From e0a359364ade8ca5231673c0132d090304ff589b Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Thu, 16 Jan 2025 23:26:36 +0100 Subject: [PATCH 1/2] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm jira VULN-8772 cve CVE-2022-42896 commit-author Luiz Augusto von Dentz commit f937b758a188d6fd328a81367087eddbb2fce50f l2cap_global_chan_by_psm shall not return fixed channels as they are not meant to be connected by (S)PSM. Signed-off-by: Luiz Augusto von Dentz Reviewed-by: Tedd Ho-Jeong An (cherry picked from commit f937b758a188d6fd328a81367087eddbb2fce50f) Signed-off-by: Brett Mastbergen --- net/bluetooth/l2cap_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index e1bea969f94b5..8ee8cf0e96338 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -1960,7 +1960,7 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, if (link_type == LE_LINK && c->src_type == BDADDR_BREDR) continue; - if (c->psm == psm) { + if (c->chan_type != L2CAP_CHAN_FIXED && c->psm == psm) { int src_match, dst_match; int src_any, dst_any; From ff4b1559581ba4fe751e39fc33e3db818e24aacc Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Tue, 14 Jan 2025 12:19:54 -0500 Subject: [PATCH 2/2] github actions: Make builds on Merge Request Since we need to make sure external contributors code actually compiles prior to merging. To get access to the forked repos merge request we need to switch over our push to pull_request. In addition we're fixing up some Naming Conventions, adding aarch64 to this branch and fixing the naming so that we can quickly identify if the CI is for x86_64. Also disable the process-pull-request until the `utf-8` situation is resolved. --- ...heck_x86_64.yml => build-check_x86_64.yml} | 7 ++- .github/workflows/github-actions-demo.yml | 26 --------- .github/workflows/process-pull-request.yml | 55 ------------------- .github/workflows/push-check_aarch64.yml | 33 ----------- 4 files changed, 4 insertions(+), 117 deletions(-) rename .github/workflows/{push-check_x86_64.yml => build-check_x86_64.yml} (87%) delete mode 100644 .github/workflows/github-actions-demo.yml delete mode 100644 .github/workflows/process-pull-request.yml delete mode 100644 .github/workflows/push-check_aarch64.yml diff --git a/.github/workflows/push-check_x86_64.yml b/.github/workflows/build-check_x86_64.yml similarity index 87% rename from .github/workflows/push-check_x86_64.yml rename to .github/workflows/build-check_x86_64.yml index 2aa1eb2ed4f18..a1d16685ec22a 100644 --- a/.github/workflows/push-check_x86_64.yml +++ b/.github/workflows/build-check_x86_64.yml @@ -1,6 +1,6 @@ -name: CI +name: x86_64 CI on: - push: + pull_request: branches: - '**' - '!mainline' @@ -24,10 +24,11 @@ jobs: - name: Checkout code uses: actions/checkout@v4 with: + ref: "${{ github.event.pull_request.head.sha }}" fetch-depth: 0 - name: Build the Kernel run: | - git config --global --add safe.directory /__w/kernel-src-git/kernel-src-git + git config --global --add safe.directory /__w/kernel-src-tree/kernel-src-tree cp configs/kernel-4.18.0-x86_64.config .config make olddefconfig make -j8 diff --git a/.github/workflows/github-actions-demo.yml b/.github/workflows/github-actions-demo.yml deleted file mode 100644 index de3dbc4d34b9b..0000000000000 --- a/.github/workflows/github-actions-demo.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: GitHub Actions Sanity Check -run-name: ${{ github.actor }} is running actions - this runs as a sanity check 🚀 -on: - push: - branches: - - '**' - - '!mainline' - -jobs: - Explore-GitHub-Actions: - runs-on: ubuntu-latest - steps: - - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." - - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!" - - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." - - name: Check out repository code - uses: actions/checkout@v4 - - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." - - run: echo "🖥️ The workflow is now ready to test your code on the runner." - - name: List files in the repository - run: | - ls ${{ github.workspace }} - df . - df / - pwd - - run: echo "🍏 This job's status is ${{ job.status }}." diff --git a/.github/workflows/process-pull-request.yml b/.github/workflows/process-pull-request.yml deleted file mode 100644 index a4f9f43fa425e..0000000000000 --- a/.github/workflows/process-pull-request.yml +++ /dev/null @@ -1,55 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -name: Pull Request Checker - -on: - pull_request: - branches: - - '**' - - '!mainline' - -permissions: - contents: read - -jobs: - test: - - runs-on: - labels: kernel-build - strategy: - matrix: - ruby-version: ['3.0'] - - steps: - - uses: actions/checkout@v4 - - name: Set up Ruby - # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby, - # change this to (see https://github.com/ruby/setup-ruby#versioning): - uses: ruby/setup-ruby@v1 - # uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 - with: - ruby-version: ${{ matrix.ruby-version }} - bundler-cache: true # runs 'bundle install' and caches installed gems automatically - - name: Set up Python - uses: actions/setup-python@v5 - - name: Run tests - run: | - /usr/bin/pip3 install gitPython - python -c "import sys; import git; print(sys.version)" - git fetch origin ${{ github.base_ref }} - git fetch origin ${{ github.head_ref }} - git remote add linux https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git - git fetch --shallow-since="3 years ago" linux - echo "Will run process-git-request.rb with:" - echo "fname = ${{ github.run_id }}" - echo "target_branch = ${{ github.base_ref }}" - echo "source_branch = ${{ github.head_ref }}" - echo "prj_dir = ${{ github.workspace }}" - echo "pull_request = ${{ github.ref }}" - echo "requestor = ${{ github.actor }}" - cd ${{ github.workspace }} - /usr/bin/ruby .github/workflows/process-git-request.rb ${{ github.run_id }} ${{ github.base_ref }} \ - ${{ github.head_ref }} ${{ github.workspace }} ${{ github.ref }} ${{ github.actor }} diff --git a/.github/workflows/push-check_aarch64.yml b/.github/workflows/push-check_aarch64.yml deleted file mode 100644 index 2dda81c43aa79..0000000000000 --- a/.github/workflows/push-check_aarch64.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: CI -on: - push: - branches: - - '**' - - '!mainline' - -jobs: - kernel-build-job: - runs-on: - labels: kernel-build-arm64 - container: - image: rockylinux:8 - env: - ROCKY_ENV: rocky8 - ports: - - 80 - options: --cpus 8 - steps: - - name: Install tools and Libraries - run: | - dnf groupinstall 'Development Tools' -y - dnf install --enablerepo=devel bc dwarves kernel-devel openssl-devel elfutils-libelf-devel -y - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Build the Kernel - run: | - git config --global --add safe.directory /__w/kernel-src-git/kernel-src-git - cp configs/kernel-4.18.0-aarch64.config .config - make olddefconfig - make -j8