linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-04 18:09:57 +00:00

No description

Find a file

Liu Jian 74aecad5da net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() [ Upstream commit `cfaa80c91f` ] I got the below warning when do fuzzing test: BUG: KASAN: null-ptr-deref in scatterwalk_copychunks+0x320/0x470 Read of size 4 at addr 0000000000000008 by task kworker/u8:1/9 CPU: 0 PID: 9 Comm: kworker/u8:1 Tainted: G OE Hardware name: linux,dummy-virt (DT) Workqueue: pencrypt_parallel padata_parallel_worker Call trace: dump_backtrace+0x0/0x420 show_stack+0x34/0x44 dump_stack+0x1d0/0x248 __kasan_report+0x138/0x140 kasan_report+0x44/0x6c __asan_load4+0x94/0xd0 scatterwalk_copychunks+0x320/0x470 skcipher_next_slow+0x14c/0x290 skcipher_walk_next+0x2fc/0x480 skcipher_walk_first+0x9c/0x110 skcipher_walk_aead_common+0x380/0x440 skcipher_walk_aead_encrypt+0x54/0x70 ccm_encrypt+0x13c/0x4d0 crypto_aead_encrypt+0x7c/0xfc pcrypt_aead_enc+0x28/0x84 padata_parallel_worker+0xd0/0x2dc process_one_work+0x49c/0xbdc worker_thread+0x124/0x880 kthread+0x210/0x260 ret_from_fork+0x10/0x18 This is because the value of rec_seq of tls_crypto_info configured by the user program is too large, for example, 0xffffffffffffff. In addition, TLS is asynchronously accelerated. When tls_do_encryption() returns -EINPROGRESS and sk->sk_err is set to EBADMSG due to rec_seq overflow, skmsg is released before the asynchronous encryption process ends. As a result, the UAF problem occurs during the asynchronous processing of the encryption module. If the operation is asynchronous and the encryption module returns EINPROGRESS, do not free the record information. Fixes: `635d939817` ("net/tls: free record only on encryption error") Signed-off-by: Liu Jian <liujian56@huawei.com> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/20230909081434.2324940-1-liujian56@huawei.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>		2023-09-19 12:30:29 +02:00
arch	parisc: sba_iommu: Fix build warning if procfs if disabled	2023-09-19 12:30:27 +02:00
block	blk-throttle: consider 'carryover_ios/bytes' in throtl_trim_slice()	2023-09-19 12:30:16 +02:00
certs	KEYS: Add missing function documentation	2023-04-24 16:15:52 +03:00
crypto	crypto: af_alg - Decrement struct key.usage in alg_set_by_key_serial()	2023-09-13 09:53:55 +02:00
Documentation	dt-bindings: clock: xlnx,versal-clk: drop select:false	2023-09-19 12:30:11 +02:00
drivers	platform/mellanox: NVSW_SN2201 should depend on ACPI	2023-09-19 12:30:29 +02:00
fs	btrfs: scrub: fix grouping of read IO	2023-09-19 12:30:24 +02:00
include	bpf: fix bpf_probe_read_kernel prototype mismatch	2023-09-19 12:30:26 +02:00
init	sched/psi: Select KERNFS as needed	2023-09-13 09:52:59 +02:00
io_uring	io_uring: Don't set affinity on a dying sqpoll thread	2023-09-13 09:53:52 +02:00
ipc	Merge branch 'work.namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2023-02-24 19:20:07 -08:00
kernel	bpf: fix bpf_probe_read_kernel prototype mismatch	2023-09-19 12:30:26 +02:00
lib	kunit: Fix wild-memory-access bug in kunit_free_suite_set()	2023-09-19 12:30:27 +02:00
LICENSES	LICENSES: Add the copyleft-next-0.3.1 license	2022-11-08 15:44:01 +01:00
mm	memcontrol: ensure memcg acquired by id is properly set up	2023-09-19 12:30:23 +02:00
net	net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()	2023-09-19 12:30:29 +02:00
rust	rust: macros: vtable: fix `HAS_*` redefinition (`gen_const_name`)	2023-08-09 21:15:07 +02:00
samples	samples/bpf: fix broken map lookup probe	2023-09-13 09:53:09 +02:00
scripts	linux/export: fix reference to exported functions for parisc64	2023-09-19 12:30:21 +02:00
security	smackfs: Prevent underflow in smk_set_cipso()	2023-09-13 09:53:22 +02:00
sound	ASoC: tegra: Fix SFC conversion for few rates	2023-09-19 12:30:10 +02:00
tools	selftests/ftrace: Fix dependencies for some of the synthetic event tests	2023-09-19 12:30:27 +02:00
usr	initramfs: Encode dependency on KBUILD_BUILD_TIMESTAMP	2023-06-06 17:54:49 +09:00
virt	kvm/vfio: ensure kvg instance stays around in kvm_vfio_group_add()	2023-09-13 09:53:29 +02:00
.clang-format	iommu: Add for_each_group_device()	2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore	get_maintainer: add Alan to .get_maintainer.ignore	2022-08-20 15:17:44 -07:00
.gitattributes	.gitattributes: set diff driver for Rust source code files	2023-05-31 17:48:25 +02:00
.gitignore	Revert ".gitignore: ignore .cover and .mbx"	2023-07-04 15:05:12 -07:00
.mailmap	mailmap: add entries for Simon Horman	2023-08-16 09:53:10 +01:00
.rustfmt.toml	rust: add `.rustfmt.toml`	2022-09-28 09:02:20 +02:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	- Address -Wmissing-prototype warnings	2023-06-26 16:43:54 -07:00
Kbuild	Kbuild updates for v6.1	2022-10-10 12:00:45 -07:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	sound fixes for 6.5	2023-08-25 08:48:14 -07:00
Makefile	kbuild: do not run depmod for 'make modules_sign'	2023-09-19 12:30:12 +02:00
README

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.