Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-07 13:43:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
246f80a0b1
linux-stable/arch
History
Duoming Zhou 246f80a0b1 sh: push-switch: Reorder cleanup operations to avoid use-after-free bug 
The original code puts flush_work() before timer_shutdown_sync()
in switch_drv_remove(). Although we use flush_work() to stop
the worker, it could be rescheduled in switch_timer(). As a result,
a use-after-free bug can occur. The details are shown below:

      (cpu 0)                    |      (cpu 1)
switch_drv_remove()              |
 flush_work()                    |
  ...                            |  switch_timer // timer
                                 |   schedule_work(&psw->work)
 timer_shutdown_sync()           |
 ...                             |  switch_work_handler // worker
 kfree(psw) // free              |
                                 |   psw->state = 0 // use

This patch puts timer_shutdown_sync() before flush_work() to
mitigate the bugs. As a result, the worker and timer will be
stopped safely before the deallocate operations.

Fixes: 9f5e8eee5c ("sh: generic push-switch framework.")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Link: https://lore.kernel.org/r/20230802033737.9738-1-duoming@zju.edu.cn
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
2023-09-09 21:54:20 +02:00
..
alpha Merge branch 'expand-stack' 2023-06-28 20:35:21 -07:00
arc asm-generic updates for 6.5 2023-07-06 10:06:04 -07:00
arm asm-generic updates for 6.5 2023-07-06 10:06:04 -07:00
arm64 tracing: arm64: Avoid missing-prototype warnings 2023-07-12 12:06:04 -04:00
csky arch/csky patches for 6.5 2023-07-01 21:12:32 -07:00
hexagon Merge branch 'expand-stack' 2023-06-28 20:35:21 -07:00
ia64 Kbuild updates for v6.5 2023-07-01 09:24:31 -07:00
loongarch asm-generic updates for 6.5 2023-07-06 10:06:04 -07:00
m68k asm-generic updates for 6.5 2023-07-06 10:06:04 -07:00
microblaze slab updates for 6.5 2023-06-29 16:34:12 -07:00
mips - fixes for KVM 2023-07-09 10:02:49 -07:00
nios2 slab updates for 6.5 2023-06-29 16:34:12 -07:00
openrisc OpenRISC fix for 6.5 2023-07-12 16:28:53 -07:00
parisc parisc: syscalls: Avoid compiler warnings with W=1 2023-07-03 18:56:03 +02:00
powerpc powerpc/mm/book3s64/hash/4k: Add pmd_same callback for 4K page size 2023-07-10 09:47:47 +10:00
riscv RISC-V Fixes for 6.5-rc2 2023-07-14 11:14:07 -07:00
s390 s390 updates for 6.5 merge window part 2 2023-07-06 13:18:30 -07:00
sh sh: push-switch: Reorder cleanup operations to avoid use-after-free bug 2023-09-09 21:54:20 +02:00
sparc sparc: mark __arch_xchg() as __always_inline 2023-07-13 09:54:32 -07:00
um x86/alternative: Rename apply_ibt_endbr() 2023-07-10 09:52:23 +02:00
x86 - Fix a lockdep warning when the event given is the first one, no event 2023-07-16 13:46:08 -07:00
xtensa xtensa: fix unaligned and load/store configuration interaction 2023-07-10 21:41:04 -07:00
.gitignore
Kconfig - Arnd Bergmann has fixed a bunch of -Wmissing-prototypes in 2023-06-28 10:59:38 -07:00