iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/kernel
History
Andrei Matei ecc6a21018 bpf: Protect against int overflow for stack access size 
This patch re-introduces protection against the size of access to stack
memory being negative; the access size can appear negative as a result
of overflowing its signed int representation. This should not actually
happen, as there are other protections along the way, but we should
protect against it anyway. One code path was missing such protections
(fixed in the previous patch in the series), causing out-of-bounds array
accesses in check_stack_range_initialized(). This patch causes the
verification of a program with such a non-sensical access size to fail.

This check used to exist in a more indirect way, but was inadvertendly
removed in a833a17aeac7.

Fixes: a833a17aeac7 ("bpf: Fix verification of indirect var-off stack access")
Reported-by: syzbot+33f4297b5f927648741a@syzkaller.appspotmail.com
Reported-by: syzbot+aafd0513053a1cbf52ef@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/bpf/CAADnVQLORV5PT0iTAhRER+iLBTkByCYNBYyvBSgjN1T31K+gOw@mail.gmail.com/
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Andrei Matei <andreimatei1@gmail.com>
Link: https://lore.kernel.org/r/20240327024245.318299-3-andreimatei1@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2024-03-27 09:56:36 -07:00
..
bpf
bpf: Protect against int overflow for stack access size
2024-03-27 09:56:36 -07:00
cgroup
Networking changes for 6.9.
2024-03-12 17:44:08 -07:00
configs
Networking changes for 6.9.
2024-03-12 17:44:08 -07:00
debug
kdb: Fix a potential buffer overflow in kdb_local()
2024-01-17 17:19:06 +00:00
dma
- Sumanth Korikkar has taught s390 to allocate hotplug-time page frames
2024-03-14 17:43:30 -07:00
entry
entry: Move syscall_enter_from_user_mode() to header file
2023-12-21 23:12:18 +01:00
events
- Sumanth Korikkar has taught s390 to allocate hotplug-time page frames
2024-03-14 17:43:30 -07:00
futex
futex: Prevent the reuse of stale pi_state
2024-01-19 12:58:17 +01:00
gcov
gcov: annotate struct gcov_iterator with __counted_by
2023-10-18 14:43:22 -07:00
irq
Updates for the MSI interrupt subsystem and RISC-V initial MSI support:
2024-03-11 14:03:03 -07:00
kcsan
mm: delete checks for xor_unlock_is_negative_byte()
2023-10-18 14:34:17 -07:00
livepatch
livepatch: Fix missing newline character in klp_resolve_symbols()
2023-09-20 11:24:18 +02:00
locking
locking/rtmutex: Use try_cmpxchg_relaxed() in mark_rt_mutex_waiters()
2024-03-01 13:02:05 +01:00
module
Kbuild updates for v6.9
2024-03-21 14:41:00 -07:00
power
PM: EM: Force device drivers to provide power in uW
2024-03-13 20:48:38 +01:00
printk
TTY/Serial driver update for 6.9-rc1
2024-03-21 12:44:10 -07:00
rcu
Merge branches 'rcu-doc.2024.02.14a', 'rcu-nocb.2024.02.14a', 'rcu-exp.2024.02.14a', 'rcu-tasks.2024.02.26a' and 'rcu-misc.2024.02.14a' into rcu.2024.02.26a
2024-02-26 17:37:25 -08:00
sched
- Sumanth Korikkar has taught s390 to allocate hotplug-time page frames
2024-03-14 17:43:30 -07:00
time
Fix timer migration bug that can result in long bootup
2024-03-17 12:19:02 -07:00
trace
tracing: Use div64_u64() instead of do_div()
2024-03-18 10:33:06 -04:00
.gitignore
acct.c
fs: rename __mnt_{want,drop}_write*() helpers
2023-09-11 15:05:50 +02:00
async.c
async: Use a dedicated unbound workqueue with raised min_active
2024-02-09 11:13:59 -10:00
audit_fsnotify.c
audit: fix potential double free on error path from fsnotify_add_inode_mark
2022-08-22 18:50:06 -04:00
audit_tree.c
As usual, lots of singleton and doubleton patches all over the tree and
2023-11-02 20:53:31 -10:00
audit_watch.c
audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
2023-11-14 17:34:27 -05:00
audit.c
audit: use KMEM_CACHE() instead of kmem_cache_create()
2024-01-25 10:12:22 -05:00
audit.h
audit: correct audit_filter_inodes() definition
2023-07-21 12:17:25 -04:00
auditfilter.c
audit: remove unnecessary assignment in audit_dupe_lsm_field()
2024-01-25 09:59:27 -05:00
auditsc.c
audit,io_uring: io_uring openat triggers audit reference count underflow
2023-10-13 18:34:46 +02:00
backtracetest.c
backtracetest: Convert from tasklet to BH workqueue
2024-02-05 13:22:34 -10:00
bounds.c
bounds: support non-power-of-two CONFIG_NR_CPUS
2024-02-22 15:38:51 -08:00
capability.c
lsm: constify the 'target' parameter in security_capget()
2023-08-08 16:48:47 -04:00
cfi.c
cfi: Switch to -fsanitize=kcfi
2022-09-26 10:13:13 -07:00
compat.c
sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
2023-03-14 19:32:38 -07:00
configs.c
context_tracking.c
context_tracking: Fix kerneldoc headers for __ct_user_{enter,exit}()
2024-02-14 07:53:50 -08:00
cpu_pm.c
cpuidle, cpu_pm: Remove RCU fiddling from cpu_pm_{enter,exit}()
2023-01-13 11:48:15 +01:00
cpu.c
Rework of APIC enumeration and topology evaluation:
2024-03-11 15:45:55 -07:00
crash_core.c
crash: split crash dumping code out from kexec_core.c
2024-02-23 17:48:22 -08:00
crash_reserve.c
kexec: split crashkernel reservation code out from crash_core.c
2024-02-23 17:48:21 -08:00
cred.c
cred: Use KMEM_CACHE() instead of kmem_cache_create()
2024-02-23 17:33:31 -05:00
delayacct.c
delayacct: track delays from IRQ/SOFTIRQ
2023-04-18 16:39:34 -07:00
dma.c
elfcorehdr.c
crash: remove dependency of FA_DUMP on CRASH_DUMP
2024-02-23 17:48:22 -08:00
exec_domain.c
exit.c
vfs-6.9.pidfd
2024-03-11 10:21:06 -07:00
exit.h
exit: add internal include file with helpers
2023-09-21 12:03:50 -06:00
extable.c
fail_function.c
kernel/fail_function: fix memory leak with using debugfs_lookup()
2023-02-08 13:36:22 +01:00
fork.c
RCU pull request for v6.9
2024-03-11 12:02:50 -07:00
freezer.c
Linux 6.7-rc6
2023-12-23 15:52:13 +01:00
gen_kheaders.sh
Revert "kheaders: substituting --sort in archive creation"
2023-05-28 16:20:21 +09:00
groups.c
groups: Convert group_info.usage to refcount_t
2023-09-29 11:28:39 -07:00
hung_task.c
kernel/hung_task.c: export sysctl_hung_task_timeout_secs
2024-03-13 21:22:04 -04:00
iomem.c
kernel/iomem.c: remove __weak ioremap_cache helper
2023-08-21 13:37:28 -07:00
irq_work.c
trace: Add trace_ipi_send_cpu()
2023-03-24 11:01:29 +01:00
jump_label.c
jump_label: Prevent key->enabled int overflow
2022-12-01 15:53:05 -08:00
kallsyms_internal.h
kallsyms: Reduce the memory occupied by kallsyms_seqs_of_names[]
2022-11-12 18:47:36 -08:00
kallsyms_selftest.c
mm/vmalloc: remove vmap_area_list
2024-02-23 17:48:19 -08:00
kallsyms_selftest.h
kallsyms: Add self-test facility
2022-11-15 00:42:02 -08:00
kallsyms.c
kallsyms: Change func signature for cleanup_symbol_name()
2023-08-25 15:00:36 -07:00
kcmp.c
file: convert to SLAB_TYPESAFE_BY_RCU
2023-10-19 11:02:48 +02:00
Kconfig.freezer
Kconfig.hz
Kconfig.kexec
crash: clean up kdump related config items
2024-02-23 17:48:22 -08:00
Kconfig.locks
Kconfig.preempt
kcov.c
kcov: add prototypes for helper functions
2023-06-09 17:44:17 -07:00
kexec_core.c
- Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min
2024-03-14 18:03:09 -07:00
kexec_elf.c
kexec_file.c
arm64, crash: wrap crash dumping code into crash related ifdefs
2024-02-23 17:48:23 -08:00
kexec_internal.h
crash: remove dependency of FA_DUMP on CRASH_DUMP
2024-02-23 17:48:22 -08:00
kexec.c
crash: split crash dumping code out from kexec_core.c
2024-02-23 17:48:22 -08:00
kheaders.c
kheaders: Use array declaration instead of char
2023-03-24 20:10:59 -07:00
kprobes.c
kprobes: Remove unnecessary initial values of variables
2024-02-08 23:29:29 +09:00
ksyms_common.c
kallsyms: make kallsyms_show_value() as generic function
2023-06-08 12:27:20 -07:00
ksysfs.c
Driver core changes for 6.9-rc1
2024-03-21 13:34:15 -07:00
kthread.c
As usual, lots of singleton and doubleton patches all over the tree and
2023-11-02 20:53:31 -10:00
latencytop.c
latencytop: use the last element of latency_record of system
2022-09-11 21:55:12 -07:00
Makefile
crash: split crash dumping code out from kexec_core.c
2024-02-23 17:48:22 -08:00
module_signature.c
notifier.c
notifiers: add tracepoints to the notifiers infrastructure
2023-04-08 13:45:38 -07:00
nsproxy.c
pidfd: add pidfs
2024-03-01 12:23:37 +01:00
numa.c
kernel/numa.c: Move logging out of numa.h
2023-12-20 19:26:30 -05:00
padata.c
Author: Gang Li padata: dispatch works on
2024-03-06 13:04:17 -08:00
panic.c
- Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min
2024-03-14 18:03:09 -07:00
params.c
params: Fix multi-line comment style
2023-12-01 09:51:44 -08:00
pid_namespace.c
wait: Remove uapi header file from main header file
2023-12-20 19:26:31 -05:00
pid_sysctl.h
memfd: replace ratcheting feature from vm.memfd_noexec with hierarchy
2023-08-21 13:37:59 -07:00
pid.c
pidfs: remove config option
2024-03-13 12:53:53 -07:00
profile.c
kernel/profile.c: simplify duplicated code in profile_setup()
2022-09-11 21:55:12 -07:00
ptrace.c
ptrace_attach: shift send(SIGSTOP) into ptrace_set_stopped()
2024-02-22 15:38:52 -08:00
range.c
reboot.c
Thermal control updates for 6.8-rc1
2024-01-09 16:20:17 -08:00
regset.c
relay.c
kernel: relay: remove relay_file_splice_read dead code, doesn't work
2023-12-29 12:22:27 -08:00
resource_kunit.c
resource.c
Quite a lot of kexec work this time around. Many singleton patches in
2024-01-09 11:46:20 -08:00
rseq.c
rseq: Extend struct rseq with per-memory-map concurrency ID
2022-12-27 12:52:12 +01:00
scftorture.c
scftorture: Pause testing after memory-allocation failure
2023-07-14 15:02:57 -07:00
scs.c
scs: add support for dynamic shadow call stacks
2022-11-09 18:06:35 +00:00
seccomp.c
file: remove __receive_fd()
2023-12-12 14:24:14 +01:00
signal.c
- Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min
2024-03-14 18:03:09 -07:00
smp.c
CSD lock commits for v6.7
2023-10-30 17:56:53 -10:00
smpboot.c
kthread: add kthread_stop_put
2023-10-04 10:41:57 -07:00
smpboot.h
softirq.c
workqueue: Drain BH work items on hot-unplugged CPUs
2024-02-29 11:51:24 -10:00
stackleak.c
stackleak: allow to specify arch specific stackleak poison function
2023-04-20 11:36:35 +02:00
stacktrace.c
stacktrace: fix kernel-doc typo
2023-12-29 12:22:29 -08:00
static_call_inline.c
static_call: Add call depth tracking support
2022-10-17 16:41:16 +02:00
static_call.c
stop_machine.c
sys_ni.c
lsm/stable-6.8 PR 20240105
2024-01-09 12:57:46 -08:00
sys.c
getrusage: use sig->stats_lock rather than lock_task_sighand()
2024-02-07 21:20:32 -08:00
sysctl-test.c
kernel/sysctl-test: use SYSCTL_{ZERO/ONE_HUNDRED} instead of i_{zero/one_hundred}
2022-09-08 16:56:45 -07:00
sysctl.c
tracing: Support to dump instance traces by ftrace_dump_on_oops
2024-03-18 10:33:06 -04:00
task_work.c
task_work: add kerneldoc annotation for 'data' argument
2023-09-19 13:21:32 -07:00
taskstats.c
taskstats: fill_stats_for_tgid: use for_each_thread()
2023-10-04 10:41:57 -07:00
torture.c
torture: Print out torture module parameters
2023-09-24 17:24:01 +02:00
tracepoint.c
tracepoint: Allow livepatch module add trace event
2023-02-18 14:34:36 -05:00
tsacct.c
ucount.c
sysctl: Add size to register_sysctl
2023-08-15 15:26:17 -07:00
uid16.c
uid16.h
umh.c
sysctl: fix unused proc_cap_handler() function warning
2023-06-29 15:19:43 -07:00
up.c
smp: Change function signatures to use call_single_data_t
2023-09-13 14:59:24 +02:00
user_namespace.c
user_namespace: remove unnecessary NULL values from kbuf
2024-02-22 15:38:52 -08:00
user-return-notifier.c
user.c
binfmt_misc: enable sandboxed mounts
2023-10-11 08:46:01 -07:00
usermode_driver.c
utsname_sysctl.c
utsname: simplify one-level sysctl registration for uts_kern_table
2023-04-13 11:49:35 -07:00
utsname.c
vhost_task.c
vhost: Fix worker hangs due to missed wake up calls
2023-06-08 15:43:09 -04:00
vmcore_info.c
crash_core: export vmemmap when CONFIG_SPARSEMEM_VMEMMAP is enabled
2024-03-04 17:01:27 -08:00
watch_queue.c
watch_queue: fix kcalloc() arguments order
2023-12-21 13:17:54 +01:00
watchdog_buddy.c
watchdog/hardlockup: move SMP barriers from common code to buddy code
2023-06-19 16:25:28 -07:00
watchdog_perf.c
watchdog/perf: add a weak function for an arch to detect if perf can use NMIs
2023-06-09 17:44:21 -07:00
watchdog.c
watchdog/core: remove sysctl handlers from public header
2024-03-12 13:09:23 -07:00
workqueue_internal.h
workqueue: Drop the special locking rule for worker->flags and worker_pool->flags
2023-08-07 15:57:22 -10:00
workqueue.c
Driver core changes for 6.9-rc1
2024-03-21 13:34:15 -07:00