_scan_host+0xa7/0xc0 [ 8.760293] do_scan_async+0x1c/0x160 [ 8.760295] async_run_entry_fn+0x32/0x150 [ 8.760299] process_one_work+0x224/0x5f0 [ 8.760302] worker_thread+0x1d4/0x3e0 [ 8.760304] kthread+0x10b/0x260 [ 8.760306] ret_from_fork+0x44/0x70 [ 8.760309] ret_from_fork_asm+0x1a/0x30 [ 8.760312] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 8.760315] fs_reclaim_acquire+0xc5/0x100 [ 8.760317] kmem_cache_alloc_lru_noprof+0x4a/0x480 [ 8.760319] alloc_inode+0xaa/0xe0 [ 8.760322] iget_locked+0x157/0x330 [ 8.760323] kernfs_get_inode+0x1b/0x110 [ 8.760325] kernfs_get_tree+0x1b0/0x2e0 [ 8.760327] sysfs_get_tree+0x1f/0x60 [ 8.760329] vfs_get_tree+0x2a/0xf0 [ 8.760332] path_mount+0x4cd/0xc00 [ 8.760334] __x64_sys_mount+0x119/0x150 [ 8.760336] x64_sys_call+0x14f2/0x2310 [ 8.760338] do_syscall_64+0x91/0x180 [ 8.760340] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 8.760342] -> #0 (&root->kernfs_rwsem){++++}-{3:3}: [ 8.760345] __lock_acquire+0x1525/0x2760 [ 8.760347] lock_acquire+0xca/0x310 [ 8.760348] down_write+0x3e/0xf0 [ 8.760350] kernfs_remove+0x32/0x60 [ 8.760351] sysfs_remove_dir+0x4f/0x60 [ 8.760353] __kobject_del+0x33/0xa0 [ 8.760355] kobject_del+0x13/0x30 [ 8.760356] elv_unregister_queue+0x52/0x80 [ 8.760358] elevator_switch+0x68/0x360 [ 8.760360] elv_iosched_store+0x14b/0x1b0 [ 8.760362] queue_attr_store+0x181/0x1e0 [ 8.760364] sysfs_kf_write+0x49/0x80 [ 8.760366] kernfs_fop_write_iter+0x17d/0x250 [ 8.760367] vfs_write+0x281/0x540 [ 8.760370] ksys_write+0x72/0xf0 [ 8.760372] __x64_sys_write+0x19/0x30 [ 8.760374] x64_sys_call+0x2a3/0x2310 [ 8.760376] do_syscall_64+0x91/0x180 [ 8.760377] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 8.760380] other info that might help us debug this: [ 8.760380] Chain exists of: &root->kernfs_rwsem --> fs_reclaim --> &q->q_usage_counter(io)ctrliq#27 [ 8.760384] Possible unsafe locking scenario: [ 8.760384] CPU0 CPU1 [ 8.760385] ---- ---- [ 8.760385] lock(&q->q_usage_counter(io)ctrliq#27); [ 8.760387] lock(fs_reclaim); [ 8.760388] lock(&q->q_usage_counter(io)ctrliq#27); [ 8.760390] lock(&root->kernfs_rwsem); [ 8.760391] *** DEADLOCK *** [ 8.760391] 6 locks held by (udev-worker)/674: [ 8.760392] #0: ffff8881209ac420 (sb_writers#4){.+.+}-{0:0}, at: ksys_write+0x72/0xf0 [ 8.760398] #1: ffff88810c80f488 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x136/0x250 [ 8.760402] #2: ffff888125d1d330 (kn->active#101){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x13f/0x250 [ 8.760406] #3: ffff888110dc7bb0 (&q->sysfs_lock){+.+.}-{3:3}, at: queue_attr_store+0x148/0x1e0 [ 8.760411] #4: ffff888110dc7680 (&q->q_usage_counter(io)ctrliq#27){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x12/0x30 [ 8.760416] #5: ffff888110dc76b8 (&q->q_usage_counter(queue)ctrliq#27){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x12/0x30 [ 8.760421] stack backtrace: [ 8.760422] CPU: 7 UID: 0 PID: 674 Comm: (udev-worker) Tainted: G U 6.14.0-rc6-xe+ #7 [ 8.760424] Tainted: [U]=USER [ 8.760425] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 2001 02/01/2023 [ 8.760426] Call Trace: [ 8.760427] <TASK> [ 8.760428] dump_stack_lvl+0x6e/0xa0 [ 8.760431] dump_stack+0x10/0x18 [ 8.760433] print_circular_bug.cold+0x17a/0x1b7 [ 8.760437] check_noncircular+0x13a/0x150 [ 8.760441] ? save_trace+0x54/0x360 [ 8.760445] __lock_acquire+0x1525/0x2760 [ 8.760446] ? irqentry_exit+0x3a/0xb0 [ 8.760448] ? sysvec_apic_timer_interrupt+0x57/0xc0 [ 8.760452] lock_acquire+0xca/0x310 [ 8.760453] ? kernfs_remove+0x32/0x60 [ 8.760457] down_write+0x3e/0xf0 [ 8.760459] ? kernfs_remove+0x32/0x60 [ 8.760460] kernfs_remove+0x32/0x60 [ 8.760462] sysfs_remove_dir+0x4f/0x60 [ 8.760464] __kobject_del+0x33/0xa0 [ 8.760466] kobject_del+0x13/0x30 [ 8.760467] elv_unregister_queue+0x52/0x80 [ 8.760470] elevator_switch+0x68/0x360 [ 8.760472] elv_iosched_store+0x14b/0x1b0 [ 8.760475] queue_attr_store+0x181/0x1e0 [ 8.760479] ? lock_acquire+0xca/0x310 [ 8.760480] ? kernfs_fop_write_iter+0x13f/0x250 [ 8.760482] ? lock_is_held_type+0xa3/0x130 [ 8.760485] sysfs_kf_write+0x49/0x80 [ 8.760487] kernfs_fop_write_iter+0x17d/0x250 [ 8.760489] vfs_write+0x281/0x540 [ 8.760494] ksys_write+0x72/0xf0 [ 8.760497] __x64_sys_write+0x19/0x30 [ 8.760499] x64_sys_call+0x2a3/0x2310 [ 8.760502] do_syscall_64+0x91/0x180 [ 8.760504] ? trace_hardirqs_off+0x5d/0xe0 [ 8.760506] ? handle_softirqs+0x479/0x4d0 [ 8.760508] ? hrtimer_interrupt+0x13f/0x280 [ 8.760511] ? irqentry_exit_to_user_mode+0x8b/0x260 [ 8.760513] ? clear_bhb_loop+0x15/0x70 [ 8.760515] ? clear_bhb_loop+0x15/0x70 [ 8.760516] ? clear_bhb_loop+0x15/0x70 [ 8.760518] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 8.760520] RIP: 0033:0x7aa3bf2f5504 [ 8.760522] Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d c5 8b 10 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 [ 8.760523] RSP: 002b:00007ffc1e3697d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 8.760526] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007aa3bf2f5504 [ 8.760527] RDX: 0000000000000003 RSI: 00007ffc1e369ae0 RDI: 000000000000001c [ 8.760528] RBP: 00007ffc1e369800 R08: 00007aa3bf3f51c8 R09: 00007ffc1e3698b0 [ 8.760528] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 8.760529] R13: 00007ffc1e369ae0 R14: 0000613ccf21f2f0 R15: 00007aa3bf3f4e80 [ 8.760533] </TASK> v2: - Update a code comment to increase readability (Ming Lei). Cc: Jens Axboe <axboe@kernel.dk> Cc: linux-block@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: Ming Lei <ming.lei@redhat.com> Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com> Reviewed-by: Ming Lei <ming.lei@redhat.com> Link: https://lore.kernel.org/r/20250318095548.5187-1-thomas.hellstrom@linux.intel.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Ming Lei <ming.lei@redhat.com>
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
3c985a1 to
be3d5a3
Compare
|
ERROR: Failed to clone vulns repo: Cloning into '../vulns'... |
jira VULN-131259 cve CVE-2025-38556 commit-author Alan Stern <stern@rowland.harvard.edu> commit a6b87bf Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-by: syzbot+b63d677d63bcac06cf90@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-usb/68753a08.050a0220.33d347.0008.GAE@google.com/ Tested-by: syzbot+b63d677d63bcac06cf90@syzkaller.appspotmail.com Fixes: dde5845 ("[PATCH] Generic HID layer - code split") Cc: stable@vger.kernel.org Link: https://patch.msgid.link/613a66cd-4309-4bce-a4f7-2905f9bce0c9@rowland.harvard.edu Signed-off-by: Benjamin Tissoires <bentiss@kernel.org> (cherry picked from commit a6b87bf) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-131360 cve CVE-2024-58239 commit-author Sabrina Dubroca <sd@queasysnail.net> commit fdfbaec If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging them: - process_rx_list copies the non-DATA record - we start the loop and process the first available record since it's of the same type - we break out of the loop since the record was not DATA Just check the record type and jump to the end in case process_rx_list did some work. Fixes: 692d7b5 ("tls: Fix recvmsg() to be able to peek across multiple records") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/bd31449e43bd4b6ff546f5c51cf958c31c511deb.1708007371.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit fdfbaec) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-136507 cve-pre CVE-2025-39682 commit-author Jakub Kicinski <kuba@kernel.org> commit 4d42cd6 Gaurav reports that TLS Rx is broken with async crypto accelerators. The commit under fixes missed updating the retval byte counting logic when updating how records are stored. Even tho both before and after the change 'decrypted' was updated inside the main loop, it was completely overwritten when processing the async completions. Now that the rx_list only holds non-zero-copy records we need to add, not overwrite. Reported-and-bisected-by: Gaurav Jain <gaurav.jain@nxp.com> Fixes: cbbdee9 ("tls: rx: async: don't put async zc on the list") Link: https://bugzilla.kernel.org/show_bug.cgi?id=217064 Tested-by: Gaurav Jain <gaurav.jain@nxp.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Link: https://lore.kernel.org/r/20230227181201.1793772-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit 4d42cd6) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-136507 cve-pre CVE-2025-39682 commit-author Jakub Kicinski <kuba@kernel.org> commit ac437a5 We double count async, non-zc rx data. The previous fix was lucky because if we fully zc async_copy_bytes is 0 so we add 0. Decrypted already has all the bytes we handled, in all cases. We don't have to adjust anything, delete the erroneous line. Fixes: 4d42cd6 ("tls: rx: fix return value for async crypto") Co-developed-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit ac437a5) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-136507 cve-pre CVE-2025-39682 commit-author Sabrina Dubroca <sd@queasysnail.net> commit ec823bf If we queue 3 records: - record 1, type DATA - record 2, some other type - record 3, type DATA and do a recv(PEEK), the rx_list will contain the first two records. The next large recv will walk through the rx_list and copy data from record 1, then stop because record 2 is a different type. Since we haven't filled up our buffer, we will process the next available record. It's also DATA, so we can merge it with the current read. We shouldn't do that, since there was a record in between that we ignored. Add a flag to let process_rx_list inform tls_sw_recvmsg that it had more data available. Fixes: 692d7b5 ("tls: Fix recvmsg() to be able to peek across multiple records") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/f00c0c0afa080c60f016df1471158c1caf983c34.1708007371.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit ec823bf) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-136507 cve-pre CVE-2025-39682 commit-author Sabrina Dubroca <sd@queasysnail.net> commit 85eef9a process_rx_list may not copy as many bytes as we want to the userspace buffer, for example in case we hit an EFAULT during the copy. If this happens, we should only count the bytes that were actually copied, which may be 0. Subtracting async_copy_bytes is correct in both peek and !peek cases, because decrypted == async_copy_bytes + peeked for the peek case: peek is always !ZC, and we can go through either the sync or async path. In the async case, we add chunk to both decrypted and async_copy_bytes. In the sync case, we add chunk to both decrypted and peeked. I missed that in commit 6caaf10 ("tls: fix peeking with sync+async decryption"). Fixes: 4d42cd6 ("tls: rx: fix return value for async crypto") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://lore.kernel.org/r/1b5a1eaab3c088a9dd5d9f1059ceecd7afe888d1.1711120964.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit 85eef9a) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-136507 cve CVE-2025-39682 commit-author Jakub Kicinski <kuba@kernel.org> commit 62708b9 Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type than what has already been processed we break out of the main processing loop. If the record has already been decrypted (which may be the case for TLS 1.3 where we don't know type until decryption) we queue the pending record to the rx_list. Next recvmsg() will pick it up from there. Queuing the skb to rx_list after zero-copy decrypt is not possible, since in that case we decrypted directly to the user space buffer, and we don't have an skb to queue (darg.skb points to the ciphertext skb for access to metadata like length). Only data records are allowed zero-copy, and we break the processing loop after each non-data record. So we should never zero-copy and then find out that the record type has changed. The corner case we missed is when the initial record comes from rx_list, and it's zero length. Reported-by: Muhammad Alifa Ramdhan <ramdhan@starlabs.sg> Reported-by: Billy Jheng Bing-Jhong <billy@starlabs.sg> Fixes: 84c61fe ("tls: rx: do not use the standard strparser") Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://patch.msgid.link/20250820021952.143068-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit 62708b9) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
jira VULN-154755 cve CVE-2022-50341 commit-author Paulo Alcantara <pc@cjr.nz> commit f7f291e When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR = 0x9600004f EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x0f: level 3 permission fault Data abort info: ISV = 0, ISS = 0x0000004f CM = 0, WnR = 1 swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000294f3000 [ffff0001221cf000] pgd=18000001ffff8003, p4d=18000001ffff8003, pud=18000001ff82e003, pmd=18000001ff71d003, pte=00600001221cf787 Internal error: Oops: 9600004f [#1] PREEMPT SMP ... pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--) pc : __memcpy+0x40/0x230 lr : scatterwalk_copychunks+0xe0/0x200 sp : ffff800014e92de0 x29: ffff800014e92de0 x28: ffff000114f9de80 x27: 0000000000000008 x26: 0000000000000008 x25: ffff800014e92e78 x24: 0000000000000008 x23: 0000000000000001 x22: 0000040000000000 x21: ffff000000000000 x20: 0000000000000001 x19: ffff0001037c4488 x18: 0000000000000014 x17: 235e1c0d6efa9661 x16: a435f9576b6edd6c x15: 0000000000000058 x14: 0000000000000001 x13: 0000000000000008 x12: ffff000114f2e590 x11: ffffffffffffffff x10: 0000040000000000 x9 : ffff8000105c3580 x8 : 2e9413b10000001a x7 : 534b4410fb86b005 x6 : 534b4410fb86b005 x5 : ffff0001221cf008 x4 : ffff0001037c4490 x3 : 0000000000000001 x2 : 0000000000000008 x1 : ffff0001037c4488 x0 : ffff0001221cf000 Call trace: __memcpy+0x40/0x230 scatterwalk_map_and_copy+0x98/0x100 crypto_ccm_encrypt+0x150/0x180 crypto_aead_encrypt+0x2c/0x40 crypt_message+0x750/0x880 smb3_init_transform_rq+0x298/0x340 smb_send_rqst.part.11+0xd8/0x180 smb_send_rqst+0x3c/0x100 compound_send_recv+0x534/0xbc0 smb2_query_info_compound+0x32c/0x440 smb2_set_ea+0x438/0x4c0 cifs_xattr_set+0x5d4/0x7c0 This is because in scatterwalk_copychunks(), we attempted to write to a buffer (@sign) that was allocated in the stack (vmalloc area) by crypt_message() and thus accessing its remaining 8 (x2) bytes ended up crossing a page boundary. To simply fix it, we could just pass @sign kmalloc'd from crypt_message() and then we're done. Luckily, we don't seem to pass any other vmalloc'd buffers in smb_rqst::rq_iov... Instead, let's map the correct pages and offsets from vmalloc buffers as well in cifs_sg_set_buf() and then avoiding such oopses. Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz> Cc: stable@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com> (cherry picked from commit f7f291e) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com> # Conflicts: # fs/cifs/cifsglob.h
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
be3d5a3 to
f94396f
Compare
🔍 Upstream Linux Kernel Commit Check
This is an automated message from the kernel commit checker workflow. |
🔍 Interdiff Analysis
diff -u b/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
--- b/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -204,12 +204,10 @@
{
struct drm_device *dev = obj->dev;
- mutex_lock(&dev->object_name_lock);
+ guard(mutex)(&dev->object_name_lock);
drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
drm_gem_object_handle_get(obj);
-
- mutex_unlock(&dev->object_name_lock);
}
EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
diff -u b/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
--- b/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -193,37 +193,25 @@
}
/**
- * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any
+ * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles
* @obj: GEM object
*
- * Acquires a reference on the GEM buffer object's handle. Required to keep
- * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked()
- * to release the reference. Does nothing if the buffer object has no handle.
- *
- * Returns:
- * True if a handle exists, or false otherwise
+ * Acquires a reference on the GEM buffer object's handle. Required
+ * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked()
+ * to release the reference.
*/
-bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj)
+void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj)
{
struct drm_device *dev = obj->dev;
mutex_lock(&dev->object_name_lock);
- /*
- * First ref taken during GEM object creation, if any. Some
- * drivers set up internal framebuffers with GEM objects that
- * do not have a GEM handle. Hence, this counter can be zero.
- */
- if (!obj->handle_count) {
- mutex_unlock(&dev->object_name_lock);
- return false;
- }
-
+ drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
drm_gem_object_handle_get(obj);
mutex_unlock(&dev->object_name_lock);
- return true;
}
+EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
/**
* drm_gem_object_handle_free - release resources bound to userspace handles
@@ -223,23 +223,34 @@
}
/**
- * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles
+ * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any
* @obj: GEM object
*
- * Acquires a reference on the GEM buffer object's handle. Required
- * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked()
- * to release the reference.
+ * Acquires a reference on the GEM buffer object's handle. Required to keep
+ * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked()
+ * to release the reference. Does nothing if the buffer object has no handle.
+ *
+ * Returns:
+ * True if a handle exists, or false otherwise
*/
-void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj)
+bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj)
{
struct drm_device *dev = obj->dev;
guard(mutex)(&dev->object_name_lock);
- drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
+ /*
+ * First ref taken during GEM object creation, if any. Some
+ * drivers set up internal framebuffers with GEM objects that
+ * do not have a GEM handle. Hence, this counter can be zero.
+ */
+ if (!obj->handle_count)
+ return false;
+
drm_gem_object_handle_get(obj);
+
+ return true;
}
-EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
/**
* drm_gem_object_handle_free - release resources bound to userspace handles
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
🔍 Upstream Linux Kernel Commit Check
This is an automated message from the kernel commit checker workflow. |
🔍 Interdiff Analysis
diff -u b/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
--- b/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -204,12 +204,10 @@
{
struct drm_device *dev = obj->dev;
- mutex_lock(&dev->object_name_lock);
+ guard(mutex)(&dev->object_name_lock);
drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
drm_gem_object_handle_get(obj);
-
- mutex_unlock(&dev->object_name_lock);
}
EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
diff -u b/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
--- b/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -193,37 +193,25 @@
}
/**
- * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any
+ * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles
* @obj: GEM object
*
- * Acquires a reference on the GEM buffer object's handle. Required to keep
- * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked()
- * to release the reference. Does nothing if the buffer object has no handle.
- *
- * Returns:
- * True if a handle exists, or false otherwise
+ * Acquires a reference on the GEM buffer object's handle. Required
+ * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked()
+ * to release the reference.
*/
-bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj)
+void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj)
{
struct drm_device *dev = obj->dev;
mutex_lock(&dev->object_name_lock);
- /*
- * First ref taken during GEM object creation, if any. Some
- * drivers set up internal framebuffers with GEM objects that
- * do not have a GEM handle. Hence, this counter can be zero.
- */
- if (!obj->handle_count) {
- mutex_unlock(&dev->object_name_lock);
- return false;
- }
-
+ drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
drm_gem_object_handle_get(obj);
mutex_unlock(&dev->object_name_lock);
- return true;
}
+EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
/**
* drm_gem_object_handle_free - release resources bound to userspace handles
@@ -223,23 +223,34 @@
}
/**
- * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles
+ * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any
* @obj: GEM object
*
- * Acquires a reference on the GEM buffer object's handle. Required
- * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked()
- * to release the reference.
+ * Acquires a reference on the GEM buffer object's handle. Required to keep
+ * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked()
+ * to release the reference. Does nothing if the buffer object has no handle.
+ *
+ * Returns:
+ * True if a handle exists, or false otherwise
*/
-void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj)
+bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj)
{
struct drm_device *dev = obj->dev;
guard(mutex)(&dev->object_name_lock);
- drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
+ /*
+ * First ref taken during GEM object creation, if any. Some
+ * drivers set up internal framebuffers with GEM objects that
+ * do not have a GEM handle. Hence, this counter can be zero.
+ */
+ if (!obj->handle_count)
+ return false;
+
drm_gem_object_handle_get(obj);
+
+ return true;
}
-EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
/**
* drm_gem_object_handle_free - release resources bound to userspace handles
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
🔍 Upstream Linux Kernel Commit Check
This is an automated message from the kernel commit checker workflow. |
🔍 Interdiff Analysis
diff -u b/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
--- b/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -204,12 +204,10 @@
{
struct drm_device *dev = obj->dev;
- mutex_lock(&dev->object_name_lock);
+ guard(mutex)(&dev->object_name_lock);
drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
drm_gem_object_handle_get(obj);
-
- mutex_unlock(&dev->object_name_lock);
}
EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
diff -u b/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
--- b/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -193,37 +193,25 @@
}
/**
- * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any
+ * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles
* @obj: GEM object
*
- * Acquires a reference on the GEM buffer object's handle. Required to keep
- * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked()
- * to release the reference. Does nothing if the buffer object has no handle.
- *
- * Returns:
- * True if a handle exists, or false otherwise
+ * Acquires a reference on the GEM buffer object's handle. Required
+ * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked()
+ * to release the reference.
*/
-bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj)
+void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj)
{
struct drm_device *dev = obj->dev;
mutex_lock(&dev->object_name_lock);
- /*
- * First ref taken during GEM object creation, if any. Some
- * drivers set up internal framebuffers with GEM objects that
- * do not have a GEM handle. Hence, this counter can be zero.
- */
- if (!obj->handle_count) {
- mutex_unlock(&dev->object_name_lock);
- return false;
- }
-
+ drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
drm_gem_object_handle_get(obj);
mutex_unlock(&dev->object_name_lock);
- return true;
}
+EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
/**
* drm_gem_object_handle_free - release resources bound to userspace handles
@@ -223,23 +223,34 @@
}
/**
- * drm_gem_object_handle_get_unlocked - acquire reference on user-space handles
+ * drm_gem_object_handle_get_if_exists_unlocked - acquire reference on user-space handle, if any
* @obj: GEM object
*
- * Acquires a reference on the GEM buffer object's handle. Required
- * to keep the GEM object alive. Call drm_gem_object_handle_put_unlocked()
- * to release the reference.
+ * Acquires a reference on the GEM buffer object's handle. Required to keep
+ * the GEM object alive. Call drm_gem_object_handle_put_if_exists_unlocked()
+ * to release the reference. Does nothing if the buffer object has no handle.
+ *
+ * Returns:
+ * True if a handle exists, or false otherwise
*/
-void drm_gem_object_handle_get_unlocked(struct drm_gem_object *obj)
+bool drm_gem_object_handle_get_if_exists_unlocked(struct drm_gem_object *obj)
{
struct drm_device *dev = obj->dev;
guard(mutex)(&dev->object_name_lock);
- drm_WARN_ON(dev, !obj->handle_count); /* first ref taken in create-tail helper */
+ /*
+ * First ref taken during GEM object creation, if any. Some
+ * drivers set up internal framebuffers with GEM objects that
+ * do not have a GEM handle. Hence, this counter can be zero.
+ */
+ if (!obj->handle_count)
+ return false;
+
drm_gem_object_handle_get(obj);
+
+ return true;
}
-EXPORT_SYMBOL(drm_gem_object_handle_get_unlocked);
/**
* drm_gem_object_handle_free - release resources bound to userspace handles
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
497d023 to
5b69b1e
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
1 similar comment
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
5b69b1e to
a10e773
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
a10e773 to
daece05
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
1 similar comment
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
daece05 to
19caec1
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
19caec1 to
c265402
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
c265402 to
5f681e3
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
jira VULN-154755 cve-bf CVE-2022-50341 commit-author Yang Li <yang.lee@linux.alibaba.com> commit d74f4a3 ./fs/cifs/cifsglob.h: linux/scatterlist.h is included more than once. Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=3459 Fixes: f7f291e ("cifs: fix oops during encryption") Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: Steve French <stfrench@microsoft.com> (cherry picked from commit d74f4a3) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
bmastbergen
force-pushed
the
ciqlts9_2-use-reusable-workflow
branch
from
5f681e3 to
4e55a01
Compare
🔍 Interdiff Analysis
diff -u b/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
--- b/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -66,8 +66,12 @@
static u32 s32ton(__s32 value, unsigned int n)
{
- s32 a = value >> (n - 1);
+ s32 a;
+ if (!value || !n)
+ return 0;
+
+ a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
@@ -1338,12 +1338,7 @@
static u32 s32ton(__s32 value, unsigned n)
{
- s32 a;
-
- if (!value || !n)
- return 0;
-
- a = value >> (n - 1);
+ s32 a = value >> (n - 1);
if (a && a != -1)
return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
return value & ((1 << n) - 1);
reverted:
--- b/fs/cifs/cifsencrypt.c
+++ a/fs/cifs/cifsencrypt.c
@@ -679,7 +679,7 @@
unlock:
cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
+ kfree(tiblob);
- kfree_sensitive(tiblob);
return rc;
}
@@ -753,14 +753,14 @@
server->secmech.ccmaesdecrypt = NULL;
}
+ kfree(server->secmech.sdesccmacaes);
- kfree_sensitive(server->secmech.sdesccmacaes);
server->secmech.sdesccmacaes = NULL;
+ kfree(server->secmech.sdeschmacsha256);
- kfree_sensitive(server->secmech.sdeschmacsha256);
server->secmech.sdeschmacsha256 = NULL;
+ kfree(server->secmech.sdeschmacmd5);
- kfree_sensitive(server->secmech.sdeschmacmd5);
server->secmech.sdeschmacmd5 = NULL;
+ kfree(server->secmech.sdescmd5);
- kfree_sensitive(server->secmech.sdescmd5);
server->secmech.sdescmd5 = NULL;
+ kfree(server->secmech.sdescsha512);
- kfree_sensitive(server->secmech.sdescsha512);
server->secmech.sdescsha512 = NULL;
}
reverted:
--- b/fs/cifs/connect.c
+++ a/fs/cifs/connect.c
@@ -288,7 +288,7 @@
}
server->sequence_number = 0;
server->session_estab = false;
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
server->lstrp = jiffies;
@@ -1562,7 +1562,7 @@
cifs_crypto_secmech_release(server);
+ kfree(server->session_key.response);
- kfree_sensitive(server->session_key.response);
server->session_key.response = NULL;
server->session_key.len = 0;
kfree(server->hostname);
@@ -4097,7 +4097,7 @@
if (ses->auth_key.response) {
cifs_dbg(FYI, "Free previous auth_key.response = %p\n",
ses->auth_key.response);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
ses->auth_key.len = 0;
}
reverted:
--- b/fs/cifs/fs_context.c
+++ a/fs/cifs/fs_context.c
@@ -789,13 +789,6 @@
cifs_sb->ctx->field = NULL; \
} while (0)
-#define STEAL_STRING_SENSITIVE(cifs_sb, ctx, field) \
-do { \
- kfree_sensitive(ctx->field); \
- ctx->field = cifs_sb->ctx->field; \
- cifs_sb->ctx->field = NULL; \
-} while (0)
-
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
@@ -816,7 +809,7 @@
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+ STEAL_STRING(cifs_sb, ctx, password);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1157,7 +1150,7 @@
}
break;
case Opt_pass:
+ kfree(ctx->password);
- kfree_sensitive(ctx->password);
ctx->password = NULL;
if (strlen(param->string) == 0)
break;
@@ -1465,7 +1458,6 @@
return 0;
cifs_parse_mount_err:
- kfree_sensitive(ctx->password);
return -EINVAL;
}
reverted:
--- b/fs/cifs/misc.c
+++ a/fs/cifs/misc.c
@@ -1118,7 +1118,7 @@
void
cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc)
{
+ kfree(*sdesc);
- kfree_sensitive(*sdesc);
*sdesc = NULL;
if (*shash)
crypto_free_shash(*shash);
reverted:
--- b/fs/cifs/sess.c
+++ a/fs/cifs/sess.c
@@ -1211,12 +1211,6 @@
static void
sess_free_buffer(struct sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 3; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
@@ -1378,7 +1372,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1517,7 +1511,7 @@
sess_data->result = rc;
sess_data->func = NULL;
sess_free_buffer(sess_data);
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
}
@@ -1652,7 +1646,7 @@
rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1662,9 +1656,9 @@
}
/* Else error. Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1763,7 +1757,7 @@
}
out_free_ntlmsspblob:
+ kfree(ntlmsspblob);
- kfree_sensitive(ntlmsspblob);
out:
sess_free_buffer(sess_data);
@@ -1771,9 +1765,9 @@
rc = sess_establish_session(sess_data);
/* Cleanup */
+ kfree(ses->auth_key.response);
- kfree_sensitive(ses->auth_key.response);
ses->auth_key.response = NULL;
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->func = NULL;
@@ -1849,7 +1843,7 @@
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
reverted:
--- b/fs/cifs/smb2ops.c
+++ a/fs/cifs/smb2ops.c
@@ -4390,11 +4390,11 @@
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+ kfree(iv);
- kfree_sensitive(iv);
free_sg:
+ kfree(sg);
- kfree_sensitive(sg);
free_req:
+ kfree(req);
- kfree_sensitive(req);
return rc;
}
reverted:
--- b/fs/cifs/smb2pdu.c
+++ a/fs/cifs/smb2pdu.c
@@ -1333,13 +1333,6 @@
static void
SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
{
- int i;
-
- /* zero the session data before freeing, as it might contain sensitive info (keys, etc) */
- for (i = 0; i < 2; i++)
- if (sess_data->iov[i].iov_base)
- memzero_explicit(sess_data->iov[i].iov_base, sess_data->iov[i].iov_len);
-
free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
sess_data->buf0_type = CIFS_NO_BUFFER;
}
@@ -1472,8 +1465,6 @@
out_put_spnego_key:
key_invalidate(spnego_key);
key_put(spnego_key);
- if (rc)
- kfree_sensitive(ses->auth_key.response);
out:
sess_data->result = rc;
sess_data->func = NULL;
@@ -1570,7 +1561,7 @@
}
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
if (!rc) {
sess_data->result = 0;
@@ -1578,7 +1569,7 @@
return;
}
out_err:
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1654,9 +1645,9 @@
}
#endif
out:
+ kfree(ntlmssp_blob);
- memzero_explicit(ntlmssp_blob, blob_length);
SMB2_sess_free_buffer(sess_data);
+ kfree(ses->ntlmssp);
- kfree_sensitive(ses->ntlmssp);
ses->ntlmssp = NULL;
sess_data->result = rc;
sess_data->func = NULL;
@@ -1734,7 +1725,7 @@
cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
rc = sess_data->result;
out:
+ kfree(sess_data);
- kfree_sensitive(sess_data);
return rc;
}This is an automated interdiff check for backported commits. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Simplifies the workflow to use the reusable workflow defined in main branch. This reduces duplication and makes the workflow easier to maintain across multiple branches.
The workflow now references ctrliq/kernel-src-tree/.github/workflows/upstream-commit-check.yml@main which contains the full workflow implementation.