korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-14 01:34:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,065,587 Commits 115 Branches 5,359 Tags 7.4 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
98fb5eaade
Go to file
David Howells 98fb5eaade afs: Fix use-after-free due to get/remove race in volume tree 
[ Upstream commit 9a6b294ab4 ]

When an afs_volume struct is put, its refcount is reduced to 0 before
the cell->volume_lock is taken and the volume removed from the
cell->volumes tree.

Unfortunately, this means that the lookup code can race and see a volume
with a zero ref in the tree, resulting in a use-after-free:

    refcount_t: addition on 0; use-after-free.
    WARNING: CPU: 3 PID: 130782 at lib/refcount.c:25 refcount_warn_saturate+0x7a/0xda
    ...
    RIP: 0010:refcount_warn_saturate+0x7a/0xda
    ...
    Call Trace:
     afs_get_volume+0x3d/0x55
     afs_create_volume+0x126/0x1de
     afs_validate_fc+0xfe/0x130
     afs_get_tree+0x20/0x2e5
     vfs_get_tree+0x1d/0xc9
     do_new_mount+0x13b/0x22e
     do_mount+0x5d/0x8a
     __do_sys_mount+0x100/0x12a
     do_syscall_64+0x3a/0x94
     entry_SYSCALL_64_after_hwframe+0x62/0x6a

Fix this by:

 (1) When putting, use a flag to indicate if the volume has been removed
     from the tree and skip the rb_erase if it has.

 (2) When looking up, use a conditional ref increment and if it fails
     because the refcount is 0, replace the node in the tree and set the
     removal flag.

Fixes: 20325960f8 ("afs: Reorganise volume and server trees to be rooted on the cell")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-01-05 15:13:30 +01:00
arch s390/vx: fix save/restore of fpu kernel context 2024-01-05 15:13:28 +01:00
block blk-cgroup: bypass blkcg_deactivate_policy after destroying 2023-12-20 15:17:39 +01:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-22 14:22:01 +02:00
crypto crypto: pcrypt - Fix hungtask for PADATA_RESET 2023-11-28 16:56:18 +00:00
Documentation docs/process/howto: Replace C89 with C11 2023-12-13 18:36:46 +01:00
drivers net: mana: select PAGE_POOL 2024-01-05 15:13:29 +01:00
fs afs: Fix use-after-free due to get/remove race in volume tree 2024-01-05 15:13:30 +01:00
include afs: Use refcount_t rather than atomic_t 2024-01-05 15:13:30 +01:00
init proc: sysctl: prevent aliased sysctls from getting passed to init 2023-12-03 07:31:24 +01:00
io_uring io_uring/af_unix: disable sending io_uring over sockets 2023-12-13 18:36:46 +01:00
ipc ipc/sem: Fix dangling sem_array access in semtimedop race 2022-12-08 11:28:45 +01:00
kernel tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols 2023-12-23 10:42:00 +01:00
lib parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes 2023-12-08 08:48:02 +01:00
LICENSES LICENSES/dual/CC-BY-4.0: Git rid of "smart quotes" 2021-07-15 06:31:24 -06:00
mm kasan: disable kasan_non_canonical_hook() for HW tags 2023-12-23 10:42:00 +01:00
net keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry 2024-01-05 15:13:30 +01:00
samples samples/hw_breakpoint: fix building without module unloading 2023-09-23 11:10:01 +02:00
scripts sign-file: Fix incorrect return values check 2023-12-20 15:17:37 +01:00
security keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry 2024-01-05 15:13:30 +01:00
sound ALSA: hda/realtek: Apply mute LED quirk for HP15-db 2023-12-20 15:17:38 +01:00
tools tools headers UAPI: Sync linux/perf_event.h with the kernel sources 2023-12-13 18:36:46 +01:00
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage 2022-02-01 17:27:15 +01:00
virt KVM: Grab a reference to KVM for VM and vCPU stats file descriptors 2023-08-03 10:22:40 +02:00
.clang-format clang-format: Update with the latest for_each macro list 2021-05-12 23:32:39 +02:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore only top-level modules.builtin 2021-05-02 00:43:35 +09:00
.mailmap mailmap: add Andrej Shadura 2021-10-18 20:22:03 -10:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Daniel Drake to credits 2021-09-21 08:34:58 +03:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS iio: stx104: Move to addac subdirectory 2023-08-26 14:23:27 +02:00
Makefile Linux 5.15.145 2023-12-23 10:42:00 +01:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.