From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1366617-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id C36C115808B
	for <garchives@archives.gentoo.org>; Fri, 11 Feb 2022 12:38:43 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1D7B6E0857;
	Fri, 11 Feb 2022 12:38:43 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id E9A67E0857
	for <gentoo-commits@lists.gentoo.org>; Fri, 11 Feb 2022 12:38:42 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 2D3BD3431AE
	for <gentoo-commits@lists.gentoo.org>; Fri, 11 Feb 2022 12:38:42 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id C4F33250
	for <gentoo-commits@lists.gentoo.org>; Fri, 11 Feb 2022 12:38:40 +0000 (UTC)
From: "Mike Pagano" <mpagano@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Mike Pagano" <mpagano@gentoo.org>
Message-ID: <1644583109.3b1ab4c6f6d8f4575f59f5bd68df669031dbbc85.mpagano@gentoo>
Subject: [gentoo-commits] proj/linux-patches:4.9 commit in: /
X-VCS-Repository: proj/linux-patches
X-VCS-Files: 0000_README 1300_linux-4.9.301.patch
X-VCS-Directories: /
X-VCS-Committer: mpagano
X-VCS-Committer-Name: Mike Pagano
X-VCS-Revision: 3b1ab4c6f6d8f4575f59f5bd68df669031dbbc85
X-VCS-Branch: 4.9
Date: Fri, 11 Feb 2022 12:38:40 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 9e0f7eb7-9eda-4832-b911-13926d2f9792
X-Archives-Hash: e8732541157883c4f03e2a2b41b4480e

commit:     3b1ab4c6f6d8f4575f59f5bd68df669031dbbc85
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 11 12:38:29 2022 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Fri Feb 11 12:38:29 2022 +0000
URL:        https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=3b1ab4c6

Linux patch 4.9.301

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 0000_README              |   4 ++
 1300_linux-4.9.301.patch | 122 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 126 insertions(+)

diff --git a/0000_README b/0000_README
index ca366421..27337b1d 100644
--- a/0000_README
+++ b/0000_README
@@ -1243,6 +1243,10 @@ Patch:  1299_linux-4.9.300.patch
 From:   http://www.kernel.org
 Desc:   Linux 4.9.300
 
+Patch:  1300_linux-4.9.301.patch
+From:   http://www.kernel.org
+Desc:   Linux 4.9.301
+
 Patch:  1500_XATTR_USER_PREFIX.patch
 From:   https://bugs.gentoo.org/show_bug.cgi?id=470644
 Desc:   Support for namespace user.pax.* on tmpfs.

diff --git a/1300_linux-4.9.301.patch b/1300_linux-4.9.301.patch
new file mode 100644
index 00000000..964b2d7a
--- /dev/null
+++ b/1300_linux-4.9.301.patch
@@ -0,0 +1,122 @@
+diff --git a/Makefile b/Makefile
+index 52e73f525a442..776408b6c56e7 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 4
+ PATCHLEVEL = 9
+-SUBLEVEL = 300
++SUBLEVEL = 301
+ EXTRAVERSION =
+ NAME = Roaring Lionus
+ 
+diff --git a/drivers/mmc/host/moxart-mmc.c b/drivers/mmc/host/moxart-mmc.c
+index 41a5493cb68d8..a5b03fb7656d1 100644
+--- a/drivers/mmc/host/moxart-mmc.c
++++ b/drivers/mmc/host/moxart-mmc.c
+@@ -698,12 +698,12 @@ static int moxart_remove(struct platform_device *pdev)
+ 		if (!IS_ERR(host->dma_chan_rx))
+ 			dma_release_channel(host->dma_chan_rx);
+ 		mmc_remove_host(mmc);
+-		mmc_free_host(mmc);
+ 
+ 		writel(0, host->base + REG_INTERRUPT_MASK);
+ 		writel(0, host->base + REG_POWER_CONTROL);
+ 		writel(readl(host->base + REG_CLOCK_CONTROL) | CLK_OFF,
+ 		       host->base + REG_CLOCK_CONTROL);
++		mmc_free_host(mmc);
+ 	}
+ 	return 0;
+ }
+diff --git a/kernel/cgroup.c b/kernel/cgroup.c
+index 248b0bf5d6795..5702419c9f300 100644
+--- a/kernel/cgroup.c
++++ b/kernel/cgroup.c
+@@ -1854,6 +1854,7 @@ static int cgroup_remount(struct kernfs_root *kf_root, int *flags, char *data)
+ {
+ 	int ret = 0;
+ 	struct cgroup_root *root = cgroup_root_from_kf(kf_root);
++	struct cgroup_namespace *ns = current->nsproxy->cgroup_ns;
+ 	struct cgroup_sb_opts opts;
+ 	u16 added_mask, removed_mask;
+ 
+@@ -1873,6 +1874,13 @@ static int cgroup_remount(struct kernfs_root *kf_root, int *flags, char *data)
+ 		pr_warn("option changes via remount are deprecated (pid=%d comm=%s)\n",
+ 			task_tgid_nr(current), current->comm);
+ 
++	/* See cgroup_mount release_agent handling */
++	if (opts.release_agent &&
++	    ((ns->user_ns != &init_user_ns) || !capable(CAP_SYS_ADMIN))) {
++		ret = -EINVAL;
++		goto out_unlock;
++	}
++
+ 	added_mask = opts.subsys_mask & ~root->subsys_mask;
+ 	removed_mask = root->subsys_mask & ~opts.subsys_mask;
+ 
+@@ -2248,6 +2256,16 @@ static struct dentry *cgroup_mount(struct file_system_type *fs_type,
+ 		goto out_unlock;
+ 	}
+ 
++	/*
++	 * Release agent gets called with all capabilities,
++	 * require capabilities to set release agent.
++	 */
++	if (opts.release_agent &&
++	    ((ns->user_ns != &init_user_ns) || !capable(CAP_SYS_ADMIN))) {
++		ret = -EINVAL;
++		goto out_unlock;
++	}
++
+ 	root = kzalloc(sizeof(*root), GFP_KERNEL);
+ 	if (!root) {
+ 		ret = -ENOMEM;
+@@ -3026,6 +3044,14 @@ static ssize_t cgroup_release_agent_write(struct kernfs_open_file *of,
+ 
+ 	BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX);
+ 
++	/*
++	 * Release agent gets called with all capabilities,
++	 * require capabilities to set release agent.
++	 */
++	if ((of->file->f_cred->user_ns != &init_user_ns) ||
++	    !capable(CAP_SYS_ADMIN))
++		return -EPERM;
++
+ 	cgrp = cgroup_kn_lock_live(of->kn, false);
+ 	if (!cgrp)
+ 		return -ENODEV;
+diff --git a/net/tipc/link.c b/net/tipc/link.c
+index 6fc2fa75503d2..2c1350e811e2e 100644
+--- a/net/tipc/link.c
++++ b/net/tipc/link.c
+@@ -1441,12 +1441,15 @@ static int tipc_link_proto_rcv(struct tipc_link *l, struct sk_buff *skb,
+ 	u16 peers_tol = msg_link_tolerance(hdr);
+ 	u16 peers_prio = msg_linkprio(hdr);
+ 	u16 rcv_nxt = l->rcv_nxt;
+-	u16 dlen = msg_data_sz(hdr);
++	u32 dlen = msg_data_sz(hdr);
+ 	int mtyp = msg_type(hdr);
+ 	void *data;
+ 	char *if_name;
+ 	int rc = 0;
+ 
++	if (dlen > U16_MAX)
++		goto exit;
++
+ 	if (tipc_link_is_blocked(l) || !xmitq)
+ 		goto exit;
+ 
+diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c
+index 0fcfb3916dcf2..e1f4538b16532 100644
+--- a/net/tipc/monitor.c
++++ b/net/tipc/monitor.c
+@@ -457,6 +457,8 @@ void tipc_mon_rcv(struct net *net, void *data, u16 dlen, u32 addr,
+ 	state->probing = false;
+ 
+ 	/* Sanity check received domain record */
++	if (new_member_cnt > MAX_MON_DOMAIN)
++		return;
+ 	if (dlen < dom_rec_len(arrv_dom, 0))
+ 		return;
+ 	if (dlen != dom_rec_len(arrv_dom, new_member_cnt))