linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-28 07:13:34 +00:00

No description

Find a file

Xiaolong Huang 9b6b2db77b isdn: cpai: check ctr->cnr to avoid array index out of bound commit `1f3e2e97c0` upstream. The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->task = kthread_run(cmtp_session, session, "kcmtpd_ctr_%d", session->num); During this process, the kernel thread would call detach_capi_ctr() to detach a register controller. if the controller was not attached yet, detach_capi_ctr() would trigger an array-index-out-bounds bug. [ 46.866069][ T6479] UBSAN: array-index-out-of-bounds in drivers/isdn/capi/kcapi.c:483:21 [ 46.867196][ T6479] index -1 is out of range for type 'capi_ctr *[32]' [ 46.867982][ T6479] CPU: 1 PID: 6479 Comm: kcmtpd_ctr_0 Not tainted 5.15.0-rc2+ #8 [ 46.869002][ T6479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 [ 46.870107][ T6479] Call Trace: [ 46.870473][ T6479] dump_stack_lvl+0x57/0x7d [ 46.870974][ T6479] ubsan_epilogue+0x5/0x40 [ 46.871458][ T6479] __ubsan_handle_out_of_bounds.cold+0x43/0x48 [ 46.872135][ T6479] detach_capi_ctr+0x64/0xc0 [ 46.872639][ T6479] cmtp_session+0x5c8/0x5d0 [ 46.873131][ T6479] ? __init_waitqueue_head+0x60/0x60 [ 46.873712][ T6479] ? cmtp_add_msgpart+0x120/0x120 [ 46.874256][ T6479] kthread+0x147/0x170 [ 46.874709][ T6479] ? set_kthread_struct+0x40/0x40 [ 46.875248][ T6479] ret_from_fork+0x1f/0x30 [ 46.875773][ T6479] Signed-off-by: Xiaolong Huang <butterflyhuangxx@gmail.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Link: https://lore.kernel.org/r/20211008065830.305057-1-butterflyhuangxx@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2021-10-27 09:51:40 +02:00
arch	NIOS2: irqflags: rename a redefined register name	2021-10-27 09:51:39 +02:00
block	blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()	2021-09-26 13:37:30 +02:00
certs	certs: Trigger creation of RSA module signing key if it's not an RSA key	2021-09-22 11:45:19 +02:00
crypto	crypto: shash - avoid comparing pointers to exported functions under CFI	2021-07-20 16:17:32 +02:00
Documentation	dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation	2021-09-22 11:45:34 +02:00
drivers	isdn: cpai: check ctr->cnr to avoid array index out of bound	2021-10-27 09:51:40 +02:00
firmware	Fix built-in early-load Intel microcode alignment	2020-01-23 08:20:30 +01:00
fs	vfs: check fd has read access in kernel_read_file_from_fd()	2021-10-27 09:51:40 +02:00
include	elfcore: correct reference to CONFIG_UML	2021-10-27 09:51:40 +02:00
init	pid: take a reference when initializing `cad_pid`	2021-06-10 12:43:51 +02:00
ipc	ipc/util.c: sysvipc_find_ipc() incorrectly updates position index	2020-05-20 08:17:07 +02:00
kernel	bpf: Fix integer overflow in prealloc_elems_and_freelist()	2021-10-17 10:08:32 +02:00
lib	bpf: add also cbpf long jump test cases with heavy expansion	2021-10-17 10:08:32 +02:00
mm	mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()	2021-09-22 11:45:34 +02:00
net	nfc: nci: fix the UAF of rf_conn_info object	2021-10-27 09:51:40 +02:00
samples	samples/bpf: Fix the error return code of xdp_redirect's main()	2021-07-20 16:17:37 +02:00
scripts	scripts/tracing: fix the bug that can't parse raw_trace_func	2021-08-15 13:03:31 +02:00
security	apparmor: remove duplicate macro list_entry_is_head()	2021-09-26 13:37:28 +02:00
sound	ASoC: DAPM: Fix missing kctl change notifications	2021-10-27 09:51:40 +02:00
tools	usb: testusb: Fix for showing the connection speed	2021-10-09 14:09:46 +02:00
usr	initramfs: restore default compression behavior	2020-04-13 10:34:19 +02:00
virt	KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()	2021-08-08 08:53:29 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes	.gitattributes: set git diff driver for C source code files	2016-10-07 18:46:30 -07:00
.gitignore	kbuild: rpm-pkg: keep spec file until make mrproper	2018-02-13 10:19:46 +01:00
.mailmap	.mailmap: Add Maciej W. Rozycki's Imagination e-mail address	2017-11-10 12:16:15 -08:00
COPYING
CREDITS	MAINTAINERS: update TPM driver infrastructure changes	2017-11-09 17:58:40 -08:00
Kbuild	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
Kconfig	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
MAINTAINERS	MAINTAINERS: Update drm/i915 bug filing URL	2020-02-28 16:36:12 +01:00
Makefile	Linux 4.14.252	2021-10-20 10:42:06 +02:00
README	README: add a new README file, pointing to the Documentation/	2016-10-24 08:12:35 -02:00

README

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.