diff -u linux-azure-5.15-5.15.0/block/ioctl.c linux-azure-5.15-5.15.0/block/ioctl.c --- linux-azure-5.15-5.15.0/block/ioctl.c +++ linux-azure-5.15-5.15.0/block/ioctl.c @@ -20,8 +20,6 @@ struct blkpg_partition p; long long start, length; - if (disk->flags & GENHD_FL_NO_PART) - return -EINVAL; if (!capable(CAP_SYS_ADMIN)) return -EACCES; if (copy_from_user(&p, upart, sizeof(struct blkpg_partition))) diff -u linux-azure-5.15-5.15.0/block/partitions/core.c linux-azure-5.15-5.15.0/block/partitions/core.c --- linux-azure-5.15-5.15.0/block/partitions/core.c +++ linux-azure-5.15-5.15.0/block/partitions/core.c @@ -463,6 +463,11 @@ goto out; } + if (disk->flags & GENHD_FL_NO_PART) { + ret = -EINVAL; + goto out; + } + if (partition_overlaps(disk, start, length, -1)) { ret = -EBUSY; goto out; diff -u linux-azure-5.15-5.15.0/debian.azure-5.15/abi/abiname linux-azure-5.15-5.15.0/debian.azure-5.15/abi/abiname --- linux-azure-5.15-5.15.0/debian.azure-5.15/abi/abiname +++ linux-azure-5.15-5.15.0/debian.azure-5.15/abi/abiname @@ -1 +1 @@ -1055 +1056 diff -u linux-azure-5.15-5.15.0/debian.azure-5.15/abi/version linux-azure-5.15-5.15.0/debian.azure-5.15/abi/version --- linux-azure-5.15-5.15.0/debian.azure-5.15/abi/version +++ linux-azure-5.15-5.15.0/debian.azure-5.15/abi/version @@ -1 +1 @@ -5.15.0-1055.63~20.04.1 +5.15.0-1056.64~20.04.1 diff -u linux-azure-5.15-5.15.0/debian.azure-5.15/changelog linux-azure-5.15-5.15.0/debian.azure-5.15/changelog --- linux-azure-5.15-5.15.0/debian.azure-5.15/changelog +++ linux-azure-5.15-5.15.0/debian.azure-5.15/changelog @@ -1,3 +1,29 @@ +linux-azure-5.15 (5.15.0-1057.65~20.04.1) focal; urgency=medium + + * focal/linux-azure-5.15: 5.15.0-1057.65~20.04.1 -proposed tracker + (LP: #2052226) + + [ Ubuntu: 5.15.0-1057.65 ] + + * jammy/linux-azure: 5.15.0-1057.65 -proposed tracker (LP: #2052613) + * CVE-2024-0565 + - smb: client: fix OOB in receive_encrypted_standard() + * jammy/linux: 5.15.0-97.107 -proposed tracker (LP: #2052600) + * Packaging resync (LP: #1786013) + - [Packaging] update annotations scripts + * partproke is broken on empty loopback device (LP: #2049689) + - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() + * CVE-2023-51781 + - appletalk: Fix Use-After-Free in atalk_ioctl + * CVE-2023-51780 + - atm: Fix Use-After-Free in do_vcc_ioctl + * CVE-2023-6915 + - ida: Fix crash in ida_free when the bitmap is empty + * CVE-2024-0646 + - net: tls, update curr on splice as well + + -- Kevin Becker Mon, 12 Feb 2024 10:36:00 -0500 + linux-azure-5.15 (5.15.0-1056.64~20.04.1) focal; urgency=medium * focal/linux-azure-5.15: 5.15.0-1056.64~20.04.1 -proposed tracker diff -u linux-azure-5.15-5.15.0/debian.azure-5.15/tracking-bug linux-azure-5.15-5.15.0/debian.azure-5.15/tracking-bug --- linux-azure-5.15-5.15.0/debian.azure-5.15/tracking-bug +++ linux-azure-5.15-5.15.0/debian.azure-5.15/tracking-bug @@ -1 +1 @@ -2052544 2024.01.08-10 +2052226 s2024.01.08-1 diff -u linux-azure-5.15-5.15.0/debian.azure/abi/abiname linux-azure-5.15-5.15.0/debian.azure/abi/abiname --- linux-azure-5.15-5.15.0/debian.azure/abi/abiname +++ linux-azure-5.15-5.15.0/debian.azure/abi/abiname @@ -1 +1 @@ -1055 +1056 diff -u linux-azure-5.15-5.15.0/debian.azure/abi/version linux-azure-5.15-5.15.0/debian.azure/abi/version --- linux-azure-5.15-5.15.0/debian.azure/abi/version +++ linux-azure-5.15-5.15.0/debian.azure/abi/version @@ -1 +1 @@ -5.15.0-1055.63 +5.15.0-1056.64 diff -u linux-azure-5.15-5.15.0/debian.azure/changelog linux-azure-5.15-5.15.0/debian.azure/changelog --- linux-azure-5.15-5.15.0/debian.azure/changelog +++ linux-azure-5.15-5.15.0/debian.azure/changelog @@ -1,3 +1,28 @@ +linux-azure (5.15.0-1057.65) jammy; urgency=medium + + * jammy/linux-azure: 5.15.0-1057.65 -proposed tracker (LP: #2052613) + + * CVE-2024-0565 + - smb: client: fix OOB in receive_encrypted_standard() + + [ Ubuntu: 5.15.0-97.107 ] + + * jammy/linux: 5.15.0-97.107 -proposed tracker (LP: #2052600) + * Packaging resync (LP: #1786013) + - [Packaging] update annotations scripts + * partproke is broken on empty loopback device (LP: #2049689) + - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() + * CVE-2023-51781 + - appletalk: Fix Use-After-Free in atalk_ioctl + * CVE-2023-51780 + - atm: Fix Use-After-Free in do_vcc_ioctl + * CVE-2023-6915 + - ida: Fix crash in ida_free when the bitmap is empty + * CVE-2024-0646 + - net: tls, update curr on splice as well + + -- Tim Gardner Fri, 09 Feb 2024 11:14:46 -0700 + linux-azure (5.15.0-1056.64) jammy; urgency=medium * jammy/linux-azure: 5.15.0-1056.64 -proposed tracker (LP: #2052545) diff -u linux-azure-5.15-5.15.0/debian.azure/tracking-bug linux-azure-5.15-5.15.0/debian.azure/tracking-bug --- linux-azure-5.15-5.15.0/debian.azure/tracking-bug +++ linux-azure-5.15-5.15.0/debian.azure/tracking-bug @@ -1 +1 @@ -2052545 2024.01.08-10 +2052613 s2024.01.08-2 diff -u linux-azure-5.15-5.15.0/debian.master/abi/abiname linux-azure-5.15-5.15.0/debian.master/abi/abiname --- linux-azure-5.15-5.15.0/debian.master/abi/abiname +++ linux-azure-5.15-5.15.0/debian.master/abi/abiname @@ -1 +1 @@ -93 +94 diff -u linux-azure-5.15-5.15.0/debian.master/abi/amd64/generic.modules linux-azure-5.15-5.15.0/debian.master/abi/amd64/generic.modules --- linux-azure-5.15-5.15.0/debian.master/abi/amd64/generic.modules +++ linux-azure-5.15-5.15.0/debian.master/abi/amd64/generic.modules @@ -1379,6 +1379,7 @@ f81232 f81534 f81601 +f81604 failover fakelb fam15h_power @@ -1604,6 +1605,7 @@ gpio-ljca gpio-lp3943 gpio-lp873x +gpio-m058ssan gpio-madera gpio-max3191x gpio-max7300 @@ -4169,6 +4171,7 @@ rtc-pcf50633 rtc-pcf85063 rtc-pcf8523 +rtc-pcf85263 rtc-pcf85363 rtc-pcf8563 rtc-pcf8583 diff -u linux-azure-5.15-5.15.0/debian.master/abi/version linux-azure-5.15-5.15.0/debian.master/abi/version --- linux-azure-5.15-5.15.0/debian.master/abi/version +++ linux-azure-5.15-5.15.0/debian.master/abi/version @@ -1 +1 @@ -5.15.0-93.103 +5.15.0-94.104 diff -u linux-azure-5.15-5.15.0/debian.master/changelog linux-azure-5.15-5.15.0/debian.master/changelog --- linux-azure-5.15-5.15.0/debian.master/changelog +++ linux-azure-5.15-5.15.0/debian.master/changelog @@ -1,3 +1,30 @@ +linux (5.15.0-97.107) jammy; urgency=medium + + * jammy/linux: 5.15.0-97.107 -proposed tracker (LP: #2052600) + + * Packaging resync (LP: #1786013) + - [Packaging] update annotations scripts + + * partproke is broken on empty loopback device (LP: #2049689) + - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() + + * CVE-2023-51781 + - appletalk: Fix Use-After-Free in atalk_ioctl + + * CVE-2023-51780 + - atm: Fix Use-After-Free in do_vcc_ioctl + + * CVE-2023-6915 + - ida: Fix crash in ida_free when the bitmap is empty + + * CVE-2024-0565 + - smb: client: fix OOB in receive_encrypted_standard() + + * CVE-2024-0646 + - net: tls, update curr on splice as well + + -- Manuel Diewald Wed, 07 Feb 2024 11:17:02 +0100 + linux (5.15.0-94.104) jammy; urgency=medium * jammy/linux: 5.15.0-94.104 -proposed tracker (LP: #2048777) diff -u linux-azure-5.15-5.15.0/debian.master/tracking-bug linux-azure-5.15-5.15.0/debian.master/tracking-bug --- linux-azure-5.15-5.15.0/debian.master/tracking-bug +++ linux-azure-5.15-5.15.0/debian.master/tracking-bug @@ -1 +1 @@ -2048777 2024.01.08-2 +2052600 s2024.01.08-2 diff -u linux-azure-5.15-5.15.0/debian/changelog linux-azure-5.15-5.15.0/debian/changelog --- linux-azure-5.15-5.15.0/debian/changelog +++ linux-azure-5.15-5.15.0/debian/changelog @@ -1,3 +1,29 @@ +linux-azure-5.15 (5.15.0-1057.65~20.04.1) focal; urgency=medium + + * focal/linux-azure-5.15: 5.15.0-1057.65~20.04.1 -proposed tracker + (LP: #2052226) + + [ Ubuntu: 5.15.0-1057.65 ] + + * jammy/linux-azure: 5.15.0-1057.65 -proposed tracker (LP: #2052613) + * CVE-2024-0565 + - smb: client: fix OOB in receive_encrypted_standard() + * jammy/linux: 5.15.0-97.107 -proposed tracker (LP: #2052600) + * Packaging resync (LP: #1786013) + - [Packaging] update annotations scripts + * partproke is broken on empty loopback device (LP: #2049689) + - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() + * CVE-2023-51781 + - appletalk: Fix Use-After-Free in atalk_ioctl + * CVE-2023-51780 + - atm: Fix Use-After-Free in do_vcc_ioctl + * CVE-2023-6915 + - ida: Fix crash in ida_free when the bitmap is empty + * CVE-2024-0646 + - net: tls, update curr on splice as well + + -- Kevin Becker Mon, 12 Feb 2024 10:36:00 -0500 + linux-azure-5.15 (5.15.0-1056.64~20.04.1) focal; urgency=medium * focal/linux-azure-5.15: 5.15.0-1056.64~20.04.1 -proposed tracker diff -u linux-azure-5.15-5.15.0/debian/control linux-azure-5.15-5.15.0/debian/control --- linux-azure-5.15-5.15.0/debian/control +++ linux-azure-5.15-5.15.0/debian/control @@ -56,7 +56,7 @@ XS-Testsuite: autopkgtest #XS-Testsuite-Depends: gcc-4.7 binutils -Package: linux-azure-5.15-headers-5.15.0-1056 +Package: linux-azure-5.15-headers-5.15.0-1057 Build-Profiles: Architecture: all Multi-Arch: foreign @@ -66,46 +66,46 @@ Description: Header files related to Linux kernel version 5.15.0 This package provides kernel header files for version 5.15.0, for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-azure-5.15-headers-5.15.0-1056/debian.README.gz for details + /usr/share/doc/linux-azure-5.15-headers-5.15.0-1057/debian.README.gz for details -Package: linux-azure-5.15-tools-5.15.0-1056 +Package: linux-azure-5.15-tools-5.15.0-1057 Build-Profiles: Architecture: amd64 arm64 Section: devel Priority: optional Depends: ${misc:Depends}, ${shlibs:Depends}, linux-tools-common -Description: Linux kernel version specific tools for version 5.15.0-1056 +Description: Linux kernel version specific tools for version 5.15.0-1057 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 5.15.0-1056 on + version 5.15.0-1057 on 64 bit x86. - You probably want to install linux-tools-5.15.0-1056-. + You probably want to install linux-tools-5.15.0-1057-. -Package: linux-azure-5.15-cloud-tools-5.15.0-1056 +Package: linux-azure-5.15-cloud-tools-5.15.0-1057 Build-Profiles: Architecture: amd64 arm64 Section: devel Priority: optional Depends: ${misc:Depends}, ${shlibs:Depends}, linux-cloud-tools-common -Description: Linux kernel version specific cloud tools for version 5.15.0-1056 +Description: Linux kernel version specific cloud tools for version 5.15.0-1057 This package provides the architecture dependant parts for kernel - version locked tools for cloud tools for version 5.15.0-1056 on + version locked tools for cloud tools for version 5.15.0-1057 on 64 bit x86. - You probably want to install linux-cloud-tools-5.15.0-1056-. + You probably want to install linux-cloud-tools-5.15.0-1057-. -Package: linux-image-unsigned-5.15.0-1056-azure +Package: linux-image-unsigned-5.15.0-1057-azure Build-Profiles: Architecture: amd64 arm64 Section: kernel Priority: optional Provides: linux-image, fuse-module, kvm-api-4, redhat-cluster-modules, ivtv-modules, virtualbox-guest-modules [amd64], ${linux:rprovides} -Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.15.0-1056-azure +Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.15.0-1057-azure Recommends: grub-pc [amd64] | grub-efi-amd64 [amd64] | grub-efi-ia32 [amd64] | grub [amd64] | flash-kernel [arm64] | grub-efi-arm64 [arm64] Breaks: flash-kernel (<< 3.0~rc.4ubuntu64) [arm64] -Conflicts: linux-image-5.15.0-1056-azure -Suggests: fdutils, linux-azure-5.15-doc-5.15.0 | linux-azure-5.15-source-5.15.0, linux-azure-5.15-tools, linux-headers-5.15.0-1056-azure, initramfs-tools | linux-initramfs-tool +Conflicts: linux-image-5.15.0-1057-azure +Suggests: fdutils, linux-azure-5.15-doc-5.15.0 | linux-azure-5.15-source-5.15.0, linux-azure-5.15-tools, linux-headers-5.15.0-1057-azure, initramfs-tools | linux-initramfs-tool Description: Linux kernel image for version 5.15.0 on 64 bit x86 SMP This package contains the unsigned Linux kernel image for version 5.15.0 on 64 bit x86 SMP. @@ -118,7 +118,7 @@ the linux-azure meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-5.15.0-1056-azure +Package: linux-modules-5.15.0-1057-azure Build-Profiles: Architecture: amd64 arm64 Section: kernel @@ -138,12 +138,12 @@ the linux-azure meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-extra-5.15.0-1056-azure +Package: linux-modules-extra-5.15.0-1057-azure Build-Profiles: Architecture: amd64 arm64 Section: kernel Priority: optional -Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.15.0-1056-azure | linux-image-unsigned-5.15.0-1056-azure, crda | wireless-crda +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.15.0-1057-azure | linux-image-unsigned-5.15.0-1057-azure, crda | wireless-crda Description: Linux kernel extra modules for version 5.15.0 on 64 bit x86 SMP This package contains the Linux kernel extra modules for version 5.15.0 on 64 bit x86 SMP. @@ -160,21 +160,21 @@ the linux-azure meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-headers-5.15.0-1056-azure +Package: linux-headers-5.15.0-1057-azure Build-Profiles: Architecture: amd64 arm64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-azure-5.15-headers-5.15.0-1056, ${shlibs:Depends} +Depends: ${misc:Depends}, linux-azure-5.15-headers-5.15.0-1057, ${shlibs:Depends} Provides: linux-headers, linux-headers-3.0 Description: Linux kernel headers for version 5.15.0 on 64 bit x86 SMP This package provides kernel header files for version 5.15.0 on 64 bit x86 SMP. . This is for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-headers-5.15.0-1056/debian.README.gz for details. + /usr/share/doc/linux-headers-5.15.0-1057/debian.README.gz for details. -Package: linux-image-unsigned-5.15.0-1056-azure-dbgsym +Package: linux-image-unsigned-5.15.0-1057-azure-dbgsym Build-Profiles: Architecture: amd64 arm64 Section: devel @@ -191,27 +191,27 @@ is uncompressed, and unstripped. This package also includes the unstripped modules. -Package: linux-tools-5.15.0-1056-azure +Package: linux-tools-5.15.0-1057-azure Build-Profiles: Architecture: amd64 arm64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-azure-5.15-tools-5.15.0-1056 -Description: Linux kernel version specific tools for version 5.15.0-1056 +Depends: ${misc:Depends}, linux-azure-5.15-tools-5.15.0-1057 +Description: Linux kernel version specific tools for version 5.15.0-1057 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 5.15.0-1056 on + version 5.15.0-1057 on 64 bit x86. -Package: linux-cloud-tools-5.15.0-1056-azure +Package: linux-cloud-tools-5.15.0-1057-azure Build-Profiles: Architecture: amd64 arm64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-azure-5.15-cloud-tools-5.15.0-1056 -Description: Linux kernel version specific cloud tools for version 5.15.0-1056 +Depends: ${misc:Depends}, linux-azure-5.15-cloud-tools-5.15.0-1057 +Description: Linux kernel version specific cloud tools for version 5.15.0-1057 This package provides the architecture dependant parts for kernel - version locked tools for cloud for version 5.15.0-1056 on + version locked tools for cloud for version 5.15.0-1057 on 64 bit x86. Package: linux-udebs-azure @@ -225,7 +225,7 @@ for easier version and migration tracking. -Package: linux-buildinfo-5.15.0-1056-azure +Package: linux-buildinfo-5.15.0-1057-azure Build-Profiles: Architecture: amd64 arm64 Section: kernel @@ -239,18 +239,18 @@ You likely do not want to install this package. -Package: linux-modules-iwlwifi-5.15.0-1056-azure +Package: linux-modules-iwlwifi-5.15.0-1057-azure Build-Profiles: Architecture: amd64 arm64 Section: kernel Priority: optional Depends: ${misc:Depends}, - linux-image-5.15.0-1056-azure | linux-image-unsigned-5.15.0-1056-azure, + linux-image-5.15.0-1057-azure | linux-image-unsigned-5.15.0-1057-azure, Built-Using: ${linux:BuiltUsing} -Description: Linux kernel iwlwifi modules for version 5.15.0-1056 +Description: Linux kernel iwlwifi modules for version 5.15.0-1057 This package provides the Linux kernel iwlwifi modules for version - 5.15.0-1056. + 5.15.0-1057. . You likely do not want to install this package directly. Instead, install the one of the linux-modules-iwlwifi-azure* meta-packages, diff -u linux-azure-5.15-5.15.0/debian/scripts/misc/kconfig/annotations.py linux-azure-5.15-5.15.0/debian/scripts/misc/kconfig/annotations.py --- linux-azure-5.15-5.15.0/debian/scripts/misc/kconfig/annotations.py +++ linux-azure-5.15-5.15.0/debian/scripts/misc/kconfig/annotations.py @@ -110,13 +110,22 @@ m = re.match(r".* policy<(.*?)>", line) if m: match = True - try: - entry["policy"] |= literal_eval(m.group(1)) - except TypeError: - entry["policy"] = { - **entry["policy"], - **literal_eval(m.group(1)), - } + # Update the previous entry considering potential overrides: + # - if the new entry is adding a rule for a new + # arch/flavour, simply add that + # - if the new entry is overriding a previous + # arch-flavour item, then overwrite that item + # - if the new entry is overriding a whole arch, then + # remove all the previous flavour rules of that arch + new_entry = literal_eval(m.group(1)) + for key in new_entry: + if key in self.arch: + for flavour_key in list(entry["policy"].keys()): + if flavour_key.startswith(key): + del entry["policy"][flavour_key] + entry["policy"][key] = new_entry[key] + else: + entry["policy"][key] = new_entry[key] m = re.match(r".* note<(.*?)>", line) if m: diff -u linux-azure-5.15-5.15.0/fs/cifs/smb2ops.c linux-azure-5.15-5.15.0/fs/cifs/smb2ops.c --- linux-azure-5.15-5.15.0/fs/cifs/smb2ops.c +++ linux-azure-5.15-5.15.0/fs/cifs/smb2ops.c @@ -5050,6 +5050,7 @@ struct smb2_hdr *shdr; unsigned int pdu_length = server->pdu_size; unsigned int buf_size; + unsigned int next_cmd; struct mid_q_entry *mid_entry; int next_is_large; char *next_buffer = NULL; @@ -5078,14 +5079,15 @@ next_is_large = server->large_buf; one_more: shdr = (struct smb2_hdr *)buf; - if (shdr->NextCommand) { + next_cmd = le32_to_cpu(shdr->NextCommand); + if (next_cmd) { + if (WARN_ON_ONCE(next_cmd > pdu_length)) + return -1; if (next_is_large) next_buffer = (char *)cifs_buf_get(); else next_buffer = (char *)cifs_small_buf_get(); - memcpy(next_buffer, - buf + le32_to_cpu(shdr->NextCommand), - pdu_length - le32_to_cpu(shdr->NextCommand)); + memcpy(next_buffer, buf + next_cmd, pdu_length - next_cmd); } mid_entry = smb2_find_mid(server, buf); @@ -5109,8 +5111,8 @@ else ret = cifs_handle_standard(server, mid_entry); - if (ret == 0 && shdr->NextCommand) { - pdu_length -= le32_to_cpu(shdr->NextCommand); + if (ret == 0 && next_cmd) { + pdu_length -= next_cmd; server->large_buf = next_is_large; if (next_is_large) server->bigbuf = buf = next_buffer; diff -u linux-azure-5.15-5.15.0/lib/idr.c linux-azure-5.15-5.15.0/lib/idr.c --- linux-azure-5.15-5.15.0/lib/idr.c +++ linux-azure-5.15-5.15.0/lib/idr.c @@ -508,7 +508,7 @@ goto delete; xas_store(&xas, xa_mk_value(v)); } else { - if (!test_bit(bit, bitmap->bitmap)) + if (!bitmap || !test_bit(bit, bitmap->bitmap)) goto err; __clear_bit(bit, bitmap->bitmap); xas_set_mark(&xas, XA_FREE_MARK); diff -u linux-azure-5.15-5.15.0/net/tls/tls_sw.c linux-azure-5.15-5.15.0/net/tls/tls_sw.c --- linux-azure-5.15-5.15.0/net/tls/tls_sw.c +++ linux-azure-5.15-5.15.0/net/tls/tls_sw.c @@ -1216,6 +1216,8 @@ } sk_msg_page_add(msg_pl, page, copy, offset); + msg_pl->sg.copybreak = 0; + msg_pl->sg.curr = msg_pl->sg.end; sk_mem_charge(sk, copy); offset += copy; only in patch2: unchanged: --- linux-azure-5.15-5.15.0.orig/lib/test_ida.c +++ linux-azure-5.15-5.15.0/lib/test_ida.c @@ -150,6 +150,45 @@ IDA_BUG_ON(ida, !ida_is_empty(ida)); } +/* + * Check various situations where we attempt to free an ID we don't own. + */ +static void ida_check_bad_free(struct ida *ida) +{ + unsigned long i; + + printk("vvv Ignore \"not allocated\" warnings\n"); + /* IDA is empty; all of these will fail */ + ida_free(ida, 0); + for (i = 0; i < 31; i++) + ida_free(ida, 1 << i); + + /* IDA contains a single value entry */ + IDA_BUG_ON(ida, ida_alloc_min(ida, 3, GFP_KERNEL) != 3); + ida_free(ida, 0); + for (i = 0; i < 31; i++) + ida_free(ida, 1 << i); + + /* IDA contains a single bitmap */ + IDA_BUG_ON(ida, ida_alloc_min(ida, 1023, GFP_KERNEL) != 1023); + ida_free(ida, 0); + for (i = 0; i < 31; i++) + ida_free(ida, 1 << i); + + /* IDA contains a tree */ + IDA_BUG_ON(ida, ida_alloc_min(ida, (1 << 20) - 1, GFP_KERNEL) != (1 << 20) - 1); + ida_free(ida, 0); + for (i = 0; i < 31; i++) + ida_free(ida, 1 << i); + printk("^^^ \"not allocated\" warnings over\n"); + + ida_free(ida, 3); + ida_free(ida, 1023); + ida_free(ida, (1 << 20) - 1); + + IDA_BUG_ON(ida, !ida_is_empty(ida)); +} + static DEFINE_IDA(ida); static int ida_checks(void) @@ -162,6 +201,7 @@ ida_check_leaf(&ida, 1024 * 64); ida_check_max(&ida); ida_check_conv(&ida); + ida_check_bad_free(&ida); printk("IDA: %u of %u tests passed\n", tests_passed, tests_run); return (tests_run != tests_passed) ? 0 : -EINVAL; only in patch2: unchanged: --- linux-azure-5.15-5.15.0.orig/net/appletalk/ddp.c +++ linux-azure-5.15-5.15.0/net/appletalk/ddp.c @@ -1812,15 +1812,14 @@ break; } case TIOCINQ: { - /* - * These two are safe on a single CPU system as only - * user tasks fiddle here - */ - struct sk_buff *skb = skb_peek(&sk->sk_receive_queue); + struct sk_buff *skb; long amount = 0; + spin_lock_irq(&sk->sk_receive_queue.lock); + skb = skb_peek(&sk->sk_receive_queue); if (skb) amount = skb->len - sizeof(struct ddpehdr); + spin_unlock_irq(&sk->sk_receive_queue.lock); rc = put_user(amount, (int __user *)argp); break; } only in patch2: unchanged: --- linux-azure-5.15-5.15.0.orig/net/atm/ioctl.c +++ linux-azure-5.15-5.15.0/net/atm/ioctl.c @@ -73,14 +73,17 @@ case SIOCINQ: { struct sk_buff *skb; + int amount; if (sock->state != SS_CONNECTED) { error = -EINVAL; goto done; } + spin_lock_irq(&sk->sk_receive_queue.lock); skb = skb_peek(&sk->sk_receive_queue); - error = put_user(skb ? skb->len : 0, - (int __user *)argp) ? -EFAULT : 0; + amount = skb ? skb->len : 0; + spin_unlock_irq(&sk->sk_receive_queue.lock); + error = put_user(amount, (int __user *)argp) ? -EFAULT : 0; goto done; } case ATM_SETSC: