mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 12:57:53 +00:00
Code Issues Releases Wiki Activity
No description
1173202 commits 105 branches 5097 tags 5.6 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Ruihan Li b0167893c0 Bluetooth: Fix UAF in hci_conn_hash_flush again 
commit a2ac591cb4 upstream.

Commit 06149746e7 ("Bluetooth: hci_conn: Add support for linking
multiple hcon") reintroduced a previously fixed bug [1] ("KASAN:
slab-use-after-free Read in hci_conn_hash_flush"). This bug was
originally fixed by commit 5dc7d23e16 ("Bluetooth: hci_conn: Fix
possible UAF").

The hci_conn_unlink function was added to avoid invalidating the link
traversal caused by successive hci_conn_del operations releasing extra
connections. However, currently hci_conn_unlink itself also releases
extra connections, resulted in the reintroduced bug.

This patch follows a more robust solution for cleaning up all
connections, by repeatedly removing the first connection until there are
none left. This approach does not rely on the inner workings of
hci_conn_del and ensures proper cleanup of all connections.

Meanwhile, we need to make sure that hci_conn_del never fails. Indeed it
doesn't, as it now always returns zero. To make this a bit clearer, this
patch also changes its return type to void.

Reported-by: syzbot+8bb72f86fc823817bc5d@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-bluetooth/000000000000aa920505f60d25ad@google.com/
Fixes: 06149746e7 ("Bluetooth: hci_conn: Add support for linking multiple hcon")
Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
Co-developed-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-06-14 11:17:05 +02:00
arch riscv: fix kprobe __user string arg print fault issue 2023-06-14 11:17:03 +02:00
block blk-mq: fix blk_mq_hw_ctx active request accounting 2023-06-14 11:17:02 +02:00
certs Kbuild updates for v6.3 2023-02-26 11:53:25 -08:00
crypto KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() 2023-06-09 10:48:25 +02:00
Documentation mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM 2023-06-14 11:16:59 +02:00
drivers vhost_vdpa: support PACKED when setting-getting vring_base 2023-06-14 11:17:04 +02:00
fs ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop 2023-06-14 11:17:04 +02:00
include Bluetooth: Fix UAF in hci_conn_hash_flush again 2023-06-14 11:17:05 +02:00
init gcc: disable '-Warray-bounds' for gcc-13 too 2023-04-23 09:56:20 -07:00
io_uring io_uring: undeprecate epoll_ctl support 2023-06-09 10:48:19 +02:00
ipc Merge branch 'work.namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2023-02-24 19:20:07 -08:00
kernel bpf: Add extra path pointer check to d_path helper 2023-06-14 11:16:51 +02:00
lib lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release() 2023-06-14 11:16:51 +02:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm mm: page_table_check: Ensure user pages are not slab pages 2023-06-14 11:16:59 +02:00
net Bluetooth: Fix UAF in hci_conn_hash_flush again 2023-06-14 11:17:05 +02:00
rust rust: allow to use INIT_STACK_ALL_ZERO 2023-04-19 19:34:43 +02:00
samples samples/bpf: Fix fout leak in hbm's run_bpf_prog 2023-05-24 17:30:06 +01:00
scripts recordmcount: Fix memory leaks in the uwrite function 2023-05-24 17:30:10 +01:00
security selinux: don't use make's grouped targets feature yet 2023-06-09 10:48:20 +02:00
sound ASoC: simple-card-utils: fix PCM constraint error check 2023-06-14 11:17:02 +02:00
tools selftests: mptcp: update userspace pm subflow tests 2023-06-14 11:16:57 +02:00
usr initramfs: Check negative timestamp to prevent broken cpio archive 2023-04-16 17:37:01 +09:00
virt KVM: Fix vcpu_array[0] races 2023-05-24 17:30:22 +01:00
.clang-format cpumask: re-introduce constant-sized cpumask optimizations 2023-03-05 14:30:34 -08:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for *.dtso files 2023-02-26 15:28:23 +09:00
.gitignore kbuild: rpm-pkg: move source components to rpmbuild/SOURCES 2023-03-16 22:45:56 +09:00
.mailmap Networking fixes for 6.3-rc8, including fixes from netfilter and bpf 2023-04-20 11:03:51 -07:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS There is no particular theme here - mainly quick hits all over the tree. 2023-02-23 17:55:40 -08:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: Resume MPTCP co-maintainer role 2023-04-19 18:10:24 -07:00
Makefile Linux 6.3.7 2023-06-09 10:48:26 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.