iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/mm
History
Jann Horn 0a1d52994d mm: enforce min addr even if capable() in expand_downwards() 
security_mmap_addr() does a capability check with current_cred(), but
we can reach this code from contexts like a VFS write handler where
current_cred() must not be used.

This can be abused on systems without SMAP to make NULL pointer
dereferences exploitable again.

Fixes: 8869477a49c3 ("security: protect from stack expansion into low vm addresses")
Cc: stable@kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-27 17:27:02 -08:00
..
kasan
kasan: prevent tracing of tags.c
2019-02-21 09:01:00 -08:00
backing-dev.c
writeback: synchronize sync(2) against cgroup writeback membership switches
2019-01-22 14:39:38 -07:00
balloon_compaction.c
virtio_balloon: fix deadlock on OOM
2017-11-14 23:57:38 +02:00
cleancache.c
mm: use octal not symbolic permissions
2018-06-15 07:55:25 +09:00
cma_debug.c
mm/cma: remove unsupported gfp_mask parameter from cma_alloc()
2018-08-17 16:20:32 -07:00
cma.c
kasan, mm, arm64: tag non slab memory allocated via pagealloc
2018-12-28 12:11:44 -08:00
cma.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
compaction.c
mm: move zone watermark accesses behind an accessor
2018-12-28 12:11:48 -08:00
debug_page_ref.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
debug.c
mm/debug.c: fix __dump_page() for poisoned pages
2019-02-21 09:01:00 -08:00
dmapool.c
mm: use octal not symbolic permissions
2018-06-15 07:55:25 +09:00
early_ioremap.c
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
2017-12-11 14:54:44 +01:00
fadvise.c
vfs: implement readahead(2) using POSIX_FADV_WILLNEED
2018-08-30 20:01:32 +02:00
failslab.c
mm: use octal not symbolic permissions
2018-06-15 07:55:25 +09:00
filemap.c
mm/: remove caller signal_pending branch predictions
2019-01-04 13:13:48 -08:00
frame_vector.c
mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'
2017-12-14 16:00:48 -08:00
frontswap.c
mm: use octal not symbolic permissions
2018-06-15 07:55:25 +09:00
gup_benchmark.c
mm/gup_benchmark.c: prevent integer overflow in ioctl
2018-10-31 08:54:12 -07:00
gup.c
mm/gup: fix gup_pmd_range() for dax
2019-02-12 16:33:18 -08:00
highmem.c
mm: convert totalram_pages and totalhigh_pages variables to atomic
2018-12-28 12:11:47 -08:00
hmm.c
mm/hmm: fix memremap.h, move dev_page_fault_t callback to hmm
2018-12-28 12:11:52 -08:00
huge_memory.c
mm: treewide: remove unused address argument from pte_alloc functions
2019-01-04 13:13:47 -08:00
hugetlb_cgroup.c
mm: rename page_counter's count/limit into usage/max
2018-06-07 17:34:35 -07:00
hugetlb.c
mm/hugetlb.c: teach follow_hugetlb_page() to handle FOLL_NOWAIT
2019-02-01 15:46:23 -08:00
hwpoison-inject.c
mm/memory_failure: Remove unused trapno from memory_failure
2018-01-23 12:17:42 -06:00
init-mm.c
mm: Allocate the mm_cpumask (mm->cpu_bitmap[]) dynamically based on nr_cpu_ids
2018-07-17 09:35:30 +02:00
internal.h
mm: use alloc_flags to record if kswapd can wake
2018-12-28 12:11:48 -08:00
interval_tree.c
mm/interval_tree.c: use vma_pages() helper
2018-01-31 17:18:37 -08:00
Kconfig
ksm: replace jhash2 with xxhash
2018-12-28 12:11:46 -08:00
Kconfig.debug
mm: clarify CONFIG_PAGE_POISONING and usage
2018-08-22 10:52:44 -07:00
khugepaged.c
mm/mmu_notifier: use structure for invalidate_range_start/end calls v2
2018-12-28 12:11:50 -08:00
kmemleak-test.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
kmemleak.c
kmemleak: account for tagged pointers when calculating pointer range
2019-02-21 09:01:00 -08:00
ksm.c
ksm: react on changing "sleep_millisecs" parameter faster
2018-12-28 12:11:51 -08:00
list_lru.c
mm/list_lru: introduce list_lru_shrink_walk_irq()
2018-08-17 16:20:32 -07:00
maccess.c
Revert "x86/fault: BUG() when uaccess helpers fault on kernel addresses"
2019-02-25 09:10:51 -08:00
madvise.c
mm/mmu_notifier: use structure for invalidate_range_start/end calls v2
2018-12-28 12:11:50 -08:00
Makefile
mm: remove nobootmem
2018-10-31 08:54:16 -07:00
memblock.c
arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table
2019-02-16 15:02:03 +01:00
memcontrol.c
memcg, oom: notify on oom killer invocation from the charge path
2018-12-28 12:11:52 -08:00
memfd.c
memfd: Convert memfd_tag_pins to XArray
2018-10-21 10:46:41 -04:00
memory_hotplug.c
mm, memory_hotplug: fix off-by-one in is_pageblock_removable
2019-02-21 09:01:01 -08:00
memory-failure.c
mm: hwpoison: use do_send_sig_info() instead of force_sig()
2019-02-01 15:46:23 -08:00
memory.c
mm/memory.c: initialise mmu_notifier_range correctly
2019-01-08 17:15:11 -08:00
mempolicy.c
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
2019-02-21 09:00:59 -08:00
mempool.c
mm/mempool.c: add missing parameter description
2018-08-22 10:52:44 -07:00
memtest.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
migrate.c
mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
2019-02-01 15:46:24 -08:00
mincore.c
Revert "Change mincore() to count "mapped" pages rather than "cached" pages"
2019-01-24 09:04:37 +13:00
mlock.c
dax: remove VM_MIXEDMAP for fsdax and device dax
2018-08-17 16:20:27 -07:00
mm_init.c
mm: convert totalram_pages and totalhigh_pages variables to atomic
2018-12-28 12:11:47 -08:00
mmap.c
mm: enforce min addr even if capable() in expand_downwards()
2019-02-27 17:27:02 -08:00
mmu_context.c
sched/headers: Prepare to move the task_lock()/unlock() APIs to <linux/sched/task.h>
2017-03-02 08:42:38 +01:00
mmu_gather.c
mm: Replace call_rcu_sched() with call_rcu()
2018-11-27 09:21:46 -08:00
mmu_notifier.c
mm/mmu_notifier: use structure for invalidate_range_start/end calls v2
2018-12-28 12:11:50 -08:00
mmzone.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mprotect.c
mm/mmu_notifier: use structure for invalidate_range_start/end calls v2
2018-12-28 12:11:50 -08:00
mremap.c
mm: speed up mremap by 20x on large regions
2019-01-04 13:13:48 -08:00
msync.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nommu.c
mm/gup: cache dev_pagemap while pinning pages
2018-10-26 16:38:15 -07:00
oom_kill.c
mm, oom: fix use-after-free in oom_kill_process
2019-02-01 15:46:23 -08:00
page_alloc.c
mm, page_alloc: fix a division by zero error when boosting watermarks v2
2019-02-21 09:01:00 -08:00
page_counter.c
memcg: introduce memory.min
2018-06-07 17:34:36 -07:00
page_ext.c
Revert "mm: use early_pfn_to_nid in page_ext_init"
2019-02-12 16:33:18 -08:00
page_idle.c
mm: remove include/linux/bootmem.h
2018-10-31 08:54:16 -07:00
page_io.c
mm/page_io.c: fix polled swap page in
2019-01-04 13:13:48 -08:00
page_isolation.c
mm: only report isolation failures when offlining memory
2018-12-28 12:11:46 -08:00
page_owner.c
mm/page_owner: clamp read count to PAGE_SIZE
2018-12-28 12:11:46 -08:00
page_poison.c
virtio, vhost: fixes, tweaks
2018-11-01 14:42:49 -07:00
page_vma_mapped.c
mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly
2018-10-31 08:54:11 -07:00
page-writeback.c
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
2018-12-28 12:11:49 -08:00
pagewalk.c
mm: kernel-doc: add missing parameter descriptions
2018-04-05 21:36:27 -07:00
percpu-internal.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
percpu-km.c
percpu: convert spin_lock_irq to spin_lock_irqsave.
2018-12-18 09:04:08 -08:00
percpu-stats.c
treewide: Use array_size() in vmalloc()
2018-06-12 16:19:22 -07:00
percpu-vm.c
percpu: allow select gfp to be passed to underlying allocators
2018-02-18 05:33:01 -08:00
percpu.c
Merge branch 'for-4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu
2018-11-01 09:27:57 -07:00
pgtable-generic.c
x86/mm: Page size aware flush_tlb_mm_range()
2018-10-09 16:51:11 +02:00
process_vm_access.c
mm: docs: add blank lines to silence sphinx "Unexpected indentation" errors
2018-02-06 18:32:48 -08:00
quicklist.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
readahead.c
mm/readahead.c: simplify get_next_ra_size()
2018-12-28 12:11:46 -08:00
rmap.c
mm/mmu_notifier: mm/rmap.c: Fix a mmu_notifier range bug in try_to_unmap_one
2019-01-10 02:58:21 -08:00
rodata_test.c
mm: fix RODATA_TEST failure "rodata_test: test data was not read only"
2017-10-03 17:54:24 -07:00
shmem.c
tmpfs: fix uninitialized return value in shmem_link
2019-02-25 11:49:22 -08:00
slab_common.c
kmemleak: account for tagged pointers when calculating pointer range
2019-02-21 09:01:00 -08:00
slab.c
kasan, slab: remove redundant kasan_slab_alloc hooks
2019-02-21 09:01:00 -08:00
slab.h
kmemleak: account for tagged pointers when calculating pointer range
2019-02-21 09:01:00 -08:00
slob.c
slab: __GFP_ZERO is incompatible with a constructor
2018-06-07 17:34:34 -07:00
slub.c
slub: fix a crash with SLUB_DEBUG + KASAN_SW_TAGS
2019-02-21 09:01:00 -08:00
sparse-vmemmap.c
mm: remove include/linux/bootmem.h
2018-10-31 08:54:16 -07:00
sparse.c
mm, sparse: pass nid instead of pgdat to sparse_add_one_section()
2018-12-28 12:11:49 -08:00
swap_cgroup.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
swap_slots.c
mm, swap, get_swap_pages: use entry_size instead of cluster in parameter
2018-08-22 10:52:44 -07:00
swap_state.c
Merge branch 'xarray' of git://git.infradead.org/users/willy/linux-dax
2018-10-28 11:35:40 -07:00
swap.c
mm: handle lru_add_drain_all for UP properly
2019-02-21 09:01:00 -08:00
swapfile.c
mm, swap: fix swapoff with KSM pages
2018-12-28 12:11:52 -08:00
truncate.c
mm: cleancache: fix corruption on missed inode invalidation
2018-11-30 14:56:14 -08:00
usercopy.c
mm/usercopy.c: no check page span for stack objects
2019-01-08 17:15:11 -08:00
userfaultfd.c
hugetlbfs: revert "use i_mmap_rwsem for more pmd sharing synchronization"
2019-01-08 17:15:11 -08:00
util.c
mm: don't let userspace spam allocations warnings
2019-02-21 09:01:01 -08:00
vmacache.c
mm: get rid of vmacache_flush_all() entirely
2018-09-13 15:18:04 -10:00
vmalloc.c
mm: convert totalram_pages and totalhigh_pages variables to atomic
2018-12-28 12:11:47 -08:00
vmpressure.c
mm/vmpressure.c: convert to use match_string() helper
2018-06-07 17:34:36 -07:00
vmscan.c
Revert "mm: slowly shrink slabs with a relatively small number of objects"
2019-02-12 16:33:18 -08:00
vmstat.c
mm: convert zone->managed_pages to atomic variable
2018-12-28 12:11:47 -08:00
workingset.c
mm: convert totalram_pages and totalhigh_pages variables to atomic
2018-12-28 12:11:47 -08:00
z3fold.c
z3fold: fix possible reclaim races
2018-11-18 10:15:09 -08:00
zbud.c
mm: docs: fix parameter names mismatch
2018-02-06 18:32:48 -08:00
zpool.c
mm/zpool.c: zpool_evictable: fix mismatch in parameter name and kernel-doc
2018-02-21 15:35:43 -08:00
zsmalloc.c
mm/zsmalloc.c: fix fall-through annotation
2018-10-26 16:26:35 -07:00
zswap.c
mm: convert totalram_pages and totalhigh_pages variables to atomic
2018-12-28 12:11:47 -08:00