mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-14 12:37:32 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Mikulas Patocka dbf1a71985 dm: fix a race condition in retrieve_deps 
[ Upstream commit f6007dce0c ]

There's a race condition in the multipath target when retrieve_deps
races with multipath_message calling dm_get_device and dm_put_device.
retrieve_deps walks the list of open devices without holding any lock
but multipath may add or remove devices to the list while it is
running. The end result may be memory corruption or use-after-free
memory access.

See this description of a UAF with multipath_message():
https://listman.redhat.com/archives/dm-devel/2022-October/052373.html

Fix this bug by introducing a new rw semaphore "devices_lock". We grab
devices_lock for read in retrieve_deps and we grab it for write in
dm_get_device and dm_put_device.

Reported-by: Luo Meng <luomeng12@huawei.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Tested-by: Li Lingfeng <lilingfeng3@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-10-06 14:56:32 +02:00
..
accessibility
acpi ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects 2023-09-23 11:11:00 +02:00
amba
android
ata ata: libahci: clear pending interrupt status 2023-09-23 11:11:12 +02:00
atm
auxdisplay
base
bcma
block null_blk: fix poll request timeout handling 2023-09-19 12:27:56 +02:00
bluetooth
bus bus: ti-sysc: Configure uart quirks for k3 SoC 2023-09-23 11:11:05 +02:00
cdrom
char tpm_tis: Resend command to recover from data transfer errors 2023-09-23 11:11:02 +02:00
clk clk: qcom: mss-sc7180: fix missing resume during probe 2023-09-19 12:27:57 +02:00
clocksource clocksource/drivers/arm_arch_timer: Disable timer before programming CVAL 2023-09-19 12:28:04 +02:00
comedi
connector
counter
cpufreq cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug 2023-09-13 09:43:04 +02:00
cpuidle
crypto crypto: stm32 - fix loop iterating through scatterlist for DMA 2023-09-13 09:43:04 +02:00
cxl
dax
dca
devfreq PM / devfreq: Fix leak in devfreq_dev_release() 2023-09-13 09:42:59 +02:00
dio
dma dmaengine: sh: rz-dmac: Fix destination and source data size setting 2023-09-19 12:28:04 +02:00
dma-buf dma-buf: Add unlocked variant of attachment-mapping functions 2023-09-23 11:11:08 +02:00
edac
eisa
extcon
firewire
firmware arm64: sdei: abort running SDEI handlers during crash 2023-09-13 09:43:03 +02:00
fpga
fsi
gnss
gpio
gpu drm/amdgpu: fix amdgpu_cs_p1_user_fence 2023-09-23 11:11:12 +02:00
greybus
hid
hsi
hte
hv
hwmon
hwspinlock hwspinlock: qcom: add missing regmap config for SFPB MMIO implementation 2023-09-19 12:28:05 +02:00
hwtracing
i2c i2c: aspeed: Reset the i2c controller when timeout occurs 2023-09-23 11:11:12 +02:00
i3c i3c: master: svc: fix probe failure when no i3c device exist 2023-09-13 09:43:01 +02:00
idle
iio
infiniband
input Input: tca6416-keypad - fix interrupt enable disbalance 2023-09-19 12:27:59 +02:00
interconnect interconnect: Teach lockdep about icc_bw_lock order 2023-09-23 11:11:13 +02:00
iommu
ipack
irqchip
isdn
leds
macintosh
mailbox mailbox: qcom-ipcc: fix incorrect num_chans counting 2023-09-19 12:27:58 +02:00
mcb
md dm: fix a race condition in retrieve_deps 2023-10-06 14:56:32 +02:00
media media: via: Use correct dependency for camera sensor drivers 2023-10-06 14:56:32 +02:00
memory
memstick
message
mfd
misc misc: fastrpc: Fix incorrect DMA mapping unmap request 2023-09-23 11:11:08 +02:00
mmc mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450 2023-09-23 11:11:02 +02:00
most
mtd mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller 2023-09-19 12:28:06 +02:00
mux
net wifi: mac80211_hwsim: drop short frames 2023-09-23 11:11:03 +02:00
nfc
ntb ntb: Fix calculation ntb_transport_tx_free_entry() 2023-09-13 09:43:02 +02:00
nubus
nvdimm
nvme nvme: avoid bogus CRTO values 2023-09-23 11:11:10 +02:00
nvmem
of treewide: Fix probing of devices in DT overlays 2023-09-13 09:43:05 +02:00
opp
parisc parisc: led: Reduce CPU overhead for disk & lan LED computation 2023-09-19 12:27:57 +02:00
parport
pci PCI: fu740: Set the number of MSI vectors 2023-09-23 11:11:05 +02:00
pcmcia
peci
perf perf/imx_ddr: speed up overflow frequency of cycle 2023-09-23 11:11:00 +02:00
phy
pinctrl pinctrl: cherryview: fix address_space_handler() argument 2023-09-19 12:27:57 +02:00
platform platform/mellanox: NVSW_SN2201 should depend on ACPI 2023-09-19 12:28:09 +02:00
pnp
power
powercap
pps
ps3
ptp
pwm pwm: lpc32xx: Remove handling of PWM channels 2023-09-19 12:28:00 +02:00
rapidio
ras
regulator
remoteproc
reset
rpmsg
rtc
s390 s390/zcrypt: don't leak memory if dev_set_name() fails 2023-09-19 12:28:03 +02:00
sbus
scsi scsi: pm8001: Setup IRQs on resume 2023-09-23 11:11:12 +02:00
sh
siox
slimbus
soc soc: qcom: qmi_encdec: Restrict string length in decode 2023-09-19 12:27:57 +02:00
soundwire
spi treewide: Fix probing of devices in DT overlays 2023-09-13 09:43:05 +02:00
spmi
ssb
staging
target scsi: target: core: Fix target_cmd_counter leak 2023-09-23 11:11:09 +02:00
tc
tee
thermal
thunderbolt
tty serial: cpm_uart: Avoid suspicious locking 2023-09-23 11:11:07 +02:00
ufs
uio
usb usb: chipidea: add workaround for chipidea PEC bug 2023-09-23 11:11:07 +02:00
vdpa
vfio
vhost
video backlight: gpio_backlight: Drop output GPIO direction check for initial power state 2023-09-19 12:27:59 +02:00
virt
virtio
vlynq
w1
watchdog watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load 2023-09-19 12:28:00 +02:00
xen
zorro
Kconfig
Makefile