iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,105,439 Commits 104 Branches 1,843 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Eric Dumazet 1228b34c8d net: clear msg_get_inq in __sys_recvfrom() and __copy_msghdr_from_user() 
syzbot reported uninit-value in tcp_recvmsg() [1]

Issue here is that msg->msg_get_inq should have been cleared,
otherwise tcp_recvmsg() might read garbage and perform
more work than needed, or have undefined behavior.

Given CONFIG_INIT_STACK_ALL_ZERO=y is probably going to be
the default soon, I chose to change __sys_recvfrom() to clear
all fields but msghdr.addr which might be not NULL.

For __copy_msghdr_from_user(), I added an explicit clear
of kmsg->msg_get_inq.

[1]
BUG: KMSAN: uninit-value in tcp_recvmsg+0x6cf/0xb60 net/ipv4/tcp.c:2557
tcp_recvmsg+0x6cf/0xb60 net/ipv4/tcp.c:2557
inet_recvmsg+0x13a/0x5a0 net/ipv4/af_inet.c:850
sock_recvmsg_nosec net/socket.c:995 [inline]
sock_recvmsg net/socket.c:1013 [inline]
__sys_recvfrom+0x696/0x900 net/socket.c:2176
__do_sys_recvfrom net/socket.c:2194 [inline]
__se_sys_recvfrom net/socket.c:2190 [inline]
__x64_sys_recvfrom+0x122/0x1c0 net/socket.c:2190
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0

Local variable msg created at:
__sys_recvfrom+0x81/0x900 net/socket.c:2154
__do_sys_recvfrom net/socket.c:2194 [inline]
__se_sys_recvfrom net/socket.c:2190 [inline]
__x64_sys_recvfrom+0x122/0x1c0 net/socket.c:2190

CPU: 0 PID: 3493 Comm: syz-executor170 Not tainted 5.19.0-rc3-syzkaller-30868-g4b28366af7d9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011

Fixes: f94fd25cb0aa ("tcp: pass back data left in socket after receive")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Tested-by: Alexander Potapenko<glider@google.com>
Link: https://lore.kernel.org/r/20220622150220.1091182-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-06-23 20:56:23 -07:00
arch
Networking fixes for 5.19-rc4, including fixes from bpf and netfilter.
2022-06-23 09:01:01 -05:00
block
block/bfq: Enable I/O statistics
2022-06-16 16:59:28 -06:00
certs
Certs changes
2022-06-21 12:13:53 -05:00
crypto
Certs changes
2022-06-21 12:13:53 -05:00
Documentation
A set of interrupt subsystem updates:
2022-06-19 09:45:16 -05:00
drivers
net: dsa: bcm_sf2: force pause link settings
2022-06-23 20:46:39 -07:00
fs
9p-for-5.19-rc4: fid refcount and fscache fixes
2022-06-22 08:09:49 -05:00
include
Networking fixes for 5.19-rc4, including fixes from bpf and netfilter.
2022-06-23 09:01:01 -05:00
init
gcc-12: disable '-Warray-bounds' universally for now
2022-06-09 10:11:12 -07:00
ipc
These changes update the ipc sysctls so that they are fundamentally
2022-06-03 15:54:57 -07:00
kernel
Networking fixes for 5.19-rc4, including fixes from bpf and netfilter.
2022-06-23 09:01:01 -05:00
lib
Build tool updates:
2022-06-19 09:54:16 -05:00
LICENSES
LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers
2021-12-16 14:33:10 +01:00
mm
slab fixes for 5.19
2022-06-20 09:28:51 -05:00
net
net: clear msg_get_inq in __sys_recvfrom() and __copy_msghdr_from_user()
2022-06-23 20:56:23 -07:00
samples
fprobe, samples: Add use_trace option and show hit/missed counter
2022-06-17 21:53:29 +02:00
scripts
Build tool updates:
2022-06-19 09:54:16 -05:00
security
selinux: free contexts previously transferred in selinux_add_opt()
2022-06-15 21:20:45 -04:00
sound
sound fixes for 5.19-rc4
2022-06-23 08:44:00 -05:00
tools
Networking fixes for 5.19-rc4, including fixes from bpf and netfilter.
2022-06-23 09:01:01 -05:00
usr
Not a lot of material this cycle. Many singleton patches against various
2022-05-27 11:22:03 -07:00
virt
KVM: x86: disable preemption around the call to kvm_arch_vcpu_{un|}blocking
2022-06-09 10:52:20 -04:00
.clang-format
clang-format: Fix space after for_each macros
2022-05-20 19:27:16 +02:00
.cocciconfig
.get_maintainer.ignore
Opt out of scripts/get_maintainer.pl
2019-05-16 10:53:40 -07:00
.gitattributes
.gitattributes: use 'dts' diff driver for dts files
2019-12-04 19:44:11 -08:00
.gitignore
kbuild: split the second line of *.mod into *.usyms
2022-05-08 03:16:59 +09:00
.mailmap
Hot fixes for 5.19-rc1.
2022-06-05 17:05:38 -07:00
COPYING
COPYING: state that all contributions really are covered by this file
2020-02-10 13:32:20 -08:00
CREDITS
MAINTAINERS: replace a Microchip AT91 maintainer
2022-02-09 11:30:01 +01:00
Kbuild
kbuild: rename hostprogs-y/always to hostprogs/always-y
2020-02-04 01:53:07 +09:00
Kconfig
kbuild: ensure full rebuild when the compiler is updated
2020-05-12 13:28:33 +09:00
MAINTAINERS
Networking fixes for 5.19-rc4, including fixes from bpf and netfilter.
2022-06-23 09:01:01 -05:00
Makefile
Linux 5.19-rc3
2022-06-19 15:06:47 -05:00
README
Drop all 00-INDEX files from Documentation/
2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Description
No description provided
Readme 5.7 GiB
Languages
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%