android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
992,011 Commits 2 Branches 0 Tags 2.3 GiB
C 97.8%
Assembly 1.2%
Shell 0.3%
Makefile 0.3%
Python 0.2%
Other 0.1%
7130a87ca3
Go to file
Pan Bian 7130a87ca3 nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() 
commit 7ee29facd8a9c5a26079148e36bcf07141b3a6bc upstream.

In nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the
reference count of bh when the call to nilfs_dat_translate() fails.  If
the reference count hits 0 and its owner page gets unlocked, bh may be
freed.  However, bh->b_page is dereferenced to put the page after that,
which may result in a use-after-free bug.  This patch moves the release
operation after unlocking and putting the page.

NOTE: The function in question is only called in GC, and in combination
with current userland tools, address translation using DAT does not occur
in that function, so the code path that causes this issue will not be
executed.  However, it is possible to run that code path by intentionally
modifying the userland GC library or by calling the GC ioctl directly.

[konishi.ryusuke@gmail.com: NOTE added to the commit log]
Link: https://lkml.kernel.org/r/1543201709-53191-1-git-send-email-bianpan2016@163.com
Link: https://lkml.kernel.org/r/20230921141731.10073-1-konishi.ryusuke@gmail.com
Fixes: a3d93f709e ("nilfs2: block cache for garbage collection")
Signed-off-by: Pan Bian <bianpan2016@163.com>
Reported-by: Ferry Meng <mengferry@linux.alibaba.com>
Closes: https://lkml.kernel.org/r/20230818092022.111054-1-mengferry@linux.alibaba.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-10-10 21:53:34 +02:00
arch powerpc/watchpoints: Disable preemption in thread_change_pc() 2023-10-10 21:53:33 +02:00
block block/partition: fix signedness issue for Amiga partitions 2023-07-27 08:44:18 +02:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-22 14:13:17 +02:00
crypto crypto: lrw,xts - Replace strlcpy with strscpy 2023-09-23 11:01:05 +02:00
Documentation perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 2023-09-23 11:01:05 +02:00
drivers serial: 8250_port: Check IRQ data before use 2023-10-10 21:53:34 +02:00
fs nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() 2023-10-10 21:53:34 +02:00
include ACPI: Check StorageD3Enable _DSD property in ACPI code 2023-10-10 21:53:33 +02:00
init x86/mm: Initialize text poking earlier 2023-08-08 19:57:39 +02:00
io_uring io_uring: break iopolling on signal 2023-09-19 12:20:24 +02:00
ipc ipc/sem: Fix dangling sem_array access in semtimedop race 2022-12-08 11:24:00 +01:00
kernel sched/cpuacct: Optimize away RCU read lock 2023-10-10 21:53:33 +02:00
lib kobject: Add sanity check for kset->kobj.ktype in kset_register() 2023-09-23 11:01:08 +02:00
LICENSES LICENSES/deprecated: add Zlib license text 2020-09-16 14:33:49 +02:00
mm media: vb2: frame_vector.c: replace WARN_ONCE with a comment 2023-10-10 21:53:33 +02:00
net netfilter: nft_exthdr: Fix for unsafe packet data read 2023-10-10 21:53:34 +02:00
samples samples/hw_breakpoint: fix building without module unloading 2023-09-23 11:01:09 +02:00
scripts kconfig: fix possible buffer overflow 2023-09-19 12:20:25 +02:00
security Smack:- Use overlay inode label in smack_inode_copy_up() 2023-10-10 21:53:34 +02:00
sound ASoC: imx-audmix: Fix return error with devm_clk_get() 2023-10-10 21:53:27 +02:00
tools perf build: Define YYNOMEM as YYNOABORT for bison < 3.81 2023-10-10 21:53:33 +02:00
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage 2022-02-01 17:25:48 +01:00
virt KVM: fix memoryleak in kvm_init() 2023-04-05 11:23:43 +02:00
.clang-format RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: generate Module.symvers only when vmlinux exists 2021-05-19 10:12:59 +02:00
.mailmap mailmap: add two more addresses of Uwe Kleine-König 2020-12-06 10:19:07 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS 2020-11-30 10:20:34 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Remove DECnet support from kernel 2023-06-21 15:45:38 +02:00
Makefile Linux 5.10.197 2023-09-23 11:01:11 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.