mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-05 18:39:59 +00:00
Code Issues Releases Wiki Activity
No description
716359 commits 104 branches 5082 tags 5.5 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Eric Biggers 540f89376b HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges 
commit 8c01db7619 upstream.

When a UHID_CREATE command is written to the uhid char device, a
copy_from_user() is done from a user pointer embedded in the command.
When the address limit is KERNEL_DS, e.g. as is the case during
sys_sendfile(), this can read from kernel memory.  Alternatively,
information can be leaked from a setuid binary that is tricked to write
to the file descriptor.  Therefore, forbid UHID_CREATE in these cases.

No other commands in uhid_char_write() are affected by this bug and
UHID_CREATE is marked as "obsolete", so apply the restriction to
UHID_CREATE only rather than to uhid_char_write() entirely.

Thanks to Dmitry Vyukov for adding uhid definitions to syzkaller and to
Jann Horn for commit 9da3f2b740 ("x86/fault: BUG() when uaccess
helpers fault on kernel addresses"), allowing this bug to be found.

Reported-by: syzbot+72473edc9bf4eb1c6556@syzkaller.appspotmail.com
Fixes: d365c6cfd3 ("HID: uhid: add UHID_CREATE and UHID_DESTROY events")
Cc: <stable@vger.kernel.org> # v3.6+
Cc: Jann Horn <jannh@google.com>
Cc: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Jann Horn <jannh@google.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-27 16:10:51 +01:00
arch MIPS: OCTEON: cavium_octeon_defconfig: re-enable OCTEON USB driver 2018-11-27 16:10:50 +01:00
block SCSI: fix queue cleanup race before queue initialization is done 2018-11-21 09:24:09 +01:00
certs Replace magic for trusting the secondary keyring with #define 2018-09-09 19:55:54 +02:00
crypto crypto: user - fix leaking uninitialized memory to userspace 2018-11-21 09:24:15 +01:00
Documentation x86/mm: Move LDT remap out of KASLR region on 5-level paging 2018-11-27 16:10:50 +01:00
drivers HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges 2018-11-27 16:10:51 +01:00
firmware License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fs fs/exofs: fix potential memory leak in mount option parsing 2018-11-27 16:10:47 +01:00
include netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() 2018-11-27 16:10:48 +01:00
init init: rename and re-order boot_cpu_state_init() 2018-08-15 18:12:48 +02:00
ipc ipc/sem.c: prevent queue.status tearing in semop 2018-09-05 09:26:30 +02:00
kernel sched/core: Take the hotplug lock in sched_init_smp() 2018-11-27 16:10:49 +01:00
lib lib/raid6: Fix arm64 test build 2018-11-27 16:10:48 +01:00
mm mm/swapfile.c: use kvzalloc for swap_info_struct allocation 2018-11-21 09:24:15 +01:00
net SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() 2018-11-27 16:10:49 +01:00
samples samples/bpf: Check the error of write() and read() 2018-08-24 13:09:12 +02:00
scripts kconfig: fix the rule of mainmenu_stmt symbol 2018-11-04 14:52:45 +01:00
security apparmor: Fix uninitialized value in aa_split_fqname 2018-11-27 16:10:47 +01:00
sound ASoC: intel: skylake: Add missing break in skl_tplg_get_token() 2018-11-13 11:15:05 -08:00
tools perf test code-reading: Fix perf_env setup for PTI entry trampolines 2018-11-27 16:10:50 +01:00
usr initramfs: fix initramfs rebuilds w/ compression after disabling 2017-11-03 07:39:19 -07:00
virt KVM: arm64: Fix caching of host MDCR_EL2 value 2018-11-13 11:15:08 -08:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: rpm-pkg: keep spec file until make mrproper 2018-02-13 10:19:46 +01:00
.mailmap .mailmap: Add Maciej W. Rozycki's Imagination e-mail address 2017-11-10 12:16:15 -08:00
COPYING
CREDITS MAINTAINERS: update TPM driver infrastructure changes 2017-11-09 17:58:40 -08:00
Kbuild License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
MAINTAINERS dt-bindings: Document mti,mips-cpc binding 2018-03-15 10:54:35 +01:00
Makefile Linux 4.14.83 2018-11-23 08:19:27 +01:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.