iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,224,838 Commits 104 Branches 1,843 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Dominique Martinet f0c5c944c6 9p: add missing locking around taking dentry fid list 
commit c898afdc15645efb555acb6d85b484eb40a45409 upstream.

Fix a use-after-free on dentry's d_fsdata fid list when a thread
looks up a fid through dentry while another thread unlinks it:

UAF thread:
refcount_t: addition on 0; use-after-free.
 p9_fid_get linux/./include/net/9p/client.h:262
 v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129
 v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181
 v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314
 v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400
 vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248

Freed by:
 p9_fid_destroy (inlined)
 p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456
 p9_fid_put linux/./include/net/9p/client.h:278
 v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55
 v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518
 vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335

The problem is that d_fsdata was not accessed under d_lock, because
d_release() normally is only called once the dentry is otherwise no
longer accessible but since we also call it explicitly in v9fs_remove
that lock is required:
move the hlist out of the dentry under lock then unref its fids once
they are no longer accessible.

Fixes: 154372e67d40 ("fs/9p: fix create-unlink-getattr idiom")
Cc: stable@vger.kernel.org
Reported-by: Meysam Firouzi
Reported-by: Amirmohammad Eftekhar
Reviewed-by: Christian Schoenebeck <linux_oss@crudebyte.com>
Message-ID: <20240521122947.1080227-1-asmadeus@codewreck.org>
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-06-16 13:47:37 +02:00
arch
arm64: dts: ti: verdin-am62: Set memory size to 2gb
2024-06-16 13:47:35 +02:00
block
blk-cgroup: Properly propagate the iostat update up the hierarchy
2024-06-12 11:12:46 +02:00
certs
certs: Reference revocation list for all keyrings
2023-08-17 20:12:41 +00:00
crypto
KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
2024-06-12 11:11:22 +02:00
Documentation
dt-bindings: adc: axi-adc: add clocks property
2024-06-12 11:12:36 +02:00
drivers
drm/amdgpu/atomfirmware: add intergrated info v2.3 table
2024-06-16 13:47:37 +02:00
fs
9p: add missing locking around taking dentry fid list
2024-06-16 13:47:37 +02:00
include
mmc: core: Add mmc_gpiod_set_cd_config() function
2024-06-16 13:47:36 +02:00
init
rust: make mutually exclusive with CFI_CLANG
2024-05-02 16:32:42 +02:00
io_uring
io-wq: write next_work before dropping acct_lock
2024-06-12 11:11:33 +02:00
ipc
Add x86 shadow stack support
2023-08-31 12:20:12 -07:00
kernel
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
2024-06-12 11:13:01 +02:00
lib
lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
2024-06-12 11:12:08 +02:00
LICENSES
LICENSES: Add the copyleft-next-0.3.1 license
2022-11-08 15:44:01 +01:00
mm
mm: ratelimit stat flush from workingset shrinker
2024-06-16 13:47:31 +02:00
net
mptcp: fix full TCP keep-alive support
2024-06-16 13:47:31 +02:00
rust
rust: kernel: require Send for Module implementations
2024-05-17 12:01:56 +02:00
samples
work around gcc bugs with 'asm goto' with outputs
2024-02-23 09:24:47 +01:00
scripts
kconfig: fix comparison to constant symbols, 'm', 'n'
2024-06-12 11:12:58 +02:00
security
KEYS: trusted: Do not use WARN when encode fails
2024-05-25 16:22:55 +02:00
sound
ALSA: timer: Set lower bound of start tick time
2024-06-12 11:13:00 +02:00
tools
selftests: net: List helper scripts in TEST_FILES Makefile variable
2024-06-16 13:47:32 +02:00
usr
initramfs: Encode dependency on KBUILD_BUILD_TIMESTAMP
2023-06-06 17:54:49 +09:00
virt
KVM: Always flush async #PF workqueue when vCPU is being destroyed
2024-04-03 15:28:18 +02:00
.clang-format
iommu: Add for_each_group_device()
2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore
get_maintainer: add Alan to .get_maintainer.ignore
2022-08-20 15:17:44 -07:00
.gitattributes
.gitattributes: set diff driver for Rust source code files
2023-05-31 17:48:25 +02:00
.gitignore
kbuild: rpm-pkg: rename binkernel.spec to kernel.spec
2023-07-25 00:59:33 +09:00
.mailmap
20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues
2023-10-24 09:52:16 -10:00
.rustfmt.toml
rust: add .rustfmt.toml
2022-09-28 09:02:20 +02:00
COPYING
CREDITS
USB: Remove Wireless USB and UWB documentation
2023-08-09 14:17:32 +02:00
Kbuild
Kbuild updates for v6.1
2022-10-10 12:00:45 -07:00
Kconfig
kbuild: ensure full rebuild when the compiler is updated
2020-05-12 13:28:33 +09:00
MAINTAINERS
pwm: Rename pwm_apply_state() to pwm_apply_might_sleep()
2024-06-12 11:12:24 +02:00
Makefile
Linux 6.6.33
2024-06-12 11:13:03 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Description
No description provided
Readme 5.7 GiB
Languages
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%