android/android_kernel_asus_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
91b9c23b6d
android_kernel_asus_sm8350/security
History
Pawan Gupta 91b9c23b6d smackfs: Fix use-after-free in netlbl_catmap_walk() 
[ Upstream commit 0817534ff9ea809fac1322c5c8c574be8483ea57 ]

Syzkaller reported use-after-free bug as described in [1]. The bug is
triggered when smk_set_cipso() tries to free stale category bitmaps
while there are concurrent reader(s) using the same bitmaps.

Wait for RCU grace period to finish before freeing the category bitmaps
in smk_set_cipso(). This makes sure that there are no more readers using
the stale bitmaps and freeing them should be safe.

[1] https://lore.kernel.org/netdev/000000000000a814c505ca657a4e@google.com/

Reported-by: syzbot+3f91de0b813cc3d19a80@syzkaller.appspotmail.com
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-17 09:48:28 +01:00
..
apparmor apparmor: remove duplicate macro list_entry_is_head() 2021-09-26 14:07:06 +02:00
integrity evm: mark evm_fixmode as __ro_after_init 2021-11-17 09:48:23 +01:00
keys KEYS: trusted: Fix migratable=1 failing 2021-03-04 10:26:44 +01:00
loadpin proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
lockdown lockdown: Allow unprivileged users to see lockdown status 2020-06-22 09:30:53 +02:00
safesetid LSM: SafeSetID: Stop releasing uninitialized ruleset 2019-09-17 11:27:05 -07:00
selinux binder: use cred instead of task for selinux checks 2021-11-17 09:48:16 +01:00
smack smackfs: Fix use-after-free in netlbl_catmap_walk() 2021-11-17 09:48:28 +01:00
tomoyo tomoyo: Use atomic_t for statistics counter 2020-02-05 21:22:41 +00:00
yama proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
commoncap.c security: commoncap: fix -Wstringop-overread warning 2021-05-11 14:04:16 +02:00
device_cgroup.c device_cgroup: Fix RCU list debugging warning 2020-10-01 13:18:13 +02:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
Kconfig.hardening meminit fix 2019-07-28 12:33:15 -07:00
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-19 18:26:16 +01:00
Makefile security: Add a static lockdown policy LSM 2019-08-19 21:54:15 -07:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c binder: use cred instead of task for selinux checks 2021-11-17 09:48:16 +01:00