MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,074,143 Commits 589 Branches 4,509 Tags 4.3 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
Other 0.1%
74bc813d11
Go to file
Jeongjun Park 74bc813d11 ipc: fix to protect IPCS lookups using RCU 
commit d66adabe91 upstream.

syzbot reported that it discovered a use-after-free vulnerability, [0]

[0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/

idr_for_each() is protected by rwsem, but this is not enough.  If it is
not protected by RCU read-critical region, when idr_for_each() calls
radix_tree_node_free() through call_rcu() to free the radix_tree_node
structure, the node will be freed immediately, and when reading the next
node in radix_tree_for_each_slot(), the already freed memory may be read.

Therefore, we need to add code to make sure that idr_for_each() is
protected within the RCU read-critical region when we call it in
shm_destroy_orphaned().

Link: https://lkml.kernel.org/r/20250424143322.18830-1-aha310510@gmail.com
Fixes: b34a6b1da3 ("ipc: introduce shm_rmid_forced sysctl")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Reported-by: syzbot+a2b84e569d06ca3a949c@syzkaller.appspotmail.com
Cc: Jeongjun Park <aha310510@gmail.com>
Cc: Liam Howlett <liam.howlett@oracle.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Vasiliy Kulikov <segoon@openwall.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-27 11:05:26 +01:00
arch parisc: fix building with gcc-15 2025-06-27 11:05:26 +01:00
block block: fix direct io NOWAIT flag not work 2025-05-22 14:08:26 +02:00
certs
crypto crypto: xts - Only add ecb if it is not already there 2025-06-27 11:05:10 +01:00
Documentation x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 2025-06-04 14:37:59 +02:00
drivers clk: meson-g12a: add missing fclk_div2 to spicc 2025-06-27 11:05:26 +01:00
fs f2fs: fix to do sanity check on sit_bitmap_size 2025-06-27 11:05:25 +01:00
include net: Fix TOCTOU issue in sk_is_readable() 2025-06-27 11:05:20 +01:00
init sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP 2025-05-02 07:44:36 +02:00
io_uring io_uring: fix possible deadlock in io_register_iowq_max_workers() 2024-11-17 15:06:25 +01:00
ipc ipc: fix to protect IPCS lookups using RCU 2025-06-27 11:05:26 +01:00
kernel posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() 2025-06-27 11:05:21 +01:00
lib crypto: lzo - Fix compression buffer overrun 2025-06-04 14:37:58 +02:00
LICENSES
mm mm/page_alloc.c: avoid infinite retries caused by cpuset race 2025-06-04 14:38:06 +02:00
net NFC: nci: uart: Set tty->disc_data only in success path 2025-06-27 11:05:25 +01:00
samples samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora 2025-06-04 14:37:54 +02:00
scripts kbuild: Add KBUILD_CPPFLAGS to as-option invocation 2025-06-27 11:05:21 +01:00
security smack: recognize ipv4 CIPSO w/o categories 2025-06-04 14:38:02 +02:00
sound ASoC: meson: meson-card-utils: use of_property_present() for DT parsing 2025-06-27 11:05:23 +01:00
tools perf record: Fix incorrect --user-regs comments 2025-06-27 11:05:16 +01:00
usr kbuild: hdrcheck: fix cross build with clang 2025-06-27 11:05:22 +01:00
virt KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() 2024-10-22 15:40:41 +02:00
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore Remove *.orig pattern from .gitignore 2024-10-17 15:11:10 +02:00
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile kbuild: userprogs: fix bitsize and target detection on clang 2025-06-27 11:05:22 +01:00
README

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.