mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-07 22:42:04 +00:00
seccomp fixes for v5.9-rc5
- Fix memory resource leak of user_notif under TSYNC race (Tycho Andersen) -----BEGIN PGP SIGNATURE----- iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl9cE6IWHGtlZXNjb29r QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJuHfD/9CrUBQl1A4ZuvRjJEiP9V/7g/B JKDoU+VY3j4B7adFypol2atXmrpcFRUY8FfZYLY4lJtl30YUTC5mxTeQpXjH71p2 PVSHUc1eKGFgThgcGaGs8qRGDctvLJTX9KnRRfYX6UGo5fsbyJBTDJMWZ00+87Ia 3cgCo60Q/107KiDDfb4D8rROG9uKkTaa+icZPjCzGAOlBOZhWX2y5ViT0KvEre/r ObaCHAs4JIIyqTTrPUTLeOqjzIjp0yYZ/FmyJOQZ8cSA1HezbxHU9kgi6d69QaZB natXjarHmU5/eUBjbQ95jH324qamoLq++ch/sL4NiitjboAmAxZrIZ80Ir4qOrcU 6ddTr0jhzKsfGzibZKI6g3fYCJJ38DJl/JaiADeySovdEaf7h3cs85WjXK2nVuZR uKI5heaK/4tumIBqTBSo4cU7Bk9hSOXtoAUloiIem/jXZYS4Atl5WbXynAI4fM3b FO1PwKm3LBX5Ua1cjOHRydFZ1qZB90TvzoylLWXOSJ+ThmKOWfxtk98G6C7l/AY5 18FjYjQxn8NT1AFBoRyFB+0Jf0KPrkqr0un1BdWt+B8hNMovEn7PHvAFJ1tJOQic 8TnbGtDYO58kkMsdSSFATwquzo31yu1epXXUtviR/cJVanY/dhGuCtgamXwrUhVa ElFPQaO0W5DgBAxXUA== =I7rD -----END PGP SIGNATURE----- Merge tag 'seccomp-v5.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull seccomp fixes from Kees Cook: "This fixes a rare race condition in seccomp when using TSYNC and USER_NOTIF together where a memory allocation would not get freed (found by syzkaller, fixed by Tycho). Additionally updates Tycho's MAINTAINERS and .mailmap entries for his new address" * tag 'seccomp-v5.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: seccomp: don't leave dangling ->notif if file allocation fails mailmap, MAINTAINERS: move to tycho.pizza seccomp: don't leak memory when filter install races
This commit is contained in:
commit
ef2e9a563b
1
.mailmap
1
.mailmap
@ -308,6 +308,7 @@ Tony Luck <tony.luck@intel.com>
|
|||||||
TripleX Chung <xxx.phy@gmail.com> <triplex@zh-kernel.org>
|
TripleX Chung <xxx.phy@gmail.com> <triplex@zh-kernel.org>
|
||||||
TripleX Chung <xxx.phy@gmail.com> <zhongyu@18mail.cn>
|
TripleX Chung <xxx.phy@gmail.com> <zhongyu@18mail.cn>
|
||||||
Tsuneo Yoshioka <Tsuneo.Yoshioka@f-secure.com>
|
Tsuneo Yoshioka <Tsuneo.Yoshioka@f-secure.com>
|
||||||
|
Tycho Andersen <tycho@tycho.pizza> <tycho@tycho.ws>
|
||||||
Uwe Kleine-König <ukleinek@informatik.uni-freiburg.de>
|
Uwe Kleine-König <ukleinek@informatik.uni-freiburg.de>
|
||||||
Uwe Kleine-König <ukl@pengutronix.de>
|
Uwe Kleine-König <ukl@pengutronix.de>
|
||||||
Uwe Kleine-König <Uwe.Kleine-Koenig@digi.com>
|
Uwe Kleine-König <Uwe.Kleine-Koenig@digi.com>
|
||||||
|
@ -9800,7 +9800,7 @@ F: drivers/scsi/53c700*
|
|||||||
|
|
||||||
LEAKING_ADDRESSES
|
LEAKING_ADDRESSES
|
||||||
M: Tobin C. Harding <me@tobin.cc>
|
M: Tobin C. Harding <me@tobin.cc>
|
||||||
M: Tycho Andersen <tycho@tycho.ws>
|
M: Tycho Andersen <tycho@tycho.pizza>
|
||||||
L: kernel-hardening@lists.openwall.com
|
L: kernel-hardening@lists.openwall.com
|
||||||
S: Maintained
|
S: Maintained
|
||||||
T: git git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git
|
T: git git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git
|
||||||
|
@ -1109,13 +1109,18 @@ static long seccomp_set_mode_strict(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_SECCOMP_FILTER
|
#ifdef CONFIG_SECCOMP_FILTER
|
||||||
static int seccomp_notify_release(struct inode *inode, struct file *file)
|
static void seccomp_notify_free(struct seccomp_filter *filter)
|
||||||
|
{
|
||||||
|
kfree(filter->notif);
|
||||||
|
filter->notif = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void seccomp_notify_detach(struct seccomp_filter *filter)
|
||||||
{
|
{
|
||||||
struct seccomp_filter *filter = file->private_data;
|
|
||||||
struct seccomp_knotif *knotif;
|
struct seccomp_knotif *knotif;
|
||||||
|
|
||||||
if (!filter)
|
if (!filter)
|
||||||
return 0;
|
return;
|
||||||
|
|
||||||
mutex_lock(&filter->notify_lock);
|
mutex_lock(&filter->notify_lock);
|
||||||
|
|
||||||
@ -1139,9 +1144,15 @@ static int seccomp_notify_release(struct inode *inode, struct file *file)
|
|||||||
complete(&knotif->ready);
|
complete(&knotif->ready);
|
||||||
}
|
}
|
||||||
|
|
||||||
kfree(filter->notif);
|
seccomp_notify_free(filter);
|
||||||
filter->notif = NULL;
|
|
||||||
mutex_unlock(&filter->notify_lock);
|
mutex_unlock(&filter->notify_lock);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int seccomp_notify_release(struct inode *inode, struct file *file)
|
||||||
|
{
|
||||||
|
struct seccomp_filter *filter = file->private_data;
|
||||||
|
|
||||||
|
seccomp_notify_detach(filter);
|
||||||
__put_seccomp_filter(filter);
|
__put_seccomp_filter(filter);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -1488,7 +1499,7 @@ static struct file *init_listener(struct seccomp_filter *filter)
|
|||||||
|
|
||||||
out_notif:
|
out_notif:
|
||||||
if (IS_ERR(ret))
|
if (IS_ERR(ret))
|
||||||
kfree(filter->notif);
|
seccomp_notify_free(filter);
|
||||||
out:
|
out:
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@ -1581,6 +1592,7 @@ static long seccomp_set_mode_filter(unsigned int flags,
|
|||||||
listener_f->private_data = NULL;
|
listener_f->private_data = NULL;
|
||||||
fput(listener_f);
|
fput(listener_f);
|
||||||
put_unused_fd(listener);
|
put_unused_fd(listener);
|
||||||
|
seccomp_notify_detach(prepared);
|
||||||
} else {
|
} else {
|
||||||
fd_install(listener, listener_f);
|
fd_install(listener, listener_f);
|
||||||
ret = listener;
|
ret = listener;
|
||||||
|
Loading…
Reference in New Issue
Block a user