iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
925,525 Commits 104 Branches 1,843 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Daniel Axtens 54e200ab40 kernel/relay.c: handle alloc_percpu returning NULL in relay_open 
alloc_percpu() may return NULL, which means chan->buf may be set to NULL.
In that case, when we do *per_cpu_ptr(chan->buf, ...), we dereference an
invalid pointer:

  BUG: Unable to handle kernel data access at 0x7dae0000
  Faulting instruction address: 0xc0000000003f3fec
  ...
  NIP relay_open+0x29c/0x600
  LR relay_open+0x270/0x600
  Call Trace:
     relay_open+0x264/0x600 (unreliable)
     __blk_trace_setup+0x254/0x600
     blk_trace_setup+0x68/0xa0
     sg_ioctl+0x7bc/0x2e80
     do_vfs_ioctl+0x13c/0x1300
     ksys_ioctl+0x94/0x130
     sys_ioctl+0x48/0xb0
     system_call+0x5c/0x68

Check if alloc_percpu returns NULL.

This was found by syzkaller both on x86 and powerpc, and the reproducer
it found on powerpc is capable of hitting the issue as an unprivileged
user.

Fixes: 017c59c042d0 ("relay: Use per CPU constructs for the relay channel buffer pointers")
Reported-by: syzbot+1e925b4b836afe85a1c6@syzkaller-ppc64.appspotmail.com
Reported-by: syzbot+587b2421926808309d21@syzkaller-ppc64.appspotmail.com
Reported-by: syzbot+58320b7171734bf79d26@syzkaller.appspotmail.com
Reported-by: syzbot+d6074fb08bdb2e010520@syzkaller.appspotmail.com
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Andrew Donnellan <ajd@linux.ibm.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Akash Goel <akash.goel@intel.com>
Cc: Andrew Donnellan <ajd@linux.ibm.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Salvatore Bonaccorso <carnil@debian.org>
Cc: <stable@vger.kernel.org>	[4.10+]
Link: http://lkml.kernel.org/r/20191219121256.26480-1-dja@axtens.net
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-06-04 19:06:26 -07:00
arch
powerpc/pseries/hotplug-memory: stop checking is_mem_section_removable()
2020-06-04 19:06:23 -07:00
block
for-5.8/drivers-2020-06-01
2020-06-02 15:37:03 -07:00
certs
.gitignore: add SPDX License Identifier
2020-03-25 11:50:48 +01:00
crypto
crypto: engine - do not requeue in case of fatal error
2020-05-28 17:27:52 +10:00
Documentation
mm/debug: add tests validating architecture page table helpers
2020-06-04 19:06:21 -07:00
drivers
rapidio: convert get_user_pages() --> pin_user_pages()
2020-06-04 19:06:26 -07:00
fs
exec: open code copy_string_kernel
2020-06-04 19:06:26 -07:00
include
exec: simplify the copy_strings_kernel calling convention
2020-06-04 19:06:26 -07:00
init
init: allow distribution configuration of default init
2020-06-04 19:06:25 -07:00
ipc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-06-03 16:27:18 -07:00
kernel
kernel/relay.c: handle alloc_percpu returning NULL in relay_open
2020-06-04 19:06:26 -07:00
lib
lib: make a test module with set/clear bit
2020-06-04 19:06:25 -07:00
LICENSES
LICENSES: Rename other to deprecated
2019-05-03 06:34:32 -06:00
mm
mm/vmstat.c: convert to use DEFINE_SEQ_ATTRIBUTE macro
2020-06-04 19:06:26 -07:00
net
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-06-03 16:27:18 -07:00
samples
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-06-03 16:27:18 -07:00
scripts
checkpatch: use patch subject when reading from stdin
2020-06-04 19:06:25 -07:00
security
mm: add kvfree_sensitive() for freeing sensitive data objects
2020-06-04 19:06:22 -07:00
sound
MIPS updates for v5.8:
2020-06-03 13:32:21 -07:00
tools
lib: make a test module with set/clear bit
2020-06-04 19:06:25 -07:00
usr
kbuild: fix comment about missing include guard detection
2020-04-11 12:09:48 +09:00
virt
A fair amount of stuff this time around, dominated by yet another massive
2020-06-01 15:45:27 -07:00
.clang-format
block: add bio_for_each_bvec_all()
2020-05-25 11:25:24 +02:00
.cocciconfig
.get_maintainer.ignore
Opt out of scripts/get_maintainer.pl
2019-05-16 10:53:40 -07:00
.gitattributes
.gitattributes: use 'dts' diff driver for dts files
2019-12-04 19:44:11 -08:00
.gitignore
.gitignore: add SPDX License Identifier
2020-03-25 11:50:48 +01:00
.mailmap
A fair amount of stuff this time around, dominated by yet another massive
2020-06-01 15:45:27 -07:00
COPYING
COPYING: state that all contributions really are covered by this file
2020-02-10 13:32:20 -08:00
CREDITS
mailmap: change email for Ricardo Ribalda
2020-05-25 18:59:59 -06:00
Kbuild
kbuild: rename hostprogs-y/always to hostprogs/always-y
2020-02-04 01:53:07 +09:00
Kconfig
docs: kbuild: convert docs to ReST and rename to *.rst
2019-06-14 14:21:21 -06:00
MAINTAINERS
media updates for v5.8-rc1
2020-06-03 20:59:38 -07:00
Makefile
arm64 updates for 5.8
2020-06-01 15:18:27 -07:00
README
Drop all 00-INDEX files from Documentation/
2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Description
No description provided
Readme 5.7 GiB
Languages
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%