linux

korg/linux

mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-17 16:14:25 +08:00

Go to file

Gui-Dong Han c8e0fb0da8 usb: mon: Fix atomicity violation in mon_bin_vma_fault commit `2dd23cc4d0` upstream. In mon_bin_vma_fault(): offset = vmf->pgoff << PAGE_SHIFT; if (offset >= rp->b_size) return VM_FAULT_SIGBUS; chunk_idx = offset / CHUNK_SIZE; pageptr = rp->b_vec[chunk_idx].pg; The code is executed without holding any lock. In mon_bin_vma_close(): spin_lock_irqsave(&rp->b_lock, flags); rp->mmap_active--; spin_unlock_irqrestore(&rp->b_lock, flags); In mon_bin_ioctl(): spin_lock_irqsave(&rp->b_lock, flags); if (rp->mmap_active) { ... } else { ... kfree(rp->b_vec); rp->b_vec = vec; rp->b_size = size; ... } spin_unlock_irqrestore(&rp->b_lock, flags); Concurrent execution of mon_bin_vma_fault() with mon_bin_vma_close() and mon_bin_ioctl() could lead to atomicity violations. mon_bin_vma_fault() accesses rp->b_size and rp->b_vec without locking, risking array out-of-bounds access or use-after-free bugs due to possible modifications in mon_bin_ioctl(). This possible bug is found by an experimental static analysis tool developed by our team, BassCheck[1]. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported when our tool analyzes the source code of Linux 6.2. To address this issue, it is proposed to add a spin lock pair in mon_bin_vma_fault() to ensure atomicity. With this patch applied, our tool never reports the possible bug, with the kernel configuration allyesconfig for x86_64. Due to the lack of associated hardware, we cannot test the patch in runtime testing, and just verify it according to the code logic. [1] https://sites.google.com/view/basscheck/ Fixes: `19e6317d24` ("usb: mon: Fix a deadlock in usbmon between ...") Cc: <stable@vger.kernel.org> Signed-off-by: Gui-Dong Han <2045gemini@gmail.com> Link: https://lore.kernel.org/r/20240105052412.9377-1-2045gemini@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2024-01-25 15:35:43 -08:00
arch	powerpc/64s: Increase default stack size to 32KB	2024-01-25 15:35:42 -08:00
block	blk-cgroup: fix rcu lockdep warning in blkg_lookup()	2024-01-25 15:35:30 -08:00
certs	certs: Reference revocation list for all keyrings	2023-08-17 20:12:41 +00:00
crypto	crypto: scomp - fix req->dst buffer overflow	2024-01-25 15:35:18 -08:00
Documentation	media: dt-bindings: media: rkisp1: Fix the port description for the parallel interface	2024-01-25 15:35:35 -08:00
drivers	usb: mon: Fix atomicity violation in mon_bin_vma_fault	2024-01-25 15:35:43 -08:00
fs	Revert "kernfs: convert kernfs_idr_lock to an irq safe raw spinlock"	2024-01-25 15:35:41 -08:00
include	gpiolib: provide gpio_device_find()	2024-01-25 15:35:39 -08:00
init	proc: sysctl: prevent aliased sysctls from getting passed to init	2023-11-28 17:19:57 +00:00
io_uring	io_uring: use fget/fput consistently	2024-01-20 11:51:38 +01:00
ipc	Add x86 shadow stack support	2023-08-31 12:20:12 -07:00
kernel	tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug	2024-01-25 15:35:42 -08:00
lib	kunit: debugfs: Fix unchecked dereference in debugfs_print_results()	2024-01-25 15:35:15 -08:00
LICENSES	LICENSES: Add the copyleft-next-0.3.1 license	2022-11-08 15:44:01 +01:00
mm	mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval	2024-01-20 11:51:49 +01:00
net	keys, dns: Fix size check of V1 server-list header	2024-01-25 15:35:41 -08:00
rust	rust: Ignore preserve-most functions	2024-01-25 15:35:41 -08:00
samples	vfio/mtty: Overhaul mtty interrupt handling	2024-01-10 17:16:55 +01:00
scripts	scripts/decode_stacktrace.sh: optionally use LLVM utilities	2024-01-20 11:51:49 +01:00
security	selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket	2024-01-25 15:35:15 -08:00
sound	ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()	2024-01-25 15:35:39 -08:00
tools	selftests/bpf: Add assert for user stacks in test_task_stack	2024-01-25 15:35:41 -08:00
usr	initramfs: Encode dependency on KBUILD_BUILD_TIMESTAMP	2023-06-06 17:54:49 +09:00
virt	ARM:	2023-09-07 13:52:20 -07:00
.clang-format	iommu: Add for_each_group_device()	2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore	get_maintainer: add Alan to .get_maintainer.ignore	2022-08-20 15:17:44 -07:00
.gitattributes	.gitattributes: set diff driver for Rust source code files	2023-05-31 17:48:25 +02:00
.gitignore	kbuild: rpm-pkg: rename binkernel.spec to kernel.spec	2023-07-25 00:59:33 +09:00
.mailmap	20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues	2023-10-24 09:52:16 -10:00
.rustfmt.toml	rust: add `.rustfmt.toml`	2022-09-28 09:02:20 +02:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	USB: Remove Wireless USB and UWB documentation	2023-08-09 14:17:32 +02:00
Kbuild	Kbuild updates for v6.1	2022-10-10 12:00:45 -07:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	Char/Misc driver fixes for 6.6-final	2023-10-28 07:51:27 -10:00
Makefile	Linux 6.6.13	2024-01-20 11:51:49 +01:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.