rtl88x2CE_WiFi_linux driver

hc

2024-05-10 cde9070d9970eef1f7ec2360586c802a16230ad8

 kernel/security/tomoyo/file.c
..
..
@@ -214,6 +214,7 @@
214
214
 	const u8 type = r->param.path_number.operation;
215
215
 	u8 radix;
216
216
 	char buffer[64];
217
+
217
218
 	switch (type) {
218
219
 	case TOMOYO_TYPE_CREATE:
219
220
 	case TOMOYO_TYPE_MKDIR:
..
..
@@ -253,6 +254,7 @@
253
254
 {
254
255
 	const struct tomoyo_path_acl *acl = container_of(ptr, typeof(*acl),
255
256
 							 head);
257
+
256
258
 	if (acl->perm & (1 << r->param.path.operation)) {
257
259
 		r->param.path.matched_path =
258
260
 			tomoyo_compare_name_union(r->param.path.filename,
..
..
@@ -275,6 +277,7 @@
275
277
 {
276
278
 	const struct tomoyo_path_number_acl *acl =
277
279
 		container_of(ptr, typeof(*acl), head);
280
+
278
281
 	return (acl->perm & (1 << r->param.path_number.operation)) &&
279
282
 		tomoyo_compare_number_union(r->param.path_number.number,
280
283
 					    &acl->number) &&
..
..
@@ -295,6 +298,7 @@
295
298
 {
296
299
 	const struct tomoyo_path2_acl *acl =
297
300
 		container_of(ptr, typeof(*acl), head);
301
+
298
302
 	return (acl->perm & (1 << r->param.path2.operation)) &&
299
303
 		tomoyo_compare_name_union(r->param.path2.filename1, &acl->name1)
300
304
 		&& tomoyo_compare_name_union(r->param.path2.filename2,
..
..
@@ -314,6 +318,7 @@
314
318
 {
315
319
 	const struct tomoyo_mkdev_acl *acl =
316
320
 		container_of(ptr, typeof(*acl), head);
321
+
317
322
 	return (acl->perm & (1 << r->param.mkdev.operation)) &&
318
323
 		tomoyo_compare_number_union(r->param.mkdev.mode,
319
324
 					    &acl->mode) &&
..
..
@@ -338,6 +343,7 @@
338
343
 {
339
344
 	const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head);
340
345
 	const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head);
346
+
341
347
 	return tomoyo_same_name_union(&p1->name, &p2->name);
342
348
 }
343
349
 
..
..
@@ -356,13 +362,14 @@
356
362
 {
357
363
 	u16 * const a_perm = &container_of(a, struct tomoyo_path_acl, head)
358
364
 		->perm;
359
-	u16 perm = *a_perm;
365
+	u16 perm = READ_ONCE(*a_perm);
360
366
 	const u16 b_perm = container_of(b, struct tomoyo_path_acl, head)->perm;
367
+
361
368
 	if (is_delete)
362
369
 		perm &= ~b_perm;
363
370
 	else
364
371
 		perm |= b_perm;
365
-	*a_perm = perm;
372
+	WRITE_ONCE(*a_perm, perm);
366
373
 	return !perm;
367
374
 }
368
375
 
..
..
@@ -384,6 +391,7 @@
384
391
 		.perm = perm
385
392
 	};
386
393
 	int error;
394
+
387
395
 	if (!tomoyo_parse_name_union(param, &e.name))
388
396
 		error = -EINVAL;
389
397
 	else
..
..
@@ -407,6 +415,7 @@
407
415
 {
408
416
 	const struct tomoyo_mkdev_acl *p1 = container_of(a, typeof(*p1), head);
409
417
 	const struct tomoyo_mkdev_acl *p2 = container_of(b, typeof(*p2), head);
418
+
410
419
 	return tomoyo_same_name_union(&p1->name, &p2->name) &&
411
420
 		tomoyo_same_number_union(&p1->mode, &p2->mode) &&
412
421
 		tomoyo_same_number_union(&p1->major, &p2->major) &&
..
..
@@ -428,14 +437,15 @@
428
437
 {
429
438
 	u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl,
430
439
 					 head)->perm;
431
-	u8 perm = *a_perm;
440
+	u8 perm = READ_ONCE(*a_perm);
432
441
 	const u8 b_perm = container_of(b, struct tomoyo_mkdev_acl, head)
433
442
 		->perm;
443
+
434
444
 	if (is_delete)
435
445
 		perm &= ~b_perm;
436
446
 	else
437
447
 		perm |= b_perm;
438
-	*a_perm = perm;
448
+	WRITE_ONCE(*a_perm, perm);
439
449
 	return !perm;
440
450
 }
441
451
 
..
..
@@ -457,6 +467,7 @@
457
467
 		.perm = perm
458
468
 	};
459
469
 	int error;
470
+
460
471
 	if (!tomoyo_parse_name_union(param, &e.name) ||
461
472
 	    !tomoyo_parse_number_union(param, &e.mode) ||
462
473
 	    !tomoyo_parse_number_union(param, &e.major) ||
..
..
@@ -486,6 +497,7 @@
486
497
 {
487
498
 	const struct tomoyo_path2_acl *p1 = container_of(a, typeof(*p1), head);
488
499
 	const struct tomoyo_path2_acl *p2 = container_of(b, typeof(*p2), head);
500
+
489
501
 	return tomoyo_same_name_union(&p1->name1, &p2->name1) &&
490
502
 		tomoyo_same_name_union(&p1->name2, &p2->name2);
491
503
 }
..
..
@@ -505,13 +517,14 @@
505
517
 {
506
518
 	u8 * const a_perm = &container_of(a, struct tomoyo_path2_acl, head)
507
519
 		->perm;
508
-	u8 perm = *a_perm;
520
+	u8 perm = READ_ONCE(*a_perm);
509
521
 	const u8 b_perm = container_of(b, struct tomoyo_path2_acl, head)->perm;
522
+
510
523
 	if (is_delete)
511
524
 		perm &= ~b_perm;
512
525
 	else
513
526
 		perm |= b_perm;
514
-	*a_perm = perm;
527
+	WRITE_ONCE(*a_perm, perm);
515
528
 	return !perm;
516
529
 }
517
530
 
..
..
@@ -533,6 +546,7 @@
533
546
 		.perm = perm
534
547
 	};
535
548
 	int error;
549
+
536
550
 	if (!tomoyo_parse_name_union(param, &e.name1) ||
537
551
 	    !tomoyo_parse_name_union(param, &e.name2))
538
552
 		error = -EINVAL;
..
..
@@ -621,6 +635,7 @@
621
635
 							       head);
622
636
 	const struct tomoyo_path_number_acl *p2 = container_of(b, typeof(*p2),
623
637
 							       head);
638
+
624
639
 	return tomoyo_same_name_union(&p1->name, &p2->name) &&
625
640
 		tomoyo_same_number_union(&p1->number, &p2->number);
626
641
 }
..
..
@@ -640,14 +655,15 @@
640
655
 {
641
656
 	u8 * const a_perm = &container_of(a, struct tomoyo_path_number_acl,
642
657
 					  head)->perm;
643
-	u8 perm = *a_perm;
658
+	u8 perm = READ_ONCE(*a_perm);
644
659
 	const u8 b_perm = container_of(b, struct tomoyo_path_number_acl, head)
645
660
 		->perm;
661
+
646
662
 	if (is_delete)
647
663
 		perm &= ~b_perm;
648
664
 	else
649
665
 		perm |= b_perm;
650
-	*a_perm = perm;
666
+	WRITE_ONCE(*a_perm, perm);
651
667
 	return !perm;
652
668
 }
653
669
 
..
..
@@ -667,6 +683,7 @@
667
683
 		.perm = perm
668
684
 	};
669
685
 	int error;
686
+
670
687
 	if (!tomoyo_parse_name_union(param, &e.name) ||
671
688
 	    !tomoyo_parse_number_union(param, &e.number))
672
689
 		error = -EINVAL;
..
..
@@ -910,7 +927,7 @@
910
927
 	case TOMOYO_TYPE_LINK:
911
928
 		if (!d_is_dir(path1->dentry))
912
929
 			break;
913
-		/* fall through */
930
+		fallthrough;
914
931
 	case TOMOYO_TYPE_PIVOT_ROOT:
915
932
 		tomoyo_add_slash(&buf1);
916
933
 		tomoyo_add_slash(&buf2);
..
..
@@ -947,6 +964,7 @@
947
964
 {
948
965
 	const struct tomoyo_mount_acl *p1 = container_of(a, typeof(*p1), head);
949
966
 	const struct tomoyo_mount_acl *p2 = container_of(b, typeof(*p2), head);
967
+
950
968
 	return tomoyo_same_name_union(&p1->dev_name, &p2->dev_name) &&
951
969
 		tomoyo_same_name_union(&p1->dir_name, &p2->dir_name) &&
952
970
 		tomoyo_same_name_union(&p1->fs_type, &p2->fs_type) &&
..
..
@@ -966,6 +984,7 @@
966
984
 {
967
985
 	struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL };
968
986
 	int error;
987
+
969
988
 	if (!tomoyo_parse_name_union(param, &e.dev_name) ||
970
989
 	    !tomoyo_parse_name_union(param, &e.dir_name) ||
971
990
 	    !tomoyo_parse_name_union(param, &e.fs_type) ||
..
..
@@ -995,6 +1014,7 @@
995
1014
 	u16 perm = 0;
996
1015
 	u8 type;
997
1016
 	const char *operation = tomoyo_read_token(param);
1017
+
998
1018
 	for (type = 0; type < TOMOYO_MAX_PATH_OPERATION; type++)
999
1019
 		if (tomoyo_permstr(operation, tomoyo_path_keyword[type]))
1000
1020
 			perm |= 1 << type;