iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/mm
History
Jann Horn f581706924 mm: enforce min addr even if capable() in expand_downwards() 
commit 0a1d52994d440e21def1c2174932410b4f2a98a1 upstream.

security_mmap_addr() does a capability check with current_cred(), but
we can reach this code from contexts like a VFS write handler where
current_cred() must not be used.

This can be abused on systems without SMAP to make NULL pointer
dereferences exploitable again.

Fixes: 8869477a49c3 ("security: protect from stack expansion into low vm addresses")
Cc: stable@kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-05 17:58:02 +01:00
..
kasan
kasan: fix shadow_size calculation error in kasan_module_alloc
2018-08-24 13:09:12 +02:00
backing-dev.c
writeback: synchronize sync(2) against cgroup writeback membership switches
2019-03-05 17:58:01 +01:00
balloon_compaction.c
virtio_balloon: fix deadlock on OOM
2018-10-13 09:27:30 +02:00
bootmem.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
cleancache.c
fs: switch ->s_uuid to uuid_t
2017-06-05 16:59:12 +02:00
cma_debug.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
cma.c
mm/cma.c: take __GFP_NOWARN into account in cma_alloc()
2017-10-13 16:18:32 -07:00
cma.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
compaction.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
debug_page_ref.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
debug.c
mm: get rid of vmacache_flush_all() entirely
2018-09-19 22:43:48 +02:00
dmapool.c
lib/vsprintf.c: remove %Z support
2017-02-27 18:43:47 -08:00
early_ioremap.c
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
2018-02-25 11:08:03 +01:00
fadvise.c
mm/fadvise.c: fix signed overflow UBSAN complaint
2018-09-15 09:45:28 +02:00
failslab.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
filemap.c
mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
2018-04-24 09:36:39 +02:00
frame_vector.c
mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'
2018-03-03 10:24:21 +01:00
frontswap.c
mm, frontswap: convert frontswap_enabled to static key
2016-07-26 16:19:19 -07:00
gup.c
mm: do not bug_on on incorrect length in __mm_populate()
2018-07-17 11:39:29 +02:00
highmem.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hmm.c
mm, hmm: mark hmm_devmem_{add, add_resource} EXPORT_SYMBOL_GPL
2019-01-13 10:01:02 +01:00
huge_memory.c
mm/huge_memory: fix lockdep complaint on 32-bit i_size_read()
2018-12-05 19:41:08 +01:00
hugetlb_cgroup.c
mm, hugetlb_cgroup: round limit_in_bytes down to hugepage size
2016-05-20 17:58:30 -07:00
hugetlb.c
userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
2018-12-08 13:03:37 +01:00
hwpoison-inject.c
mm: hwpoison: call shake_page() unconditionally
2017-05-03 15:52:12 -07:00
init-mm.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
internal.h
mm, oom: do not rely on TIF_MEMDIE for memory reserves access
2017-09-06 17:27:30 -07:00
interval_tree.c
lib/interval_tree: fast overlap detection
2017-09-08 18:26:49 -07:00
Kconfig
mm: don't allow deferred pages with NEED_PER_CPU_KM
2018-05-22 18:53:58 +02:00
Kconfig.debug
kmemcheck: rip it out
2018-02-22 15:42:24 +01:00
khugepaged.c
mm/khugepaged: collapse_shmem() do not crash on Compound
2018-12-05 19:41:09 +01:00
kmemleak-test.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
kmemleak.c
mm/kmemleak.c: wait for scan completion before disabling free
2018-05-30 07:52:21 +02:00
ksm.c
mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm()
2018-07-03 11:25:03 +02:00
list_lru.c
mm: memcontrol: use vmalloc fallback for large kmem memcg arrays
2017-10-03 17:54:25 -07:00
maccess.c
x86: remove more uaccess_32.h complexity
2016-05-22 17:21:27 -07:00
madvise.c
mm: madvise(MADV_DODUMP): allow hugetlbfs pages
2018-10-10 08:54:22 +02:00
Makefile
kmemcheck: rip it out
2018-02-22 15:42:24 +01:00
memblock.c
Revert "mm: page_alloc: skip over regions of invalid pfns where possible"
2018-03-28 18:24:39 +02:00
memcontrol.c
memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure
2018-09-05 09:26:32 +02:00
memory_hotplug.c
hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
2019-01-13 10:01:02 +01:00
memory-failure.c
mm: hwpoison: use do_send_sig_info() instead of force_sig()
2019-02-06 17:31:36 +01:00
memory.c
mm, memcg: fix reclaim deadlock with writeback
2019-01-16 22:07:11 +01:00
mempolicy.c
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
2019-02-27 10:08:01 +01:00
mempool.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
memtest.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
migrate.c
mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
2019-02-06 17:31:37 +01:00
mincore.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mlock.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mm_init.c
mm: convert printk(KERN_<LEVEL> to pr_<level>
2016-03-17 15:09:34 -07:00
mmap.c
mm: enforce min addr even if capable() in expand_downwards()
2019-03-05 17:58:02 +01:00
mmu_context.c
sched/headers: Prepare to move the task_lock()/unlock() APIs to <linux/sched/task.h>
2017-03-02 08:42:38 +01:00
mmu_notifier.c
mm/mmu_notifier: kill invalidate_page
2017-08-31 16:13:00 -07:00
mmzone.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mprotect.c
x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
2018-08-15 18:12:51 +02:00
mremap.c
mremap: properly flush TLB before releasing the page
2018-10-20 09:48:53 +02:00
msync.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nobootmem.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nommu.c
Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-09-14 18:13:32 -07:00
oom_kill.c
mm, oom: fix use-after-free in oom_kill_process
2019-02-06 17:31:36 +01:00
page_alloc.c
mm/page_alloc.c: fix calculation of pgdat->nr_zones
2018-12-17 09:28:54 +01:00
page_counter.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
page_ext.c
mm/page_ext.c: check if page_ext is not prepared
2017-11-24 08:37:05 +01:00
page_idle.c
mm: thp: fix potential clearing to referenced flag in page_idle_clear_pte_refs_one()
2018-05-30 07:52:24 +02:00
page_io.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
page_isolation.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
page_owner.c
mm/page_owner: fix recursion bug after changing skip entries
2018-05-30 07:52:21 +02:00
page_poison.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
page_vma_mapped.c
mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly
2018-11-13 11:15:08 -08:00
page-writeback.c
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
2019-01-26 09:37:06 +01:00
pagewalk.c
mm/pagewalk.c: report holes in hugetlb ranges
2017-11-24 08:37:04 +01:00
percpu-internal.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
percpu-km.c
percpu: convert spin_lock_irq to spin_lock_irqsave.
2019-02-12 19:46:05 +01:00
percpu-stats.c
percpu: fix starting offset for chunk statistics traversal
2017-09-27 14:45:57 -07:00
percpu-vm.c
percpu: add __GFP_NORETRY semantics to the percpu balancing path
2018-04-08 14:26:29 +02:00
percpu.c
percpu: stop leaking bitmap metadata blocks
2018-10-18 09:16:23 +02:00
pgtable-generic.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
process_vm_access.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/mm.h>
2017-03-02 08:42:28 +01:00
quicklist.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
readahead.c
readahead: stricter check for bdi io_pages
2018-09-09 19:55:53 +02:00
rmap.c
mm: migration: fix migration of huge PMD shared pages
2018-10-13 09:27:22 +02:00
rodata_test.c
mm: fix RODATA_TEST failure "rodata_test: test data was not read only"
2017-10-03 17:54:24 -07:00
shmem.c
userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set
2018-12-08 13:03:37 +01:00
slab_common.c
mm: don't warn about large allocations for slab
2018-12-01 09:42:51 +01:00
slab.c
slab: alien caches must not be initialized if the allocation of the alien cache failed
2019-01-16 22:07:11 +01:00
slab.h
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
2018-02-22 15:42:23 +01:00
slob.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
slub.c
slub: make ->cpu_partial unsigned int
2018-10-03 17:00:55 -07:00
sparse-vmemmap.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sparse.c
mm: sections are not offlined during memory hotremove
2018-05-16 10:10:27 +02:00
swap_cgroup.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
swap_slots.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
swap_state.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
swap.c
mm: avoid marking swap cached page as lazyfree
2017-10-03 17:54:24 -07:00
swapfile.c
mm/swap: use nr_node_ids for avail_lists in swap_info_struct
2019-01-26 09:37:06 +01:00
truncate.c
mm: cleancache: fix corruption on missed inode invalidation
2018-12-08 13:03:40 +01:00
usercopy.c
mm/usercopy: Drop extra is_vmalloc_or_module() check
2017-04-05 12:30:18 -07:00
userfaultfd.c
userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
2018-12-08 13:03:38 +01:00
util.c
mm: page_mapped: don't assume compound page is huge or THP
2019-01-16 22:07:11 +01:00
vmacache.c
mm: get rid of vmacache_flush_all() entirely
2018-09-19 22:43:48 +02:00
vmalloc.c
mm: vmalloc: avoid racy handling of debugobjects in vunmap
2018-08-03 07:50:23 +02:00
vmpressure.c
mm, vmpressure: pass-through notification support
2017-07-10 16:32:31 -07:00
vmscan.c
mm: don't miss the last page because of round-off error
2018-12-29 13:39:11 +01:00
vmstat.c
mm: hide incomplete nr_indirectly_reclaimable in /proc/zoneinfo
2018-12-08 13:03:40 +01:00
workingset.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
z3fold.c
z3fold: fix possible reclaim races
2018-12-01 09:42:54 +01:00
zbud.c
mm/zbud.c: use list_last_entry() instead of list_tail_entry()
2016-01-15 11:40:52 -08:00
zpool.c
mm: zsmalloc: constify struct zs_pool name
2015-11-06 17:50:42 -08:00
zsmalloc.c
zsmalloc: calling zs_map_object() from irq is a bug
2017-12-14 09:53:10 +01:00
zswap.c
zswap: re-check zswap_is_full() after do zswap_shrink()
2018-09-05 09:26:30 +02:00