korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-21 20:22:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,295,995 Commits 111 Branches 5,157 Tags 4.7 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
3b3a2a9c63
Go to file
Stephen Hemminger 3b3a2a9c63 sch/netem: fix use after free in netem_dequeue 
If netem_dequeue() enqueues packet to inner qdisc and that qdisc
returns __NET_XMIT_STOLEN. The packet is dropped but
qdisc_tree_reduce_backlog() is not called to update the parent's
q.qlen, leading to the similar use-after-free as Commit
e04991a48dbaf382 ("netem: fix return value if duplicate enqueue
fails")

Commands to trigger KASAN UaF:

ip link add type dummy
ip link set lo up
ip link set dummy0 up
tc qdisc add dev lo parent root handle 1: drr
tc filter add dev lo parent 1: basic classid 1:1
tc class add dev lo classid 1:1 drr
tc qdisc add dev lo parent 1:1 handle 2: netem
tc qdisc add dev lo parent 2: handle 3: drr
tc filter add dev lo parent 3: basic classid 3:1 action mirred egress
redirect dev dummy0
tc class add dev lo classid 3:1 drr
ping -c1 -W0.01 localhost # Trigger bug
tc class del dev lo classid 1:1
tc class add dev lo classid 1:1 drr
ping -c1 -W0.01 localhost # UaF

Fixes: 50612537e9 ("netem: fix classful handling")
Reported-by: Budimir Markovic <markovicbudimir@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Link: https://patch.msgid.link/20240901182438.4992-1-stephen@networkplumber.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-09-03 11:44:23 -07:00
arch LoongArch: KVM: Invalidate guest steal time address on vCPU reset 2024-08-26 23:11:32 +08:00
block block: Read max write zeroes once for __blkdev_issue_write_zeroes() 2024-08-19 09:48:59 -06:00
certs kbuild: use $(src) instead of $(srctree)/$(src) for source directory 2024-05-10 04:34:52 +09:00
crypto crypto: testmgr - generate power-of-2 lengths more often 2024-07-13 11:50:28 +12:00
Documentation docs: ABI: update OCP TimeCard sysfs entries 2024-09-03 15:37:48 +02:00
drivers usbnet: modern method to get random MAC 2024-09-03 11:36:51 -07:00
fs nfsd-6.11 fixes: 2024-08-29 06:20:44 +12:00
include Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" 2024-08-30 17:56:53 -04:00
init Rust fixes for v6.11 2024-08-16 11:24:06 -07:00
io_uring io_uring/kbuf: sanitize peek buffer setup 2024-08-21 07:16:38 -06:00
ipc sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
kernel vfs-6.11-rc6.fixes 2024-08-27 16:57:35 +12:00
lib Random number generator fixes for Linux 6.11-rc6. 2024-08-29 13:59:18 +12:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm mm: Fix missing folio invalidation calls during truncation 2024-08-24 16:09:16 +02:00
net sch/netem: fix use after free in netem_dequeue 2024-09-03 11:44:23 -07:00
rust Rust fixes for v6.11 2024-08-16 11:24:06 -07:00
samples treewide: remove unnecessary <linux/version.h> inclusion 2024-08-12 18:36:44 +09:00
scripts net: drop special comment style 2024-08-23 10:21:02 +01:00
security KEYS: trusted: dcp: fix leak of blob encryption key 2024-08-15 22:01:14 +03:00
sound sound fixes for 6.11-rc6 2024-08-28 06:24:22 +12:00
tools Including fixes from bluetooth, wireless and netfilter. 2024-08-30 06:14:39 +12:00
usr initramfs: shorten cmd_initfs in usr/Makefile 2024-07-16 01:07:52 +09:00
virt KVM: x86: Disallow read-only memslots for SEV-ES and SEV-SNP (and TDX) 2024-08-14 12:28:24 -04:00
.clang-format Docs: Move clang-format from process/ to dev-tools/ 2024-06-26 16:36:00 -06:00
.cocciconfig
.editorconfig .editorconfig: remove trim_trailing_whitespace option 2024-06-13 16:47:52 +02:00
.get_maintainer.ignore Add Jeff Kirsher to .get_maintainer.ignore 2024-03-08 11:36:54 +00:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: add script and target to generate pacman package 2024-07-22 01:24:22 +09:00
.mailmap mailmap: update entry for Sriram Yagnaraman 2024-08-29 10:53:46 +02:00
.rustfmt.toml
COPYING
CREDITS tracing: Update of MAINTAINERS and CREDITS file 2024-07-18 14:08:42 -07:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig
MAINTAINERS MAINTAINERS: exclude bluetooth and wireless DT bindings from netdev ML 2024-08-29 12:51:44 -07:00
Makefile Linux 6.11-rc5 2024-08-25 19:07:11 +12:00
README README: Fix spelling 2024-03-18 03:36:32 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.