Go to file
Chengming Zhou 90e8234988 mm/ksm: fix possible UAF of stable_node
The commit 2c653d0ee2 ("ksm: introduce ksm_max_page_sharing per page
deduplication limit") introduced a possible failure case in the
stable_tree_insert(), where we may free the new allocated stable_node_dup
if we fail to prepare the missing chain node.

Then that kfolio return and unlock with a freed stable_node set...  And
any MM activities can come in to access kfolio->mapping, so UAF.

Fix it by moving folio_set_stable_node() to the end after stable_node
is inserted successfully.

Link: https://lkml.kernel.org/r/20240513-b4-ksm-stable-node-uaf-v1-1-f687de76f452@linux.dev
Fixes: 2c653d0ee2 ("ksm: introduce ksm_max_page_sharing per page deduplication limit")
Signed-off-by: Chengming Zhou <chengming.zhou@linux.dev>
Acked-by: David Hildenbrand <david@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Stefan Roesch <shr@devkernel.io>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-05-24 11:55:08 -07:00
arch arm64: patching: fix handling of execmem addresses 2024-05-24 11:55:06 -07:00
block Compactifying bdev flags 2024-05-21 13:02:56 -07:00
certs kbuild: use $(src) instead of $(srctree)/$(src) for source directory 2024-05-10 04:34:52 +09:00
crypto This push fixes a bug in the new ecc P521 code as well as a buggy 2024-05-20 08:47:54 -07:00
Documentation lib: add version into /proc/allocinfo output 2024-05-24 11:55:05 -07:00
drivers - A series ("kbuild: enable more warnings by default") from Arnd 2024-05-22 18:59:29 -07:00
fs mm: /proc/pid/smaps_rollup: avoid skipping vma after getting mmap_lock again 2024-05-24 11:55:07 -07:00
include kasan, fortify: properly rename memintrinsics 2024-05-24 11:55:05 -07:00
init Driver core changes for 6.10-rc1 2024-05-22 12:13:40 -07:00
io_uring Assorted commits that had missed the last merge window... 2024-05-21 13:11:44 -07:00
ipc Mainly singleton patches, documented in their respective changelogs. 2024-05-19 14:02:03 -07:00
kernel Driver core changes for 6.10-rc1 2024-05-22 12:13:40 -07:00
lib lib: add version into /proc/allocinfo output 2024-05-24 11:55:05 -07:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm mm/ksm: fix possible UAF of stable_node 2024-05-24 11:55:08 -07:00
net more s390 updates for 6.10 merge window 2024-05-21 12:09:36 -07:00
rust LoongArch changes for v6.10 2024-05-22 09:43:07 -07:00
samples Char/Misc and other driver subsystem changes for 6.10-rc1 2024-05-22 12:26:46 -07:00
scripts - A series ("kbuild: enable more warnings by default") from Arnd 2024-05-22 18:59:29 -07:00
security KEYS: trusted: Do not use WARN when encode fails 2024-05-21 02:35:10 +03:00
sound - Core Frameworks 2024-05-22 10:49:54 -07:00
tools selftests/mm: fix build warnings on ppc64 2024-05-24 11:55:06 -07:00
usr kbuild: use $(src) instead of $(srctree)/$(src) for source directory 2024-05-10 04:34:52 +09:00
virt The usual shower of singleton fixes and minor series all over MM, 2024-05-19 09:21:03 -07:00
.clang-format clang-format: Update with v6.7-rc4's for_each macro list 2023-12-08 23:54:38 +01:00
.cocciconfig
.editorconfig Add .editorconfig file for basic formatting 2023-12-28 16:22:47 +09:00
.get_maintainer.ignore Add Jeff Kirsher to .get_maintainer.ignore 2024-03-08 11:36:54 +00:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: create a list of all built DTB files 2024-02-19 18:20:39 +09:00
.mailmap mailmap: update email address for Satya Priya 2024-05-24 11:55:05 -07:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Drop Gustavo Pimentel as PCI DWC Maintainer 2024-03-27 13:41:02 -05:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Char/Misc and other driver subsystem changes for 6.10-rc1 2024-05-22 12:26:46 -07:00
Makefile arch: add ARCH_HAS_KERNEL_FPU_SUPPORT 2024-05-19 14:36:17 -07:00
README README: Fix spelling 2024-03-18 03:36:32 -06:00

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.