korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-20 21:04:40 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,154,699 Commits 115 Branches 5,368 Tags 4.6 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
9af31d6ec1
Go to file
Li Zetao 9af31d6ec1 ubi: Fix use-after-free when volume resizing failed 
There is an use-after-free problem reported by KASAN:
  ==================================================================
  BUG: KASAN: use-after-free in ubi_eba_copy_table+0x11f/0x1c0 [ubi]
  Read of size 8 at addr ffff888101eec008 by task ubirsvol/4735

  CPU: 2 PID: 4735 Comm: ubirsvol
  Not tainted 6.1.0-rc1-00003-g84fa3304a7fc-dirty #14
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
  BIOS 1.14.0-1.fc33 04/01/2014
  Call Trace:
   <TASK>
   dump_stack_lvl+0x34/0x44
   print_report+0x171/0x472
   kasan_report+0xad/0x130
   ubi_eba_copy_table+0x11f/0x1c0 [ubi]
   ubi_resize_volume+0x4f9/0xbc0 [ubi]
   ubi_cdev_ioctl+0x701/0x1850 [ubi]
   __x64_sys_ioctl+0x11d/0x170
   do_syscall_64+0x35/0x80
   entry_SYSCALL_64_after_hwframe+0x46/0xb0
   </TASK>

When ubi_change_vtbl_record() returns an error in ubi_resize_volume(),
"new_eba_tbl" will be freed on error handing path, but it is holded
by "vol->eba_tbl" in ubi_eba_replace_table(). It means that the liftcycle
of "vol->eba_tbl" and "vol" are different, so when resizing volume in
next time, it causing an use-after-free fault.

Fix it by not freeing "new_eba_tbl" after it replaced in
ubi_eba_replace_table(), while will be freed in next volume resizing.

Fixes: 801c135ce7 ("UBI: Unsorted Block Images")
Signed-off-by: Li Zetao <lizetao1@huawei.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
2023-02-02 21:13:41 +01:00
arch ARM: SoC DT and driver fixes 6.2 2023-01-20 11:00:03 -08:00
block block-6.2-2023-01-20 2023-01-20 12:44:41 -08:00
certs certs: make system keyring depend on built-in x509 parser 2022-09-24 04:31:18 +09:00
crypto This update includes the following changes: 2022-12-14 12:31:09 -08:00
Documentation Char/Misc driver fixes for 6.2-rc5 2023-01-21 11:20:55 -08:00
drivers ubi: Fix use-after-free when volume resizing failed 2023-02-02 21:13:41 +01:00
fs ubifs: Reserve one leb for each journal head while doing budget 2023-02-02 21:13:40 +01:00
include USB / Thunderbolt fixes for 6.2-rc5 2023-01-21 11:10:03 -08:00
init Kbuild fixes for v6.2 (3rd) 2023-01-21 10:56:37 -08:00
io_uring io_uring/poll: don't reissue in case of poll race on multishot request 2023-01-20 15:11:54 -07:00
ipc Non-MM patches for 6.2-rc1. 2022-12-12 17:28:58 -08:00
kernel Driver core fixes for 6.2-rc5 2023-01-21 11:17:23 -08:00
lib v6.2 second rc pull request 2023-01-20 14:15:51 -08:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm slab fixes for 6.2-rc5 2023-01-19 12:24:39 -08:00
net tcp: fix rate_app_limited to default to 1 2023-01-20 13:23:35 +00:00
rust rust: types: add Opaque type 2022-12-04 01:59:16 +01:00
samples Char/Misc driver changes for 6.2-rc1 2022-12-16 03:49:24 -08:00
scripts Kbuild fixes for v6.2 (3rd) 2023-01-21 10:56:37 -08:00
security tomoyo: Update website link 2023-01-13 23:11:38 +09:00
sound sound fixes for 6.2-rc4 2023-01-13 08:20:29 -06:00
tools linux-kselftest-fixes-6.2-rc5 2023-01-20 11:35:21 -08:00
usr usr/gen_init_cpio.c: remove unnecessary -1 values from int file 2022-10-03 14:21:44 -07:00
virt KVM: Ensure lockdep knows about kvm->lock vs. vcpu->mutex ordering rule 2023-01-11 13:32:21 -05:00
.clang-format iommufd for 6.2 2022-12-14 09:15:43 -08:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore *.rpm 2022-12-30 17:22:14 +09:00
.mailmap 21 hotfixes. Thirteen of these address pre-6.1 issues and hence have 2023-01-16 16:36:39 -08:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: zram: zsmalloc: Add an additional co-maintainer 2022-12-15 16:37:49 -08:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS ACPI fixes for 6.2-rc5 2023-01-20 11:11:35 -08:00
Makefile Linux 6.2-rc5 2023-01-21 16:27:01 -08:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.