mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-17 16:15:18 +00:00
Code Issues Releases Wiki Activity
No description
731651 commits 105 branches 5094 tags 5.5 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Lv Yunlong dcf6be17b5 drbd: Fix five use after free bugs in get_initial_state 
[ Upstream commit aadb22ba2f ]

In get_initial_state, it calls notify_initial_state_done(skb,..) if
cb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(),
the skb will be freed by nlmsg_free(skb).
Then get_initial_state will goto out and the freed skb will be used by
return value skb->len, which is a uaf bug.

What's worse, the same problem goes even further: skb can also be
freed in the notify_*_state_change -> notify_*_state calls below.
Thus 4 additional uaf bugs happened.

My patch lets the problem callee functions: notify_initial_state_done
and notify_*_state_change return an error code if errors happen.
So that the error codes could be propagated and the uaf bugs can be avoid.

v2 reports a compilation warning. This v3 fixed this warning and built
successfully in my local environment with no additional warnings.
v2: https://lore.kernel.org/patchwork/patch/1435218/

Fixes: a29728463b ("drbd: Backport the "events2" command")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Reviewed-by: Christoph Böhmwalder <christoph.boehmwalder@linbit.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-04-20 09:08:29 +02:00
arch xtensa: fix DTC warning unit_address_format 2022-04-20 09:08:27 +02:00
block block: bio-integrity: Advance seed correctly for larger interval sizes 2022-02-08 18:16:28 +01:00
certs certs: Trigger creation of RSA module signing key if it's not an RSA key 2021-09-22 11:45:19 +02:00
crypto crypto: authenc - Fix sleep in atomic context in decrypt_tail 2022-04-20 09:08:12 +02:00
Documentation Documentation: update stable tree link 2022-04-20 09:08:09 +02:00
drivers drbd: Fix five use after free bugs in get_initial_state 2022-04-20 09:08:29 +02:00
firmware Fix built-in early-load Intel microcode alignment 2020-01-23 08:20:30 +01:00
fs jfs: prevent NULL deref in diFree 2022-04-20 09:08:28 +02:00
include net: add missing SOF_TIMESTAMPING_OPT_ID support 2022-04-20 09:08:28 +02:00
init init/main.c: return 1 from handled __setup() functions 2022-04-20 09:08:28 +02:00
ipc ipc: WARN if trying to remove ipc object which is absent 2021-12-08 08:46:53 +01:00
kernel printk: fix return value of printk.devkmsg __setup handler 2022-04-20 09:08:15 +02:00
lib lib/test: use after free in register_test_dev_kmod() 2022-04-20 09:08:21 +02:00
mm mm: fix race between MADV_FREE reclaim and blkdev direct IO read 2022-04-20 09:08:29 +02:00
net net: add missing SOF_TIMESTAMPING_OPT_ID support 2022-04-20 09:08:28 +02:00
samples samples/kretprobes: Fix return value if register_kretprobe() failed 2021-11-26 11:40:31 +01:00
scripts Makefile.extrawarn: Move -Wunaligned-access to W=1 2022-02-23 11:57:32 +01:00
security Fix incorrect type in assignment of ipv6 port for audit 2022-04-20 09:08:21 +02:00
sound ASoC: topology: Allow TLV control to be either read or write 2022-04-20 09:08:25 +02:00
tools selftests/x86: Add validity check and allow field splitting 2022-04-20 09:08:12 +02:00
usr initramfs: restore default compression behavior 2020-04-13 10:34:19 +02:00
virt KVM: Prevent module exit until all VMs are freed 2022-04-20 09:08:24 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: rpm-pkg: keep spec file until make mrproper 2018-02-13 10:19:46 +01:00
.mailmap .mailmap: Add Maciej W. Rozycki's Imagination e-mail address 2017-11-10 12:16:15 -08:00
COPYING
CREDITS MAINTAINERS: update TPM driver infrastructure changes 2017-11-09 17:58:40 -08:00
Kbuild License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
MAINTAINERS MAINTAINERS: Update drm/i915 bug filing URL 2020-02-28 16:36:12 +01:00
Makefile Linux 4.14.275 2022-04-02 12:41:10 +02:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.