mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 22:02:02 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/sh
History
Duoming Zhou 610dbd8ac2 sh: push-switch: Reorder cleanup operations to avoid use-after-free bug 
[ Upstream commit 246f80a0b1 ]

The original code puts flush_work() before timer_shutdown_sync()
in switch_drv_remove(). Although we use flush_work() to stop
the worker, it could be rescheduled in switch_timer(). As a result,
a use-after-free bug can occur. The details are shown below:

      (cpu 0)                    |      (cpu 1)
switch_drv_remove()              |
 flush_work()                    |
  ...                            |  switch_timer // timer
                                 |   schedule_work(&psw->work)
 timer_shutdown_sync()           |
 ...                             |  switch_work_handler // worker
 kfree(psw) // free              |
                                 |   psw->state = 0 // use

This patch puts timer_shutdown_sync() before flush_work() to
mitigate the bugs. As a result, the worker and timer will be
stopped safely before the deallocate operations.

Fixes: 9f5e8eee5c ("sh: generic push-switch framework.")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Link: https://lore.kernel.org/r/20230802033737.9738-1-duoming@zju.edu.cn
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-09-19 12:30:21 +02:00
..
boards sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory() 2023-09-19 12:30:21 +02:00
boot sh: Use generic GCC library routines 2023-04-25 09:16:47 +02:00
cchips sh: hd64461: Handle virq offset for offchip IRQ base and HD64461 IRQ 2023-07-13 08:37:53 +02:00
configs arch/*/configs/*defconfig: Replace AUTOFS4_FS by AUTOFS_FS 2023-07-29 14:08:22 -07:00
drivers sh: push-switch: Reorder cleanup operations to avoid use-after-free bug 2023-09-19 12:30:21 +02:00
include sh fixes for v6.5 2023-07-13 13:34:00 -07:00
kernel sh updates for v6.5 2023-07-05 21:45:32 -07:00
lib sh: Use generic GCC library routines 2023-04-25 09:16:47 +02:00
math-emu sh: math-emu: fix macro redefined warning 2023-03-23 10:00:03 +01:00
mm Merge branch 'expand-stack' 2023-06-28 20:35:21 -07:00
tools
Kbuild sh: Move build rule for cchips/hd6446x/ to arch/sh/Kbuild 2023-07-05 18:55:18 +02:00
Kconfig Merge branch 'expand-stack' 2023-06-28 20:35:21 -07:00
Kconfig.cpu docs: move superh documentation under Documentation/arch/ 2023-03-30 13:00:35 -06:00
Kconfig.debug sh: mcount.S: fix build error when PRINTK is not enabled 2023-03-23 10:02:02 +01:00
Makefile sh: Remove compiler flag duplication 2023-07-05 18:55:25 +02:00