linux

korg/linux

mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-14 07:44:21 +08:00

Go to file

Kumar Kartikeya Dwivedi 7aa5a19279 bpf: Defer work in bpf_timer_cancel_and_free [ Upstream commit `a6fcd19d7e` ] Currently, the same case as previous patch (two timer callbacks trying to cancel each other) can be invoked through bpf_map_update_elem as well, or more precisely, freeing map elements containing timers. Since this relies on hrtimer_cancel as well, it is prone to the same deadlock situation as the previous patch. It would be sufficient to use hrtimer_try_to_cancel to fix this problem, as the timer cannot be enqueued after async_cancel_and_free. Once async_cancel_and_free has been done, the timer must be reinitialized before it can be armed again. The callback running in parallel trying to arm the timer will fail, and freeing bpf_hrtimer without waiting is sufficient (given kfree_rcu), and bpf_timer_cb will return HRTIMER_NORESTART, preventing the timer from being rearmed again. However, there exists a UAF scenario where the callback arms the timer before entering this function, such that if cancellation fails (due to timer callback invoking this routine, or the target timer callback running concurrently). In such a case, if the timer expiration is significantly far in the future, the RCU grace period expiration happening before it will free the bpf_hrtimer state and along with it the struct hrtimer, that is enqueued. Hence, it is clear cancellation needs to occur after async_cancel_and_free, and yet it cannot be done inline due to deadlock issues. We thus modify bpf_timer_cancel_and_free to defer work to the global workqueue, adding a work_struct alongside rcu_head (both used at _different_ points of time, so can share space). Update existing code comments to reflect the new state of affairs. Fixes: `b00628b1c7` ("bpf: Introduce bpf timers.") Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20240709185440.1104957-3-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2024-07-18 13:22:40 +02:00
arch	arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B	2024-07-11 12:51:20 +02:00
block	block: check for max_hw_sectors underflow	2024-07-11 12:51:22 +02:00
certs	This update includes the following changes:	2023-11-02 16:15:30 -10:00
crypto	crypto: aead,cipher - zeroize key buffer after use	2024-07-11 12:50:58 +02:00
Documentation	kbuild: doc: Update default INSTALL_MOD_DIR from extra to updates	2024-07-05 09:38:06 +02:00
drivers	net: ethernet: lantiq_etop: fix double free in detach	2024-07-18 13:22:39 +02:00
fs	minixfs: Fix minixfs_rename with HIGHMEM	2024-07-18 13:22:39 +02:00
include	spi: add defer_optimize_message controller flag	2024-07-18 13:22:38 +02:00
init	printk: Fix LOG_CPU_MAX_BUF_SHIFT when BASE_SMALL is enabled	2024-06-12 11:39:35 +02:00
io_uring	io_uring: signal SQPOLL task_work with TWA_SIGNAL_NO_IPI	2024-07-05 09:38:15 +02:00
ipc	sysctl changes for v6.9-rc1	2024-03-18 14:59:13 -07:00
kernel	bpf: Defer work in bpf_timer_cancel_and_free	2024-07-18 13:22:40 +02:00
lib	kunit: Fix timeout message	2024-07-11 12:51:04 +02:00
LICENSES	LICENSES: Add the copyleft-next-0.3.1 license	2022-11-08 15:44:01 +01:00
mm	Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"	2024-07-11 12:51:17 +02:00
net	net: fix rc7's __skb_datagram_iter()	2024-07-18 13:22:39 +02:00
rust	rust: remove `params` from `module` macro example	2024-04-25 17:34:33 +02:00
samples	samples/landlock: Fix incorrect free in populate_ruleset_net	2024-05-30 09:45:01 +02:00
scripts	kbuild: fix short log for AS in link-vmlinux.sh	2024-07-11 12:51:23 +02:00
security	evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509	2024-07-05 09:38:00 +02:00
sound	ALSA: ump: Set default protocol when not given explicitly	2024-07-11 12:51:23 +02:00
tools	libbpf: don't close(-1) in multi-uprobe feature detector	2024-07-11 12:51:24 +02:00
usr	Kbuild updates for v6.8	2024-01-18 17:57:07 -08:00
virt	virt: guest_memfd: fix reference leak on hwpoisoned page	2024-06-27 13:52:31 +02:00
.clang-format	clang-format: Update with v6.7-rc4's `for_each` macro list	2023-12-08 23:54:38 +01:00
.cocciconfig
.editorconfig	.editorconfig: remove trim_trailing_whitespace option	2024-06-21 14:40:11 +02:00
.get_maintainer.ignore	Add Jeff Kirsher to .get_maintainer.ignore	2024-03-08 11:36:54 +00:00
.gitattributes	.gitattributes: set diff driver for Rust source code files	2023-05-31 17:48:25 +02:00
.gitignore	kbuild: create a list of all built DTB files	2024-02-19 18:20:39 +09:00
.mailmap	18 hotfixes, 7 of which are cc:stable.	2024-05-10 14:16:03 -07:00
.rustfmt.toml	rust: add `.rustfmt.toml`	2022-09-28 09:02:20 +02:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	MAINTAINERS: Drop Gustavo Pimentel as PCI DWC Maintainer	2024-03-27 13:41:02 -05:00
Kbuild	Kbuild updates for v6.1	2022-10-10 12:00:45 -07:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	cpufreq: amd-pstate: remove global header file	2024-06-21 14:40:00 +02:00
Makefile	Linux 6.9.9	2024-07-11 12:51:24 +02:00
README	README: Fix spelling	2024-03-18 03:36:32 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.