From c678e8796f4df4e0f3beac5cc6614796ae77808b Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 22 Jun 2020 21:52:18 +0200
Subject: [PATCH] Drop "netlabel: cope with NULL catmap"

---
 debian/changelog                              |  1 -
 .../all/netlabel-cope-with-NULL-catmap.patch  | 92 -------------------
 debian/patches/series                         |  1 -
 3 files changed, 94 deletions(-)
 delete mode 100644 debian/patches/bugfix/all/netlabel-cope-with-NULL-catmap.patch

diff --git a/debian/changelog b/debian/changelog
index 9f157fcd7..b311912c7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -260,7 +260,6 @@ linux (4.19.124-1) UNRELEASED; urgency=medium
     - virtio-blk: handle block_device_operations callbacks after hot unplug
     - mmc: sdhci-acpi: Add SDHCI_QUIRK2_BROKEN_64_BIT_DMA for AMDI0040
     - net: fix a potential recursive NETDEV_FEAT_CHANGE
-    - netlabel: cope with NULL catmap
     - net: phy: fix aneg restart in phy_ethtool_set_eee
     - pppoe: only process PADT targeted at local interfaces
     - Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
diff --git a/debian/patches/bugfix/all/netlabel-cope-with-NULL-catmap.patch b/debian/patches/bugfix/all/netlabel-cope-with-NULL-catmap.patch
deleted file mode 100644
index 8aa633a1a..000000000
--- a/debian/patches/bugfix/all/netlabel-cope-with-NULL-catmap.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From: Paolo Abeni <pabeni@redhat.com>
-Date: Tue, 12 May 2020 14:43:14 +0200
-Subject: netlabel: cope with NULL catmap
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=caf6c20c6421ca687751d27b96c8021c655e56e6
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-10711
-
-[ Upstream commit eead1c2ea2509fd754c6da893a94f0e69e83ebe4 ]
-
-The cipso and calipso code can set the MLS_CAT attribute on
-successful parsing, even if the corresponding catmap has
-not been allocated, as per current configuration and external
-input.
-
-Later, selinux code tries to access the catmap if the MLS_CAT flag
-is present via netlbl_catmap_getlong(). That may cause null ptr
-dereference while processing incoming network traffic.
-
-Address the issue setting the MLS_CAT flag only if the catmap is
-really allocated. Additionally let netlbl_catmap_getlong() cope
-with NULL catmap.
-
-Reported-by: Matthew Sheets <matthew.sheets@gd-ms.com>
-Fixes: 4b8feff251da ("netlabel: fix the horribly broken catmap functions")
-Fixes: ceba1832b1b2 ("calipso: Set the calipso socket label to match the secattr.")
-Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-Acked-by: Paul Moore <paul@paul-moore.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/ipv4/cipso_ipv4.c        | 6 ++++--
- net/ipv6/calipso.c           | 3 ++-
- net/netlabel/netlabel_kapi.c | 6 ++++++
- 3 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
-index 1c21dc5d6dd4..5535b722f66d 100644
---- a/net/ipv4/cipso_ipv4.c
-+++ b/net/ipv4/cipso_ipv4.c
-@@ -1272,7 +1272,8 @@ static int cipso_v4_parsetag_rbm(const struct cipso_v4_doi *doi_def,
- 			return ret_val;
- 		}
- 
--		secattr->flags |= NETLBL_SECATTR_MLS_CAT;
-+		if (secattr->attr.mls.cat)
-+			secattr->flags |= NETLBL_SECATTR_MLS_CAT;
- 	}
- 
- 	return 0;
-@@ -1453,7 +1454,8 @@ static int cipso_v4_parsetag_rng(const struct cipso_v4_doi *doi_def,
- 			return ret_val;
- 		}
- 
--		secattr->flags |= NETLBL_SECATTR_MLS_CAT;
-+		if (secattr->attr.mls.cat)
-+			secattr->flags |= NETLBL_SECATTR_MLS_CAT;
- 	}
- 
- 	return 0;
-diff --git a/net/ipv6/calipso.c b/net/ipv6/calipso.c
-index 1c0bb9fb76e6..70611784c071 100644
---- a/net/ipv6/calipso.c
-+++ b/net/ipv6/calipso.c
-@@ -1061,7 +1061,8 @@ static int calipso_opt_getattr(const unsigned char *calipso,
- 			goto getattr_return;
- 		}
- 
--		secattr->flags |= NETLBL_SECATTR_MLS_CAT;
-+		if (secattr->attr.mls.cat)
-+			secattr->flags |= NETLBL_SECATTR_MLS_CAT;
- 	}
- 
- 	secattr->type = NETLBL_NLTYPE_CALIPSO;
-diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
-index ee3e5b6471a6..15fe2120b310 100644
---- a/net/netlabel/netlabel_kapi.c
-+++ b/net/netlabel/netlabel_kapi.c
-@@ -748,6 +748,12 @@ int netlbl_catmap_getlong(struct netlbl_lsm_catmap *catmap,
- 	if ((off & (BITS_PER_LONG - 1)) != 0)
- 		return -EINVAL;
- 
-+	/* a null catmap is equivalent to an empty one */
-+	if (!catmap) {
-+		*offset = (u32)-1;
-+		return 0;
-+	}
-+
- 	if (off < catmap->startbit) {
- 		off = catmap->startbit;
- 		*offset = off;
--- 
-2.27.0.rc0
-
diff --git a/debian/patches/series b/debian/patches/series
index 7c3beeb4e..4666355dd 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -297,7 +297,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
 debian/ntfs-mark-it-as-broken.patch
 bugfix/x86/kvm-svm-fix-potential-memory-leak-in-svm_cpu_init.patch
-bugfix/all/netlabel-cope-with-NULL-catmap.patch
 bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch
 bugfix/all/kernel-relay.c-handle-alloc_percpu-returning-NULL-in.patch
 bugfix/all/mm-Fix-mremap-not-considering-huge-pmd-devmap.patch