MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-07-19 03:59:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,233,625 Commits 569 Branches 4,415 Tags 3.6 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
58eb29dba7
Go to file
Kaixin Wang 58eb29dba7 HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition 
commit e3f88665a78045fe35c7669d2926b8d97b892c11 upstream.

In the ssi_protocol_probe() function, &ssi->work is bound with
ssip_xmit_work(), In ssip_pn_setup(), the ssip_pn_xmit() function
within the ssip_pn_ops structure is capable of starting the
work.

If we remove the module which will call ssi_protocol_remove()
to make a cleanup, it will free ssi through kfree(ssi),
while the work mentioned above will be used. The sequence
of operations that may lead to a UAF bug is as follows:

CPU0                                    CPU1

                        | ssip_xmit_work
ssi_protocol_remove     |
kfree(ssi);             |
                        | struct hsi_client *cl = ssi->cl;
                        | // use ssi

Fix it by ensuring that the work is canceled before proceeding
with the cleanup in ssi_protocol_remove().

Signed-off-by: Kaixin Wang <kxwang23@m.fudan.edu.cn>
Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20240918120749.1730-1-kxwang23@m.fudan.edu.cn
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-04-25 10:45:38 +02:00
arch x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() 2025-04-25 10:45:37 +02:00
block block: fix 'kmem_cache of name 'bio-108' already exists' 2025-03-22 12:50:44 -07:00
certs certs: Reference revocation list for all keyrings 2023-08-17 20:12:41 +00:00
crypto crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes 2025-01-09 13:31:52 +01:00
Documentation dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg' 2025-04-25 10:45:34 +02:00
drivers HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition 2025-04-25 10:45:38 +02:00
fs cifs: Ensure that all non-client-specific reparse points are processed by the server 2025-04-25 10:45:33 +02:00
include sctp: detect and prevent references to a freed transport in sendmsg 2025-04-25 10:45:32 +02:00
init rust: Disallow BTF generation with Rust + LTO 2025-03-22 12:50:48 -07:00
io_uring io_uring/kbuf: reject zero sized provided buffers 2025-04-25 10:45:26 +02:00
ipc ipc: fix memleak if msg_init_ns failed in create_ipc_ns 2024-12-09 10:32:54 +01:00
kernel ftrace: Add cond_resched() to ftrace_graph_set_hash() 2025-04-25 10:45:34 +02:00
lib lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets 2025-04-25 10:45:29 +02:00
LICENSES
mm mm/hugetlb: move hugetlb_sysctl_init() to the __init section 2025-04-25 10:45:32 +02:00
net sctp: detect and prevent references to a freed transport in sendmsg 2025-04-25 10:45:32 +02:00
rust rust: lockdep: Remove support for dynamically allocated LockClassKeys 2025-03-22 12:50:50 -07:00
samples tracing: Allow creating instances with specified system events 2025-04-10 14:37:41 +02:00
scripts selinux: Chain up tool resolving errors in install_policy.sh 2025-04-10 14:37:26 +02:00
security smack: dont compile ipv6 code unless ipv6 is configured 2025-04-10 14:37:25 +02:00
sound ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path 2025-04-25 10:45:26 +02:00
tools selftests: mptcp: fix incorrect fd checks in main_loop 2025-04-25 10:45:36 +02:00
usr kbuild: hdrcheck: fix cross build with clang 2025-03-13 12:58:38 +01:00
virt KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock 2024-10-04 16:29:47 +02:00
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore Remove *.orig pattern from .gitignore 2024-10-04 16:29:44 +02:00
.mailmap 20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues 2023-10-24 09:52:16 -10:00
.rustfmt.toml
COPYING
CREDITS USB: Remove Wireless USB and UWB documentation 2023-08-09 14:17:32 +02:00
Kbuild
Kconfig
MAINTAINERS membarrier: riscv: Add full memory barrier in switch_mm() 2024-09-12 11:11:45 +02:00
Makefile Linux 6.6.87 2025-04-10 14:37:44 +02:00
README

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.