From: Cho, Yu-Chen <acho@suse.com>
Subject: Fix kABI breakage by nl80211 security fix
Patch-mainline: Never, kABI fix
References: bsc#1152107 CVE-2019-16746
- The recent fix for nl80211 driver for a security issue
0001-net-ipv4-Add-extack-messages-for-route-add-failures.patch
0002-netlink-Return-extack-message-if-attribute-validatio.patch
0003-netlink-add-NLA_REJECT-policy-type.patch
0004-netlink-move-extack-setting-into-validate_nla.patch
0005-netlink-allow-NLA_NESTED-to-specify-nested-policy-to.patch
0006-netlink-add-nested-array-policy-validation.patch
0007-netlink-make-validation_data-const.patch
0008-netlink-add-attribute-range-validation-to-policy.patch
0009-netlink-replace-__NLA_ENSURE-implementation.patch
0010-netlink-add-validation-function-to-policy.patch
0011-nl80211-validate-beacon-head.patch
which break kABI.
- Fix by restoring the old firmware struct with kABI markers.
- Add kABI markers for validate_nla_bitfield32
Acked-by: Cho, Yu-Chen <acho@suse.com>
---
include/net/netlink.h | 21 ++++++++++++++++++---
lib/nlattr.c | 12 ++++++++++++
2 files changed, 30 insertions(+), 3 deletions(-)
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -171,7 +171,6 @@ enum {
NLA_FLAG,
NLA_MSECS,
NLA_NESTED,
- NLA_NESTED_ARRAY,
NLA_NESTED_COMPAT,
NLA_NUL_STRING,
NLA_BINARY,
@@ -180,7 +179,10 @@ enum {
NLA_S32,
NLA_S64,
NLA_BITFIELD32,
+#ifndef __GENKSYMS__
NLA_REJECT,
+ NLA_NESTED_ARRAY,
+#endif
__NLA_TYPE_MAX,
};
@@ -281,9 +283,21 @@ enum nla_policy_validation {
* };
*/
struct nla_policy {
- u8 type;
- u8 validation_type;
+#ifdef __GENKSYMS__
+ u16 type;
+#else
+#ifdef __BIG_ENDIAN
+ u8 validation_type;
+ u8 type;
+#else
+ u8 type;
+ u8 validation_type;
+#endif
+#endif
u16 len;
+#ifdef __GENKSYMS__
+ void *validation_data;
+#else
union {
const void *validation_data;
struct {
@@ -292,6 +306,7 @@ struct nla_policy {
int (*validate)(const struct nlattr *attr,
struct netlink_ext_ack *extack);
};
+#endif
};
#define NLA_POLICY_NESTED(maxattr, policy) \
--- a/lib/nlattr.c
+++ b/lib/nlattr.c
@@ -27,13 +27,25 @@ static const u8 nla_attr_minlen[NLA_TYPE
[NLA_S64] = sizeof(s64),
};
+#ifdef __GENKSYMS__
+static int validate_nla_bitfield32(const struct nlattr *nla,
+ u32 *valid_flags_allowed)
+#else
static int validate_nla_bitfield32(const struct nlattr *nla,
const u32 *valid_flags_mask)
+#endif
{
const struct nla_bitfield32 *bf = nla_data(nla);
+#ifdef __GENKSYMS__
+ u32 *valid_flags_mask = valid_flags_allowed;
+
+ if (!valid_flags_allowed)
+ return -EINVAL;
+#else
if (!valid_flags_mask)
return -EINVAL;
+#endif
/*disallow invalid bit selector */
if (bf->selector & ~*valid_flags_mask)