This reverts commit de4a78d3b642e5504b28e901b07eb4da6784dd3d.
The original intent behind Lockdown's SysRq support was that the SysRq
command to lift Lockdown would only be honored if the command was
physically entered on a keyboard. Attempts to synthetically generate the
SysRq command, by a software program, were to be ignored since software,
even running as root, must not have the authorization to lift Lockdown.
Unfortunately, attempts to detect a synthetic SysRq command can be
thwarted by a privileged process that is able to set up a USB/IP
connection as the USB/IP connection could be used to lift Lockdown.
Remove the ability to lift Lockdown using SysRq.
Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Sultan Alsawaf <email address hidden>
Signed-off-by: Paolo Pisati <email address hidden>
On all Dell laptops with screens and chipsets that support PSR, both
PSR1 and PSR2 cause flickering and graphical glitches. Many laptops
don't support PSR so it isn't known if PSR works correctly on any
consumer hardware. PSR was enabled by default in 5.0 for capable
hardware, so this patch just restores the previous functionality of PSR
being disabled by default.
Signed-off-by: Sultan Alsawaf <email address hidden>
Acked-by: Andrea Righi <email address hidden>
Acked-by: Kamal Mostafa <email address hidden>
Signed-off-by: Paolo Pisati <email address hidden>
7147dd2...
by
Greg Kroah-Hartman <email address hidden>
commit bda0be7ad994 ("security: make inode_follow_link RCU-walk aware")
passed down the rcu flag to the SELinux AVC, but failed to adjust the
test in slow_avc_audit() to also return -ECHILD on LSM_AUDIT_DATA_DENTRY.
Previously, we only returned -ECHILD if generating an audit record with
LSM_AUDIT_DATA_INODE since this was only relevant from inode_permission.
Move the handling of MAY_NOT_BLOCK to avc_audit() and its inlined
equivalent in selinux_inode_permission() immediately after we determine
that audit is required, and always fall back to ref-walk in this case.
Fixes: bda0be7ad994 ("security: make inode_follow_link RCU-walk aware")
Reported-by: Will Deacon <email address hidden>
Suggested-by: Al Viro <email address hidden>
Signed-off-by: Stephen Smalley <email address hidden>
Signed-off-by: Paul Moore <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Paolo Pisati <email address hidden>
4abb4d0...
by
Nicolai Stange <email address hidden>
libertas: make lbs_ibss_join_existing() return error code on rates overflow
Commit e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss
descriptor") introduced a bounds check on the number of supplied rates to
lbs_ibss_join_existing() and made it to return on overflow.
However, the aforementioned commit doesn't set the return value accordingly
and thus, lbs_ibss_join_existing() would return with zero even though it
failed.
Make lbs_ibss_join_existing return -EINVAL in case the bounds check on the
number of supplied rates fails.
Fixes: e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss descriptor")
Signed-off-by: Nicolai Stange <email address hidden>
Signed-off-by: Kalle Valo <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Paolo Pisati <email address hidden>
6990dd3...
by
Nicolai Stange <email address hidden>
libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held
Commit e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss
descriptor") introduced a bounds check on the number of supplied rates to
lbs_ibss_join_existing().
Unfortunately, it introduced a return path from within a RCU read side
critical section without a corresponding rcu_read_unlock(). Fix this.
Fixes: e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss descriptor")
Signed-off-by: Nicolai Stange <email address hidden>
Signed-off-by: Kalle Valo <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Paolo Pisati <email address hidden>
mwifiex_cmd_append_vsie_tlv() calls memcpy() without checking
the destination size may trigger a buffer overflower,
which a local user could use to cause denial of service
or the execution of arbitrary code.
Fix it by putting the length check before calling memcpy().
Signed-off-by: Qing Xu <email address hidden>
Signed-off-by: Kalle Valo <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Paolo Pisati <email address hidden>