Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
FireAsf 🔥
4653 commits 2 branches 0 tags 509 MiB
C 98.3%
Assembly 0.9%
Makefile 0.3%
Shell 0.2%
Python 0.1%
Find a file
Alexandra Winter 438fa4e57f net/iucv: fix use after free in iucv_sock_close() 
[ Upstream commit f558120cd709682b739207b48cf7479fd9568431 ]

iucv_sever_path() is called from process context and from bh context.
iucv->path is used as indicator whether somebody else is taking care of
severing the path (or it is already removed / never existed).
This needs to be done with atomic compare and swap, otherwise there is a
small window where iucv_sock_close() will try to work with a path that has
already been severed and freed by iucv_callback_connrej() called by
iucv_tasklet_fn().

Example:
[452744.123844] Call Trace:
[452744.123845] ([<0000001e87f03880>] 0x1e87f03880)
[452744.123966]  [<00000000d593001e>] iucv_path_sever+0x96/0x138
[452744.124330]  [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv]
[452744.124336]  [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv]
[452744.124341]  [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv]
[452744.124345]  [<00000000d574794e>] __sock_release+0x5e/0xe8
[452744.124815]  [<00000000d5747a0c>] sock_close+0x34/0x48
[452744.124820]  [<00000000d5421642>] __fput+0xba/0x268
[452744.124826]  [<00000000d51b382c>] task_work_run+0xbc/0xf0
[452744.124832]  [<00000000d5145710>] do_notify_resume+0x88/0x90
[452744.124841]  [<00000000d5978096>] system_call+0xe2/0x2c8
[452744.125319] Last Breaking-Event-Address:
[452744.125321]  [<00000000d5930018>] iucv_path_sever+0x90/0x138
[452744.125324]
[452744.125325] Kernel panic - not syncing: Fatal exception in interrupt

Note that bh_lock_sock() is not serializing the tasklet context against
process context, because the check for sock_owned_by_user() and
corresponding handling is missing.

Ideas for a future clean-up patch:
A) Correct usage of bh_lock_sock() in tasklet context, as described in
Link: https://lore.kernel.org/netdev/1280155406.2899.407.camel@edumazet-laptop/
Re-enqueue, if needed. This may require adding return values to the
tasklet functions and thus changes to all users of iucv.

B) Change iucv tasklet into worker and use only lock_sock() in af_iucv.

Fixes: 7d316b945352 ("af_iucv: remove IUCV-pathes completely")
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Alexandra Winter <wintera@linux.ibm.com>
Link: https://patch.msgid.link/20240729122818.947756-1-wintera@linux.ibm.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-23 23:20:20 +01:00
.github/workflows
android
arch powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC 2024-11-23 23:20:18 +01:00
block Revert "mm: apply init protection" 2024-11-19 18:15:13 +01:00
certs
crypto crypto: aead,cipher - zeroize key buffer after use 2024-11-19 14:19:40 +01:00
Documentation dt-bindings: thermal: correct thermal zone node name limit 2024-11-23 23:20:12 +01:00
drivers drm/vmwgfx: Fix overlay when using Screen Targets 2024-11-23 23:20:20 +01:00
firmware/tsp_goodix
fs ext4: check the extent status again before inserting delalloc block 2024-11-23 23:20:19 +01:00
gki
include genirq: Allow the PM device to originate from irq domain 2024-11-23 23:20:19 +01:00
init kernel/sys.c: implement custom uname override 2024-11-19 17:55:01 +01:00
io_uring io_uring/io-wq: limit retrying worker initialisation 2024-11-23 23:20:16 +01:00
ipc
kernel genirq: Allow the PM device to originate from irq domain 2024-11-23 23:20:19 +01:00
kernel_build Added KernelSu 2024-11-19 22:41:46 +01:00
KernelSU@b766b98513 Added KernelSU 2024-11-19 23:08:59 +01:00
kunitconfigs
lib kobject_uevent: Fix OOB access within zap_modalias_env() 2024-11-23 23:20:14 +01:00
LICENSES
mm Revert "kernel: sysctl: add init protection to common mm-related nodes" 2024-11-19 18:13:49 +01:00
net net/iucv: fix use after free in iucv_sock_close() 2024-11-23 23:20:20 +01:00
samples
scripts kbuild: Fix '-S -c' in x86 stack protector scripts 2024-11-23 23:20:14 +01:00
security apparmor: Fix null pointer deref when receiving skb during sock creation 2024-11-23 23:20:18 +01:00
sound ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable 2024-11-23 23:20:18 +01:00
test
tools libbpf: Fix no-args func prototype BTF dumping syntax 2024-11-23 23:20:16 +01:00
usr
virt
build.config.aarch64
build.config.allmodconfig
build.config.allmodconfig.aarch64
build.config.allmodconfig.arm
build.config.allmodconfig.x86_64
build.config.amlogic
build.config.arm
build.config.common
build.config.db845c
build.config.erd8825_a25_s
build.config.erd8825_s
build.config.erd9925_evt0_s
build.config.erd9925_evt0_s5300_s
build.config.erd9925_s
build.config.gki
build.config.gki-debug.aarch64
build.config.gki-debug.x86_64
build.config.gki.aarch64
build.config.gki.aarch64.fips140
build.config.gki.aarch64.fips140_eval_testing
build.config.gki.x86_64
build.config.gki_kasan
build.config.gki_kasan.aarch64
build.config.gki_kasan.x86_64
build.config.gki_kprobes
build.config.gki_kprobes.aarch64
build.config.gki_kprobes.x86_64
build.config.hikey960
build.config.khwasan
build.config.mcd
build.config.rockchip
build.config.universal2100_s
build.config.universal8825_s
build.config.universal9925_evt0_s
build.config.universal9925_s
build.config.x86_64
build.sh build.sh: Forgot to change some things 2024-11-19 22:46:43 +01:00
COPYING
CREDITS
Kbuild
Kconfig
linux-stable.sh
MAINTAINERS
Makefile Linux 5.10.223 2024-11-19 14:19:53 +01:00
OWNERS
README
README.md
vendor_boot_module_order_exynos2100.cfg
vendor_boot_module_order_s5e8825.cfg
vendor_boot_module_order_s5e9925.cfg
vendor_module_list_s5e8825.cfg
vendor_module_list_s5e9925.cfg
vendor_module_list_s5e9925_b0s.cfg
vendor_module_list_s5e9925_g0s.cfg
vendor_module_list_s5e9925_r0s.cfg

README.md

How do I submit patches to Android Common Kernels

  1. BEST: Make all of your changes to upstream Linux. If appropriate, backport to the stable releases. These patches will be merged automatically in the corresponding common kernels. If the patch is already in upstream Linux, post a backport of the patch that conforms to the patch requirements below.

    • Do not send patches upstream that contain only symbol exports. To be considered for upstream Linux, additions of EXPORT_SYMBOL_GPL() require an in-tree modular driver that uses the symbol -- so include the new driver or changes to an existing driver in the same patchset as the export.
    • When sending patches upstream, the commit message must contain a clear case for why the patch is needed and beneficial to the community. Enabling out-of-tree drivers or functionality is not not a persuasive case.

  2. LESS GOOD: Develop your patches out-of-tree (from an upstream Linux point-of-view). Unless these are fixing an Android-specific bug, these are very unlikely to be accepted unless they have been coordinated with kernel-team@android.com. If you want to proceed, post a patch that conforms to the patch requirements below.

Common Kernel patch requirements

  • All patches must conform to the Linux kernel coding standards and pass script/checkpatch.pl
  • Patches shall not break gki_defconfig or allmodconfig builds for arm, arm64, x86, x86_64 architectures (see https://source.android.com/setup/build/building-kernels)
  • If the patch is not merged from an upstream branch, the subject must be tagged with the type of patch: UPSTREAM:, BACKPORT:, FROMGIT:, FROMLIST:, or ANDROID:.
  • All patches must have a Change-Id: tag (see https://gerrit-review.googlesource.com/Documentation/user-changeid.html)
  • If an Android bug has been assigned, there must be a Bug: tag.
  • All patches must have a Signed-off-by: tag by the author and the submitter

Additional requirements are listed below based on patch type

Requirements for backports from mainline Linux: UPSTREAM:, BACKPORT:

  • If the patch is a cherry-pick from Linux mainline with no changes at all
    • tag the patch subject with UPSTREAM:.
    • add upstream commit information with a (cherry picked from commit ...) line
    • Example:
      • if the upstream commit message is
        important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>
  • then Joe Smith would upload the patch for the common kernel as
        UPSTREAM: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        (cherry picked from commit c31e73121f4c1ec41143423ac6ce3ce6dafdcec1)
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch requires any changes from the upstream version, tag the patch with BACKPORT: instead of UPSTREAM:.
    • use the same tags as UPSTREAM:
    • add comments about the changes under the (cherry picked from commit ...) line
    • Example:
        BACKPORT: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        (cherry picked from commit c31e73121f4c1ec41143423ac6ce3ce6dafdcec1)
        [joe: Resolved minor conflict in drivers/foo/bar.c ]
        Signed-off-by: Joe Smith <joe.smith@foo.org>

Requirements for other backports: FROMGIT:, FROMLIST:,

  • If the patch has been merged into an upstream maintainer tree, but has not yet been merged into Linux mainline
    • tag the patch subject with FROMGIT:
    • add info on where the patch came from as (cherry picked from commit <sha1> <repo> <branch>). This must be a stable maintainer branch (not rebased, so don't use linux-next for example).
    • if changes were required, use BACKPORT: FROMGIT:
    • Example:
      • if the commit message in the maintainer tree is
        important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>
  • then Joe Smith would upload the patch for the common kernel as
        FROMGIT: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        (cherry picked from commit 878a2fd9de10b03d11d2f622250285c7e63deace
         https://git.kernel.org/pub/scm/linux/kernel/git/foo/bar.git test-branch)
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch has been submitted to LKML, but not accepted into any maintainer tree
    • tag the patch subject with FROMLIST:
    • add a Link: tag with a link to the submittal on lore.kernel.org
    • add a Bug: tag with the Android bug (required for patches not accepted into a maintainer tree)
    • if changes were required, use BACKPORT: FROMLIST:
    • Example:
        FROMLIST: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Link: https://lore.kernel.org/lkml/20190619171517.GA17557@someone.com/
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>

Requirements for Android-specific patches: ANDROID:

  • If the patch is fixing a bug to Android-specific code
    • tag the patch subject with ANDROID:
    • add a Fixes: tag that cites the patch with the bug
    • Example:
        ANDROID: fix android-specific bug in foobar.c

        This is the detailed description of the important fix

        Fixes: 1234abcd2468 ("foobar: add cool feature")
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch is a new feature
    • tag the patch subject with ANDROID:
    • add a Bug: tag with the Android bug (required for android-specific features)