Unverified Commit 9797af6e authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!593 Backport CVEs and bugfixes 

Merge Pull Request from: @zhangjialin11 
 
Pull new CVEs:
CVE-2023-1829
CVE-2022-36280
CVE-2022-1015
CVE-2023-1989
CVE-2023-30456
CVE-2023-1990

xfs bugfixes from Long Li and yangerkun 
 
Link:https://gitee.com/openeuler/kernel/pulls/593

 

Reviewed-by: default avatarXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: default avatarXie XiuQi <xiexiuqi@huawei.com>
parents be633dee df0a6fcf

Documentation/admin-guide/xfs.rst

+1 −1
Original line number Diff line number Diff line
@@ -296,7 +296,7 @@ The following sysctls are available for the XFS filesystem: 
		XFS_ERRLEVEL_LOW:       1

		XFS_ERRLEVEL_HIGH:      5



  fs.xfs.panic_mask		(Min: 0  Default: 0  Max: 256)

  fs.xfs.panic_mask		(Min: 0  Default: 0  Max: 511)

	Causes certain error conditions to call BUG(). Value is a bitmask;

	OR together the tags which represent errors which should cause panics:

arch/x86/kvm/vmx/nested.c

+8 −2
Original line number Diff line number Diff line
@@ -2995,7 +2995,7 @@ static int nested_vmx_check_guest_state(struct kvm_vcpu *vcpu, 
					struct vmcs12 *vmcs12,

					enum vm_entry_failure_code *entry_failure_code)

{

	bool ia32e;

	bool ia32e = !!(vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE);



	*entry_failure_code = ENTRY_FAIL_DEFAULT;
@@ -3021,6 +3021,13 @@ static int nested_vmx_check_guest_state(struct kvm_vcpu *vcpu, 
					   vmcs12->guest_ia32_perf_global_ctrl)))

		return -EINVAL;



	if (CC((vmcs12->guest_cr0 & (X86_CR0_PG | X86_CR0_PE)) == X86_CR0_PG))

		return -EINVAL;



	if (CC(ia32e && !(vmcs12->guest_cr4 & X86_CR4_PAE)) ||

	    CC(ia32e && !(vmcs12->guest_cr0 & X86_CR0_PG)))

		return -EINVAL;



	/*

	 * If the load IA32_EFER VM-entry control is 1, the following checks

	 * are performed on the field for the IA32_EFER MSR:
@@ -3032,7 +3039,6 @@ static int nested_vmx_check_guest_state(struct kvm_vcpu *vcpu, 
	 */

	if (to_vmx(vcpu)->nested.nested_run_pending &&

	    (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_EFER)) {

		ia32e = (vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) != 0;

		if (CC(!kvm_valid_efer(vcpu, vmcs12->guest_ia32_efer)) ||

		    CC(ia32e != !!(vmcs12->guest_ia32_efer & EFER_LMA)) ||

		    CC(((vmcs12->guest_cr0 & X86_CR0_PG) &&

drivers/bluetooth/btsdio.c

+1 −0
Original line number Diff line number Diff line
@@ -355,6 +355,7 @@ static void btsdio_remove(struct sdio_func *func) 
	if (!data)

		return;



	cancel_work_sync(&data->work);

	hdev = data->hdev;



	sdio_set_drvdata(func, NULL);

drivers/gpu/drm/vmwgfx/vmwgfx_kms.c

+2 −1
Original line number Diff line number Diff line
@@ -182,7 +182,8 @@ void vmw_kms_cursor_snoop(struct vmw_surface *srf, 
	if (cmd->dma.guest.ptr.offset % PAGE_SIZE ||

	    box->x != 0    || box->y != 0    || box->z != 0    ||

	    box->srcx != 0 || box->srcy != 0 || box->srcz != 0 ||

	    box->d != 1    || box_count != 1) {

	    box->d != 1    || box_count != 1 ||

	    box->w > 64 || box->h > 64) {

		/* TODO handle none page aligned offsets */

		/* TODO handle more dst & src != 0 */

		/* TODO handle more then one copy */

drivers/nfc/st-nci/ndlc.c

+4 −2
Original line number Diff line number Diff line
@@ -286,13 +286,15 @@ EXPORT_SYMBOL(ndlc_probe); 


void ndlc_remove(struct llt_ndlc *ndlc)

{

	st_nci_remove(ndlc->ndev);



	/* cancel timers */

	del_timer_sync(&ndlc->t1_timer);

	del_timer_sync(&ndlc->t2_timer);

	ndlc->t2_active = false;

	ndlc->t1_active = false;

	/* cancel work */

	cancel_work_sync(&ndlc->sm_work);



	st_nci_remove(ndlc->ndev);



	skb_queue_purge(&ndlc->rcv_q);

	skb_queue_purge(&ndlc->send_q);