rtl88x2CE_WiFi_linux driver

hc

2024-05-10 cde9070d9970eef1f7ec2360586c802a16230ad8

 kernel/security/tomoyo/network.c
..
..
@@ -233,14 +233,14 @@
233
233
 {
234
234
 	u8 * const a_perm =
235
235
 		&container_of(a, struct tomoyo_inet_acl, head)->perm;
236
-	u8 perm = *a_perm;
236
+	u8 perm = READ_ONCE(*a_perm);
237
237
 	const u8 b_perm = container_of(b, struct tomoyo_inet_acl, head)->perm;
238
238
 
239
239
 	if (is_delete)
240
240
 		perm &= ~b_perm;
241
241
 	else
242
242
 		perm |= b_perm;
243
-	*a_perm = perm;
243
+	WRITE_ONCE(*a_perm, perm);
244
244
 	return !perm;
245
245
 }
246
246
 
..
..
@@ -259,14 +259,14 @@
259
259
 {
260
260
 	u8 * const a_perm =
261
261
 		&container_of(a, struct tomoyo_unix_acl, head)->perm;
262
-	u8 perm = *a_perm;
262
+	u8 perm = READ_ONCE(*a_perm);
263
263
 	const u8 b_perm = container_of(b, struct tomoyo_unix_acl, head)->perm;
264
264
 
265
265
 	if (is_delete)
266
266
 		perm &= ~b_perm;
267
267
 	else
268
268
 		perm |= b_perm;
269
-	*a_perm = perm;
269
+	WRITE_ONCE(*a_perm, perm);
270
270
 	return !perm;
271
271
 }
272
272
 
..
..
@@ -505,6 +505,8 @@
505
505
 {
506
506
 	struct tomoyo_inet_addr_info *i = &address->inet;
507
507
 
508
+	if (addr_len < offsetofend(struct sockaddr, sa_family))
509
+		return 0;
508
510
 	switch (addr->sa_family) {
509
511
 	case AF_INET6:
510
512
 		if (addr_len < SIN6_LEN_RFC2133)
..
..
@@ -594,6 +596,8 @@
594
596
 {
595
597
 	struct tomoyo_unix_addr_info *u = &address->unix0;
596
598
 
599
+	if (addr_len < offsetofend(struct sockaddr, sa_family))
600
+		return 0;
597
601
 	if (addr->sa_family != AF_UNIX)
598
602
 		return 0;
599
603
 	u->addr = ((struct sockaddr_un *) addr)->sun_path;
..
..
@@ -609,7 +613,7 @@
609
613
 static bool tomoyo_kernel_service(void)
610
614
 {
611
615
 	/* Nothing to do if I am a kernel service. */
612
-	return uaccess_kernel();
616
+	return (current->flags & (PF_KTHREAD | PF_IO_WORKER)) == PF_KTHREAD;
613
617
 }
614
618
 
615
619
 /**