Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-17 18:56:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,235,283 Commits 106 Branches 5,195 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
David Howells 9a6b294ab4 afs: Fix use-after-free due to get/remove race in volume tree 
When an afs_volume struct is put, its refcount is reduced to 0 before
the cell->volume_lock is taken and the volume removed from the
cell->volumes tree.

Unfortunately, this means that the lookup code can race and see a volume
with a zero ref in the tree, resulting in a use-after-free:

    refcount_t: addition on 0; use-after-free.
    WARNING: CPU: 3 PID: 130782 at lib/refcount.c:25 refcount_warn_saturate+0x7a/0xda
    ...
    RIP: 0010:refcount_warn_saturate+0x7a/0xda
    ...
    Call Trace:
     afs_get_volume+0x3d/0x55
     afs_create_volume+0x126/0x1de
     afs_validate_fc+0xfe/0x130
     afs_get_tree+0x20/0x2e5
     vfs_get_tree+0x1d/0xc9
     do_new_mount+0x13b/0x22e
     do_mount+0x5d/0x8a
     __do_sys_mount+0x100/0x12a
     do_syscall_64+0x3a/0x94
     entry_SYSCALL_64_after_hwframe+0x62/0x6a

Fix this by:

 (1) When putting, use a flag to indicate if the volume has been removed
     from the tree and skip the rb_erase if it has.

 (2) When looking up, use a conditional ref increment and if it fails
     because the refcount is 0, replace the node in the tree and set the
     removal flag.

Fixes: 20325960f875 ("afs: Reorganise volume and server trees to be rooted on the cell")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2023-12-21 10:16:07 -08:00
arch
posix-timers: Get rid of [COMPAT_]SYS_NI() uses
2023-12-20 21:30:27 -08:00
block
block-6.7-2023-12-01
2023-12-02 06:39:30 +09:00
certs
This update includes the following changes:
2023-11-02 16:15:30 -10:00
crypto
This push fixes a regression in ahash and hides the Kconfig sub-options for the jitter RNG.
2023-11-09 17:04:58 -08:00
Documentation
drm fixes for 6.7-rc6
2023-12-15 11:07:13 -08:00
drivers
Including fixes from WiFi and bpf.
2023-12-21 09:15:37 -08:00
fs
afs: Fix use-after-free due to get/remove race in volume tree
2023-12-21 10:16:07 -08:00
include
AFS fixes
2023-12-21 09:53:25 -08:00
init
As usual, lots of singleton and doubleton patches all over the tree and
2023-11-02 20:53:31 -10:00
io_uring
io_uring/cmd: fix breakage in SOCKET_URING_OP_SIOC* implementation
2023-12-14 16:52:13 -07:00
ipc
Many singleton patches against the MM code. The patch series which are
2023-11-02 19:38:47 -10:00
kernel
Tracing fixes for 6.7:
2023-12-21 09:31:45 -08:00
lib
ida: Fix crash in ida_free when the bitmap is empty
2023-12-21 10:02:28 -08:00
LICENSES
LICENSES: Add the copyleft-next-0.3.1 license
2022-11-08 15:44:01 +01:00
mm
mm/mglru: reclaim offlined memcgs harder
2023-12-12 17:20:20 -08:00
net
AFS fixes
2023-12-21 09:53:25 -08:00
rust
Kbuild updates for v6.7
2023-11-04 08:07:19 -10:00
samples
Landlock updates for v6.7-rc1
2023-11-03 09:28:53 -10:00
scripts
sign-file: Fix incorrect return values check
2023-12-13 12:55:11 -08:00
security
keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry
2023-12-21 13:47:38 +00:00
sound
ALSA: hda/tas2781: reset the amp before component_add
2023-12-14 12:04:38 +01:00
tools
Including fixes from WiFi and bpf.
2023-12-21 09:15:37 -08:00
usr
arch: Remove Itanium (IA-64) architecture
2023-09-11 08:13:17 +00:00
virt
Revert "KVM: Prevent module exit until all VMs are freed"
2023-12-01 08:12:30 -08:00
.clang-format
iommu: Add for_each_group_device()
2023-05-23 08:15:51 +02:00
.cocciconfig
scripts: add Linux .cocciconfig for coccinelle
2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
get_maintainer: add Alan to .get_maintainer.ignore
2022-08-20 15:17:44 -07:00
.gitattributes
.gitattributes: set diff driver for Rust source code files
2023-05-31 17:48:25 +02:00
.gitignore
kbuild: rpm-pkg: generate kernel.spec in rpmbuild/SPECS/
2023-10-03 20:49:09 +09:00
.mailmap
mailmap: add entries for Geliang Tang
2023-12-17 20:54:22 +00:00
.rustfmt.toml
rust: add .rustfmt.toml
2022-09-28 09:02:20 +02:00
COPYING
COPYING: state that all contributions really are covered by this file
2020-02-10 13:32:20 -08:00
CREDITS
MAINTAINERS: drop Antti Palosaari
2023-12-06 16:12:49 -08:00
Kbuild
Kbuild updates for v6.1
2022-10-10 12:00:45 -07:00
Kconfig
kbuild: ensure full rebuild when the compiler is updated
2020-05-12 13:28:33 +09:00
MAINTAINERS
Including fixes from WiFi and bpf.
2023-12-21 09:15:37 -08:00
Makefile
Linux 6.7-rc6
2023-12-17 15:19:28 -08:00
README
Drop all 00-INDEX files from Documentation/
2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Description
Linux kernel stable tree
Readme 6.1 GiB
Languages
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%