Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
FireAsf 🔥
2689 commits 2 branches 0 tags 509 MiB
C 98.3%
Assembly 0.9%
Makefile 0.3%
Shell 0.2%
Python 0.1%
Find a file
Kuniyuki Iwashima e635f6d4c2 tcp: Clean up kernel listener's reqsk in inet_twsk_purge() 
commit 740ea3c4a0b2e326b23d7cdf05472a0e92aa39bc upstream.

Eric Dumazet reported a use-after-free related to the per-netns ehash
series. [0]

When we create a TCP socket from userspace, the socket always holds a
refcnt of the netns.  This guarantees that a reqsk timer is always fired
before netns dismantle.  Each reqsk has a refcnt of its listener, so the
listener is not freed before the reqsk, and the net is not freed before
the listener as well.

OTOH, when in-kernel users create a TCP socket, it might not hold a refcnt
of its netns.  Thus, a reqsk timer can be fired after the netns dismantle
and access freed per-netns ehash.

To avoid the use-after-free, we need to clean up TCP_NEW_SYN_RECV sockets
in inet_twsk_purge() if the netns uses a per-netns ehash.

[0]: https://lore.kernel.org/netdev/CANn89iLXMup0dRD_Ov79Xt8N9FM0XdhCHEN05sf3eLwxKweM6w@mail.gmail.com/

BUG: KASAN: use-after-free in tcp_or_dccp_get_hashinfo
include/net/inet_hashtables.h:181 [inline]
BUG: KASAN: use-after-free in reqsk_queue_unlink+0x320/0x350
net/ipv4/inet_connection_sock.c:913
Read of size 8 at addr ffff88807545bd80 by task syz-executor.2/8301

CPU: 1 PID: 8301 Comm: syz-executor.2 Not tainted
6.0.0-syzkaller-02757-gaf7d23f9d96a #0
Hardware name: Google Google Compute Engine/Google Compute Engine,
BIOS Google 09/22/2022
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold+0x2ba/0x719 mm/kasan/report.c:433
kasan_report+0xb1/0x1e0 mm/kasan/report.c:495
tcp_or_dccp_get_hashinfo include/net/inet_hashtables.h:181 [inline]
reqsk_queue_unlink+0x320/0x350 net/ipv4/inet_connection_sock.c:913
inet_csk_reqsk_queue_drop net/ipv4/inet_connection_sock.c:927 [inline]
inet_csk_reqsk_queue_drop_and_put net/ipv4/inet_connection_sock.c:939 [inline]
reqsk_timer_handler+0x724/0x1160 net/ipv4/inet_connection_sock.c:1053
call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790
__run_timers kernel/time/timer.c:1768 [inline]
run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
__do_softirq+0x1d0/0x9c8 kernel/softirq.c:571
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1107
</IRQ>

Fixes: d1e5e6408b30 ("tcp: Introduce optional per-netns ehash.")
Reported-by: syzbot <syzkaller@googlegroups.com>
Reported-by: Eric Dumazet <edumazet@google.com>
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20221012145036.74960-1-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
[shaozhengchao: resolved conflicts in 5.10]
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-11-19 11:32:40 +01:00
.github/workflows Add build stuff 2024-06-15 16:48:05 -03:00
android Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
arch cpu: Re-enable CPU mitigations by default for !X86 architectures 2024-11-19 11:32:38 +01:00
block block: prevent division by zero in blk_rq_stat_sum() 2024-11-19 09:23:14 +01:00
certs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
crypto Revert "crypto: api - Disallow identical driver names" 2024-11-19 11:32:38 +01:00
Documentation PM / devfreq: Fix buffer overflow in trans_stat_show 2024-11-19 11:32:38 +01:00
drivers mtd: diskonchip: work around ubsan link failure 2024-11-19 11:32:40 +01:00
firmware/tsp_goodix Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fs btrfs: fix information leak in btrfs_ioctl_logical_to_ino() 2024-11-19 11:32:38 +01:00
gki Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
include ethernet: Add helper for assigning packet type when dest address does not match device address 2024-11-19 11:32:39 +01:00
init init/main.c: Fix potential static_command_line memory overflow 2024-11-19 11:32:23 +01:00
io_uring io_uring: ensure '0' is returned on file registration success 2024-11-19 09:22:45 +01:00
ipc Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kernel cpu: Re-enable CPU mitigations by default for !X86 architectures 2024-11-19 11:32:38 +01:00
kernel_build kernel_build: build*.sh: Add -Testing to zip/tar and local version 2024-11-19 09:24:15 +01:00
kunitconfigs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
lib stackdepot: respect __GFP_NOLOCKDEP allocation flag 2024-11-19 11:32:39 +01:00
LICENSES Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mm x86/mm/pat: fix VM_PAT handling in COW mappings 2024-11-19 09:23:15 +01:00
net tcp: Clean up kernel listener's reqsk in inet_twsk_purge() 2024-11-19 11:32:40 +01:00
samples Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
scripts kbuild: dummy-tools: adjust to stricter stackprotector check 2024-11-19 09:23:16 +01:00
security smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() 2024-11-19 09:22:14 +01:00
sound ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone 2024-11-19 09:23:10 +01:00
test Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tools selftests/ftrace: Limit length in subsystem-enable tests 2024-11-19 11:32:21 +01:00
usr Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
virt KVM: Always flush async #PF workqueue when vCPU is being destroyed 2024-11-19 09:22:15 +01:00
build.config.aarch64 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.allmodconfig Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.allmodconfig.aarch64 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.allmodconfig.arm Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.allmodconfig.x86_64 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.amlogic Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.arm Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.common Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.db845c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.erd8825_a25_s Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.erd8825_s Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.erd9925_evt0_s Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.erd9925_evt0_s5300_s Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.erd9925_s Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki-debug.aarch64 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki-debug.x86_64 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki.aarch64 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki.aarch64.fips140 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki.aarch64.fips140_eval_testing Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki.x86_64 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki_kasan Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki_kasan.aarch64 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki_kasan.x86_64 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki_kprobes Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki_kprobes.aarch64 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.gki_kprobes.x86_64 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.hikey960 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.khwasan Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.mcd Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.rockchip Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.universal2100_s Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.universal8825_s Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.universal9925_evt0_s Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.universal9925_s Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.config.x86_64 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
build.sh build.sh: Disabled temporary build without debug 2024-11-17 22:32:40 +01:00
COPYING Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
CREDITS Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kbuild Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
linux-stable.sh linux-stable.sh: Added for upstream 2024-11-08 11:11:32 +01:00
MAINTAINERS Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile Linux 5.10.215 2024-11-19 09:23:16 +01:00
OWNERS Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
README Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
README.md Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vendor_boot_module_order_exynos2100.cfg Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vendor_boot_module_order_s5e8825.cfg Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vendor_boot_module_order_s5e9925.cfg Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vendor_module_list_s5e8825.cfg Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vendor_module_list_s5e9925.cfg Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vendor_module_list_s5e9925_b0s.cfg Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vendor_module_list_s5e9925_g0s.cfg Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vendor_module_list_s5e9925_r0s.cfg Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00

README.md

How do I submit patches to Android Common Kernels

  1. BEST: Make all of your changes to upstream Linux. If appropriate, backport to the stable releases. These patches will be merged automatically in the corresponding common kernels. If the patch is already in upstream Linux, post a backport of the patch that conforms to the patch requirements below.

    • Do not send patches upstream that contain only symbol exports. To be considered for upstream Linux, additions of EXPORT_SYMBOL_GPL() require an in-tree modular driver that uses the symbol -- so include the new driver or changes to an existing driver in the same patchset as the export.
    • When sending patches upstream, the commit message must contain a clear case for why the patch is needed and beneficial to the community. Enabling out-of-tree drivers or functionality is not not a persuasive case.

  2. LESS GOOD: Develop your patches out-of-tree (from an upstream Linux point-of-view). Unless these are fixing an Android-specific bug, these are very unlikely to be accepted unless they have been coordinated with kernel-team@android.com. If you want to proceed, post a patch that conforms to the patch requirements below.

Common Kernel patch requirements

  • All patches must conform to the Linux kernel coding standards and pass script/checkpatch.pl
  • Patches shall not break gki_defconfig or allmodconfig builds for arm, arm64, x86, x86_64 architectures (see https://source.android.com/setup/build/building-kernels)
  • If the patch is not merged from an upstream branch, the subject must be tagged with the type of patch: UPSTREAM:, BACKPORT:, FROMGIT:, FROMLIST:, or ANDROID:.
  • All patches must have a Change-Id: tag (see https://gerrit-review.googlesource.com/Documentation/user-changeid.html)
  • If an Android bug has been assigned, there must be a Bug: tag.
  • All patches must have a Signed-off-by: tag by the author and the submitter

Additional requirements are listed below based on patch type

Requirements for backports from mainline Linux: UPSTREAM:, BACKPORT:

  • If the patch is a cherry-pick from Linux mainline with no changes at all
    • tag the patch subject with UPSTREAM:.
    • add upstream commit information with a (cherry picked from commit ...) line
    • Example:
      • if the upstream commit message is
        important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>
  • then Joe Smith would upload the patch for the common kernel as
        UPSTREAM: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        (cherry picked from commit c31e73121f4c1ec41143423ac6ce3ce6dafdcec1)
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch requires any changes from the upstream version, tag the patch with BACKPORT: instead of UPSTREAM:.
    • use the same tags as UPSTREAM:
    • add comments about the changes under the (cherry picked from commit ...) line
    • Example:
        BACKPORT: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        (cherry picked from commit c31e73121f4c1ec41143423ac6ce3ce6dafdcec1)
        [joe: Resolved minor conflict in drivers/foo/bar.c ]
        Signed-off-by: Joe Smith <joe.smith@foo.org>

Requirements for other backports: FROMGIT:, FROMLIST:,

  • If the patch has been merged into an upstream maintainer tree, but has not yet been merged into Linux mainline
    • tag the patch subject with FROMGIT:
    • add info on where the patch came from as (cherry picked from commit <sha1> <repo> <branch>). This must be a stable maintainer branch (not rebased, so don't use linux-next for example).
    • if changes were required, use BACKPORT: FROMGIT:
    • Example:
      • if the commit message in the maintainer tree is
        important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>
  • then Joe Smith would upload the patch for the common kernel as
        FROMGIT: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        (cherry picked from commit 878a2fd9de10b03d11d2f622250285c7e63deace
         https://git.kernel.org/pub/scm/linux/kernel/git/foo/bar.git test-branch)
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch has been submitted to LKML, but not accepted into any maintainer tree
    • tag the patch subject with FROMLIST:
    • add a Link: tag with a link to the submittal on lore.kernel.org
    • add a Bug: tag with the Android bug (required for patches not accepted into a maintainer tree)
    • if changes were required, use BACKPORT: FROMLIST:
    • Example:
        FROMLIST: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Link: https://lore.kernel.org/lkml/20190619171517.GA17557@someone.com/
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>

Requirements for Android-specific patches: ANDROID:

  • If the patch is fixing a bug to Android-specific code
    • tag the patch subject with ANDROID:
    • add a Fixes: tag that cites the patch with the bug
    • Example:
        ANDROID: fix android-specific bug in foobar.c

        This is the detailed description of the important fix

        Fixes: 1234abcd2468 ("foobar: add cool feature")
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch is a new feature
    • tag the patch subject with ANDROID:
    • add a Bug: tag with the Android bug (required for android-specific features)