Go to file
Suren Baghdasaryan a06247c680 psi: Fix uaf issue when psi trigger is destroyed while being polled
With write operation on psi files replacing old trigger with a new one,
the lifetime of its waitqueue is totally arbitrary. Overwriting an
existing trigger causes its waitqueue to be freed and pending poll()
will stumble on trigger->event_wait which was destroyed.
Fix this by disallowing to redefine an existing psi trigger. If a write
operation is used on a file descriptor with an already existing psi
trigger, the operation will fail with EBUSY error.
Also bypass a check for psi_disabled in the psi_trigger_destroy as the
flag can be flipped after the trigger is created, leading to a memory
leak.

Fixes: 0e94682b73 ("psi: introduce psi monitor")
Reported-by: syzbot+cdb5dd11c97cc532efad@syzkaller.appspotmail.com
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Analyzed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220111232309.1786347-1-surenb@google.com
2022-01-18 12:09:57 +01:00
arch Rework of the MSI interrupt infrastructure: 2022-01-13 09:05:29 -08:00
block Convert xfs/iomap to use folios 2022-01-12 12:51:41 -08:00
certs certs: Add support for using elliptic curve keys for signing modules 2021-08-23 19:55:42 +03:00
crypto tpmdd updates for Linux v5.17 2022-01-11 12:58:41 -08:00
Documentation psi: Fix uaf issue when psi trigger is destroyed while being polled 2022-01-18 12:09:57 +01:00
drivers - qcom: misc updates to qcom-ipcc driver 2022-01-13 11:19:07 -08:00
fs dax + libnvdimm for v5.17 2022-01-12 15:46:11 -08:00
include psi: Fix uaf issue when psi trigger is destroyed while being polled 2022-01-18 12:09:57 +01:00
init Peter Zijlstra says: 2022-01-12 16:26:58 -08:00
ipc shm: extend forced shm destroy to support objects from several IPC nses 2021-11-20 10:35:54 -08:00
kernel psi: Fix uaf issue when psi trigger is destroyed while being polled 2022-01-18 12:09:57 +01:00
lib Convert much of the page cache to use folios 2022-01-12 12:37:02 -08:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm dax + libnvdimm for v5.17 2022-01-12 15:46:11 -08:00
net TTY/Serial driver updates for 5.17-rc1 2022-01-12 11:21:52 -08:00
samples - Get rid of all the .fixup sections because this generates 2022-01-12 16:31:19 -08:00
scripts - Get rid of all the .fixup sections because this generates 2022-01-12 16:31:19 -08:00
security fs.idmapped.v5.17 2022-01-11 14:26:55 -08:00
sound sound fixes for 5.16-rc7 2021-12-23 09:55:58 -08:00
tools - Get rid of all the .fixup sections because this generates 2022-01-12 16:31:19 -08:00
usr initramfs: Check timestamp to prevent broken cpio archive 2021-10-24 13:48:40 +09:00
virt Peter Zijlstra says: 2022-01-12 16:26:58 -08:00
.clang-format genirq/msi: Make interrupt allocation less convoluted 2021-12-16 22:22:20 +01:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore only top-level modules.builtin 2021-05-02 00:43:35 +09:00
.mailmap media updates for v5.17-rc1 2022-01-10 18:55:43 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Daniel Drake to credits 2021-09-21 08:34:58 +03:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Updates for the time(r) subsystem: 2022-01-13 09:02:27 -08:00
Makefile - Get rid of all the .fixup sections because this generates 2022-01-12 16:31:19 -08:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.