MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,321,351 Commits 589 Branches 4,509 Tags 4.3 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
Other 0.1%
c2925cd620
Go to file
Li Nan c2925cd620 efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare 
[ Upstream commit a6358f8cf64850f3f27857b8ed8c1b08cfc4685c ]

Observed on kernel 6.6 (present on master as well):

  BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0
  Call trace:
   kasan_check_range+0xe8/0x190
   __asan_loadN+0x1c/0x28
   memcmp+0x98/0xd0
   efivarfs_d_compare+0x68/0xd8
   __d_lookup_rcu_op_compare+0x178/0x218
   __d_lookup_rcu+0x1f8/0x228
   d_alloc_parallel+0x150/0x648
   lookup_open.isra.0+0x5f0/0x8d0
   open_last_lookups+0x264/0x828
   path_openat+0x130/0x3f8
   do_filp_open+0x114/0x248
   do_sys_openat2+0x340/0x3c0
   __arm64_sys_openat+0x120/0x1a0

If dentry->d_name.len < EFI_VARIABLE_GUID_LEN , 'guid' can become
negative, leadings to oob. The issue can be triggered by parallel
lookups using invalid filename:

  T1			T2
  lookup_open
   ->lookup
    simple_lookup
     d_add
     // invalid dentry is added to hash list

			lookup_open
			 d_alloc_parallel
			  __d_lookup_rcu
			   __d_lookup_rcu_op_compare
			    hlist_bl_for_each_entry_rcu
			    // invalid dentry can be retrieved
			     ->d_compare
			      efivarfs_d_compare
			      // oob

Fix it by checking 'guid' before cmp.

Fixes: da27a24383 ("efivarfs: guid part of filenames are case-insensitive")
Signed-off-by: Li Nan <linan122@huawei.com>
Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-09-04 15:31:52 +02:00
arch powerpc/kvm: Fix ifdef to remove build warning 2025-09-04 15:31:45 +02:00
block block: Introduce bio_needs_zone_write_plugging() 2025-08-20 18:30:51 +02:00
certs sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 2024-09-20 19:52:48 +03:00
crypto crypto: jitter - fix intermediary handling 2025-08-20 18:30:42 +02:00
Documentation dt-bindings: display/msm: qcom,mdp5: drop lut clock 2025-09-04 15:31:48 +02:00
drivers fbnic: Move phylink resume out of service_task and into open/close 2025-09-04 15:31:52 +02:00
fs efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare 2025-09-04 15:31:52 +02:00
include net: rose: convert 'use' field to refcount_t 2025-09-04 15:31:51 +02:00
init io_uring: fix breakage in EXPERT menu 2025-08-15 12:13:32 +02:00
io_uring io_uring/futex: ensure io_futex_wait() cleans up properly on failure 2025-08-28 16:31:05 +02:00
ipc ipc: fix to protect IPCS lookups using RCU 2025-06-27 11:11:22 +01:00
kernel of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() 2025-09-04 15:31:45 +02:00
lib lib/sbitmap: convert shallow_depth from one word to the whole sbitmap 2025-08-20 18:30:49 +02:00
LICENSES
mm mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn 2025-08-28 16:31:05 +02:00
net l2tp: do not use sock_hold() in pppol2tp_session_get_sock() 2025-09-04 15:31:51 +02:00
rust rust: alloc: fix rusttest by providing Cmalloc::aligned_layout too 2025-08-28 16:31:13 +02:00
samples samples: mei: Fix building on musl libc 2025-08-15 12:13:38 +02:00
scripts kconfig: lxdialog: fix 'space' to (de)select options 2025-08-20 18:30:48 +02:00
security apparmor: Fix 8-byte alignment for initial dfa blob streams 2025-08-28 16:30:56 +02:00
sound ASoC: codecs: tx-macro: correct tx_macro_component_drv name 2025-09-04 15:31:44 +02:00
tools perf symbol-minimal: Fix ehdr reading in filename__read_build_id 2025-09-04 15:31:43 +02:00
usr kbuild: hdrcheck: fix cross build with clang 2025-03-13 13:02:18 +01:00
virt KVM: Allow CPU to reschedule while setting per-page memory attributes 2025-07-17 18:37:08 +02:00
.clang-format
.clippy.toml rust: give Clippy the minimum supported Rust version 2025-08-01 09:48:44 +01:00
.cocciconfig
.editorconfig
.get_maintainer.ignore
.gitattributes
.gitignore rust: introduce .clippy.toml 2025-03-13 13:01:42 +01:00
.mailmap mailmap: add entry for Thorsten Blum 2024-11-07 14:14:59 -08:00
.rustfmt.toml
COPYING
CREDITS MAINTAINERS: Remove self from DSA entry 2024-11-03 12:52:38 -08:00
Kbuild
Kconfig
MAINTAINERS MAINTAINERS: Update Alexey Makhalov's email address 2025-05-22 14:29:46 +02:00
Makefile Linux 6.12.44 2025-08-28 16:31:16 +02:00
README

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.