mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 12:57:53 +00:00
Code Issues Releases Wiki Activity
No description
1219544 commits 105 branches 5097 tags 5.6 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Guanghui Feng 35f1026070 uio: Fix use-after-free in uio_open 
commit 0c9ae0b860 upstream.

core-1				core-2
-------------------------------------------------------
uio_unregister_device		uio_open
				idev = idr_find()
device_unregister(&idev->dev)
put_device(&idev->dev)
uio_device_release
				get_device(&idev->dev)
kfree(idev)
uio_free_minor(minor)
				uio_release
				put_device(&idev->dev)
				kfree(idev)
-------------------------------------------------------

In the core-1 uio_unregister_device(), the device_unregister will kfree
idev when the idev->dev kobject ref is 1. But after core-1
device_unregister, put_device and before doing kfree, the core-2 may
get_device. Then:
1. After core-1 kfree idev, the core-2 will do use-after-free for idev.
2. When core-2 do uio_release and put_device, the idev will be double
   freed.

To address this issue, we can get idev atomic & inc idev reference with
minor_lock.

Fixes: 57c5f4df0a ("uio: fix crash after the device is unregistered")
Cc: stable <stable@kernel.org>
Signed-off-by: Guanghui Feng <guanghuifeng@linux.alibaba.com>
Reviewed-by: Baolin Wang <baolin.wang@linux.alibaba.com>
Link: https://lore.kernel.org/r/1703152663-59949-1-git-send-email-guanghuifeng@linux.alibaba.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-01-20 11:51:48 +01:00
arch x86/microcode: do not cache microcode if it will not be used 2024-01-20 11:51:47 +01:00
block blk-mq: don't count completed flush data request as inflight in case of quiesce 2024-01-20 11:51:39 +01:00
certs certs: Reference revocation list for all keyrings 2023-08-17 20:12:41 +00:00
crypto crypto: xts - use 'spawn' for underlying single-block cipher 2024-01-10 17:16:54 +01:00
Documentation dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp 2024-01-01 12:42:42 +00:00
drivers uio: Fix use-after-free in uio_open 2024-01-20 11:51:48 +01:00
fs ksmbd: free ppace array on error in parse_dacl 2024-01-20 11:51:48 +01:00
include driver core: Add a guard() definition for the device_lock() 2024-01-20 11:51:44 +01:00
init proc: sysctl: prevent aliased sysctls from getting passed to init 2023-11-28 17:19:57 +00:00
io_uring io_uring: use fget/fput consistently 2024-01-20 11:51:38 +01:00
ipc Add x86 shadow stack support 2023-08-31 12:20:12 -07:00
kernel posix-timers: Get rid of [COMPAT_]SYS_NI() uses 2024-01-20 11:51:46 +01:00
lib ida: Fix crash in ida_free when the bitmap is empty 2024-01-20 11:51:46 +01:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm mm: fix unmap_mapping_range high bits shift bug 2024-01-10 17:17:00 +01:00
net net: qrtr: ns: Return 0 if server port is not present 2024-01-20 11:51:47 +01:00
rust rust: docs: fix logo replacement 2023-10-19 16:40:00 +02:00
samples vfio/mtty: Overhaul mtty interrupt handling 2024-01-10 17:16:55 +01:00
scripts scripts/checkstack.pl: match all stack sizes for s390 2023-12-20 17:01:59 +01:00
security apparmor: Fix move_mount mediation by detecting if source is detached 2024-01-10 17:16:52 +01:00
sound ASoC: SOF: Intel: hda-codec: Delay the codec device registration 2024-01-20 11:51:47 +01:00
tools kselftest: alsa: fixed a print formatting warning 2024-01-20 11:51:45 +01:00
usr initramfs: Encode dependency on KBUILD_BUILD_TIMESTAMP 2023-06-06 17:54:49 +09:00
virt ARM: 2023-09-07 13:52:20 -07:00
.clang-format iommu: Add for_each_group_device() 2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: rpm-pkg: rename binkernel.spec to kernel.spec 2023-07-25 00:59:33 +09:00
.mailmap 20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues 2023-10-24 09:52:16 -10:00
.rustfmt.toml
COPYING
CREDITS USB: Remove Wireless USB and UWB documentation 2023-08-09 14:17:32 +02:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig
MAINTAINERS Char/Misc driver fixes for 6.6-final 2023-10-28 07:51:27 -10:00
Makefile Linux 6.6.12 2024-01-15 18:57:06 +01:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.