mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 04:47:05 +00:00
Code Issues Releases Wiki Activity
No description
1138628 commits 105 branches 5097 tags 5.5 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Jann Horn b52be557e2 ipc/sem: Fix dangling sem_array access in semtimedop race 
When __do_semtimedop() goes to sleep because it has to wait for a
semaphore value becoming zero or becoming bigger than some threshold, it
links the on-stack sem_queue to the sem_array, then goes to sleep
without holding a reference on the sem_array.

When __do_semtimedop() comes back out of sleep, one of two things must
happen:

 a) We prove that the on-stack sem_queue has been disconnected from the
    (possibly freed) sem_array, making it safe to return from the stack
    frame that the sem_queue exists in.

 b) We stabilize our reference to the sem_array, lock the sem_array, and
    detach the sem_queue from the sem_array ourselves.

sem_array has RCU lifetime, so for case (b), the reference can be
stabilized inside an RCU read-side critical section by locklessly
checking whether the sem_queue is still connected to the sem_array.

However, the current code does the lockless check on sem_queue before
starting an RCU read-side critical section, so the result of the
lockless check immediately becomes useless.

Fix it by doing rcu_read_lock() before the lockless check.  Now RCU
ensures that if we observe the object being on our queue, the object
can't be freed until rcu_read_unlock().

This bug is only hittable on kernel builds with full preemption support
(either CONFIG_PREEMPT or PREEMPT_DYNAMIC with preempt=full).

Fixes: 370b262c89 ("ipc/sem: avoid idr tree lookup for interrupted semop")
Cc: stable@vger.kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-12-05 10:54:44 -08:00
arch powerpc fixes for 6.1 #6 2022-12-04 12:24:58 -08:00
block block-6.1-2022-11-25 2022-11-25 17:50:57 -08:00
certs certs: make system keyring depend on built-in x509 parser 2022-09-24 04:31:18 +09:00
crypto treewide: use get_random_bytes() when possible 2022-10-11 17:42:58 -06:00
Documentation A set of clk driver fixes that resolve issues for various SoCs. Most of 2022-11-30 15:46:46 -08:00
drivers char: tpm: Protect tpm_pm_suspend with locks 2022-12-04 12:49:13 -08:00
fs 15 hotfixes. 11 marked cc:stable. Only three or four of the latter 2022-12-02 13:39:38 -08:00
include MMC core: 2022-12-02 15:58:07 -08:00
init init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash 2022-11-22 22:42:38 +09:00
io_uring io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available 2022-11-25 10:55:08 -07:00
ipc ipc/sem: Fix dangling sem_array access in semtimedop race 2022-12-05 10:54:44 -08:00
kernel - Fix a use-after-free case where the perf pending task callback would 2022-12-04 12:36:23 -08:00
lib 15 hotfixes. 11 marked cc:stable. Only three or four of the latter 2022-12-02 13:39:38 -08:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm Revert "mm: align larger anonymous mappings on THP boundaries" 2022-12-04 12:51:59 -08:00
net Including fixes from bpf, can and wifi. 2022-11-29 09:52:10 -08:00
rust Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
samples VFIO updates for v6.1-rc1 2022-10-12 14:46:48 -07:00
scripts - Handle different output of readelf on different distros running 2022-11-27 12:08:17 -08:00
security lsm/stable-6.1 PR 20221031 2022-10-31 12:09:42 -07:00
sound ASoC: Fixes for v6.1 2022-11-30 17:26:55 +01:00
tools 15 hotfixes. 11 marked cc:stable. Only three or four of the latter 2022-12-02 13:39:38 -08:00
usr usr/gen_init_cpio.c: remove unnecessary -1 values from int file 2022-10-03 14:21:44 -07:00
virt Merge branch 'kvm-dwmw2-fixes' into HEAD 2022-11-23 18:59:45 -05:00
.clang-format PCI/DOE: Add DOE mailbox support functions 2022-07-19 15:38:04 -07:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
.mailmap Including fixes from bpf, can and wifi. 2022-11-29 09:52:10 -08:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Remove Michal Marek from Kbuild maintainers 2022-11-16 14:53:00 +09:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Including fixes from bpf, can and wifi. 2022-11-29 09:52:10 -08:00
Makefile Linux 6.1-rc8 2022-12-04 14:48:12 -08:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.