2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-24 21:24:00 +08:00
linux-next/Documentation
Eric Biggers af8d3c7c00 ppp: remove the PPPIOCDETACH ioctl
The PPPIOCDETACH ioctl effectively tries to "close" the given ppp file
before f_count has reached 0, which is fundamentally a bad idea.  It
does check 'f_count < 2', which excludes concurrent operations on the
file since they would only be possible with a shared fd table, in which
case each fdget() would take a file reference.  However, it fails to
account for the fact that even with 'f_count == 1' the file can still be
linked into epoll instances.  As reported by syzbot, this can trivially
be used to cause a use-after-free.

Yet, the only known user of PPPIOCDETACH is pppd versions older than
ppp-2.4.2, which was released almost 15 years ago (November 2003).
Also, PPPIOCDETACH apparently stopped working reliably at around the
same time, when the f_count check was added to the kernel, e.g. see
https://lkml.org/lkml/2002/12/31/83.  Also, the current 'f_count < 2'
check makes PPPIOCDETACH only work in single-threaded applications; it
always fails if called from a multithreaded application.

All pppd versions released in the last 15 years just close() the file
descriptor instead.

Therefore, instead of hacking around this bug by exporting epoll
internals to modules, and probably missing other related bugs, just
remove the PPPIOCDETACH ioctl and see if anyone actually notices.  Leave
a stub in place that prints a one-time warning and returns EINVAL.

Reported-by: syzbot+16363c99d4134717c05b@syzkaller.appspotmail.com
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Paul Mackerras <paulus@ozlabs.org>
Reviewed-by: Guillaume Nault <g.nault@alphalink.fr>
Tested-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-24 22:55:07 -04:00
..
ABI cxl: Report the tunneled operations status 2018-05-15 21:30:01 +10:00
accelerators ocxl: Document the OCXL_IOCTL_GET_METADATA IOCTL 2018-03-02 13:02:15 +11:00
accounting
acpi ACPI / LPIT: Add Low Power Idle Table (LPIT) support 2017-10-11 15:38:10 +02:00
admin-guide PM: docs: intel_pstate: fix Active Mode w/o HWP paragraph 2018-05-09 12:16:44 +02:00
aoe
arm MTD changes: 2018-04-06 12:15:41 -07:00
arm64 ARM: 2018-04-09 11:42:31 -07:00
auxdisplay
backlight
block block, bfq: move debug blkio stats behind CONFIG_DEBUG_BLK_CGROUP 2017-11-14 20:13:33 -07:00
blockdev SCSI misc on 20170907 2017-09-07 21:11:05 -07:00
bpf bpf: Document sockmap '-target bpf' requirement for PROG_TYPE_SK_MSG 2018-04-23 23:42:21 +02:00
bus-devices
cdrom Documentation/cdrom: fix German sharp s in LaTex 2018-03-08 19:35:29 -07:00
cgroup-v1 page cache: use xa_lock 2018-04-11 10:28:39 -07:00
cma
connector
console
core-api textsearch: fix kernel-doc warnings and add kernel-api section 2018-04-16 18:53:13 -04:00
cpu-freq cpufreq: Drop cpufreq_table_validate_and_show() 2018-04-10 08:40:45 +02:00
cpuidle cpuidle: Add definition of residency to sysfs documentation 2018-04-09 13:44:37 +02:00
crypto crypto: doc - clarify hash callbacks state machine 2018-03-31 01:33:02 +08:00
dev-tools There's been a fair amount of activity in Documentation/ this time around: 2018-04-03 13:35:51 -07:00
device-mapper dm thin: update Documentation to clarify when "read_only" is valid 2018-05-10 11:18:49 -04:00
devicetree Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-05-21 08:37:48 -07:00
doc-guide MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04 06:21:06 -04:00
driver-api Driver core fixes for 4.17-rc3 2018-04-27 10:12:20 -07:00
driver-model serdev: Introduce devm_serdev_device_open() 2018-01-08 10:08:34 +00:00
early-userspace
EDID
extcon
fault-injection Documentation: nvme: Documentation for nvme fault injection 2018-03-26 08:53:43 -06:00
fb documentation: fb: update list of available compiled-in fonts 2017-11-08 03:39:52 -07:00
features arch: remove obsolete architecture ports 2018-04-02 20:20:12 -07:00
filesystems Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs 2018-04-13 16:55:41 -07:00
firmware_class
fmc
fpga fpga: mgr: separate getting/locking FPGA manager 2017-11-28 16:30:37 +01:00
gpio Documentation: gpio: Move drivers-on-gpio.txt to driver-api 2018-03-23 04:22:29 +01:00
gpu Linux 4.16-rc7 2018-03-28 14:30:41 +10:00
hid Documentation: fix input related doc refs 2017-10-12 11:14:06 -06:00
hwmon hwmon: (lm92) Add max6635 to lm92_id[] 2018-03-22 09:33:24 -07:00
i2c Documentation/i2c: adopt kernel commenting style in examples 2018-04-18 10:09:44 +02:00
ia64 ia64: doc: tweak whitespace for 'console=' parameter 2018-03-05 14:41:38 -08:00
ide
iio
infiniband Documentation/ABI: update infiniband sysfs interfaces 2018-02-23 08:18:33 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2018-04-05 13:21:57 -07:00
ioctl staging: irda: remove remaining remants of irda code removal 2018-04-16 11:26:49 +02:00
isdn Documentation/isdn: check and fix dead links ... 2018-03-26 12:31:13 -04:00
kbuild Kconfig updates for v4.17 2018-04-03 16:28:01 -07:00
kdump
kernel-hacking Documentation: Fix misconversion of #if 2018-01-17 16:45:01 -07:00
laptops Documentation: fix admin-guide doc refs 2017-10-12 11:13:28 -06:00
leds Documentation: leds: Update 00-INDEX file 2017-10-23 20:17:03 +02:00
lightnvm
livepatch livepatch: Allow to call a custom callback when freeing shadow variables 2018-04-17 13:42:48 +02:00
locking Linux 4.16-rc2 2018-02-21 09:57:55 +01:00
m68k
maintainer docs: Add an intro note to the maintainers handbook 2017-12-11 14:46:10 -07:00
md raid5-ppl: PPL support for disks with write-back cache enabled 2018-01-15 14:29:42 -08:00
media MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04 06:21:06 -04:00
memory-devices
mic
mips Documentation: mips: Update AU1xxx_IDE Kconfig dependencies 2018-02-01 12:45:35 -07:00
misc-devices
mmc
mtd mtd: spi-nor: add an API to restore the status of SPI flash chip 2017-12-13 00:36:00 +01:00
namespaces
netlabel
networking ppp: remove the PPPIOCDETACH ioctl 2018-05-24 22:55:07 -04:00
nfc
nios2
nvdimm
nvmem NVMEM documentation fix: A minor typo 2017-08-24 13:31:58 -06:00
openrisc Documentation: openrisc: Updates to README 2017-10-30 21:37:53 +09:00
parisc
PCI PCI: Update location of pci.ids file 2018-02-22 15:00:43 -06:00
pcmcia
perf drivers/bus: Move Arm CCN PMU driver 2018-03-06 17:26:15 +01:00
phy
platform
power firmware: Fix firmware documentation for recent file renames 2018-04-23 13:03:26 +02:00
powerpc
pps drivers/pps: aesthetic tweaks to PPS-related content 2017-09-08 18:26:51 -07:00
process staging: irda: remove remaining remants of irda code removal 2018-04-16 11:26:49 +02:00
pti
ptp ptp: Fix documentation to match code. 2018-03-26 12:13:21 -04:00
rapidio Documentation: rapidio: move sysfs interface to ABI 2018-02-23 08:25:45 -07:00
RCU Merge branches 'cond_resched.2017.12.04a', 'dyntick.2017.11.28a', 'fixes.2017.12.11a', 'srbd.2017.12.05a' and 'torture.2017.12.11a' into HEAD 2017-12-11 09:21:58 -08:00
s390 vfio-ccw: update documentation 2018-03-01 17:32:14 +01:00
scheduler sched/deadline: Fix the description of runtime accounting in the documentation 2017-11-16 09:00:35 +01:00
scsi scsi: documentation: Obsolete documentation references 2018-03-21 18:34:20 -04:00
security selinux: Update SELinux SCTP documentation 2018-03-20 16:26:15 -04:00
serial
sh
sound sound updates for 4.15-rc1 2017-11-14 18:01:46 -08:00
sparc sparc64: Add support for ADI (Application Data Integrity) 2018-03-18 07:38:48 -07:00
sphinx MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04 06:21:06 -04:00
sphinx-static
spi
sysctl taint: add taint for randstruct 2018-04-11 10:28:35 -07:00
target
thermal thermal: Add cooling device's statistics in sysfs 2018-04-02 21:49:01 +08:00
timers sched/isolation: Eliminate NO_HZ_FULL_ALL 2018-02-15 15:40:37 -08:00
trace Revert: Unify CLOCK_MONOTONIC and CLOCK_BOOTTIME 2018-04-26 14:53:32 +02:00
translations MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04 06:21:06 -04:00
usb Documentation updates for 4.16. New stuff includes refcount_t 2018-01-31 19:25:25 -08:00
userspace-api
virtual kvm: rename KVM_HINTS_DEDICATED to KVM_HINTS_REALTIME 2018-05-17 19:12:13 +02:00
vm page cache: use xa_lock 2018-04-11 10:28:39 -07:00
w1 Documentation updates for 4.16. New stuff includes refcount_t 2018-01-31 19:25:25 -08:00
watchdog watchdog: remove bfin_wdt driver 2018-03-26 15:57:04 +02:00
wimax
x86 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-04-15 16:12:35 -07:00
xtensa xtensa: add support for KASAN 2017-12-16 22:37:12 -08:00
.gitignore
00-INDEX CRIS: Drop support for the CRIS port 2018-03-16 10:56:05 +01:00
atomic_bitops.txt locking/atomic/bitops: Document and clarify ordering semantics for failed test_and_{}_bit() 2018-02-13 14:55:53 +01:00
atomic_t.txt Documentation/locking/atomic: Finish the document... 2017-08-25 11:06:33 +02:00
bcache.txt
bt8xxgpio.txt
btmrvl.txt
bus-virt-phys-mapping.txt
cachetlb.txt
cgroup-v2.txt cgroup, docs: document the root cgroup behavior of cpu and io controllers 2018-01-16 08:07:09 -08:00
Changes
circular-buffers.txt doc: De-emphasize smp_read_barrier_depends 2017-12-05 11:57:53 -08:00
clearing-warn-once.txt kernel debug: support resetting WARN*_ONCE 2017-11-17 16:10:00 -08:00
clk.txt Documentation: clk: enable lock is not held for clk_is_enabled API 2018-03-16 15:44:43 -07:00
CodingStyle
conf.py docs: Remove "could not extract kernel version" warning 2017-12-11 15:20:04 -07:00
cpu-load.txt
cputopology.txt
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
digsig.txt
DMA-API-HOWTO.txt
DMA-API.txt dma-coherent: remove the DMA_MEMORY_MAP and DMA_MEMORY_IO flags 2017-09-01 11:59:17 +02:00
DMA-attributes.txt
DMA-ISA-LPC.txt
docutils.conf
dontdiff
efi-stub.txt
eisa.txt
flexible-arrays.txt
futex-requeue-pi.txt
gcc-plugins.txt
highuid.txt
hw_random.txt
hwspinlock.txt
index.rst Documentation: add Linux tracing to Sphinx TOC tree 2018-03-07 10:22:53 -07:00
intel_txt.txt
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt
iostats.txt
IPMI.txt ipmi: Make IPMI panic strings always available 2017-09-27 16:03:45 -05:00
IRQ-affinity.txt
IRQ-domain.txt irqdomain: Kill CONFIG_IRQ_DOMAIN_DEBUG 2018-01-24 12:32:58 +01:00
IRQ.txt
irqflags-tracing.txt
isa.txt
isapnp.txt
kernel-per-CPU-kthreads.txt
kobject.txt
kprobes.txt kprobes/docs: Remove jprobes related documents 2017-10-20 11:02:55 +02:00
kref.txt
ldm.txt
lockup-watchdogs.txt
logo.gif
logo.txt
lsm.txt
lzo.txt
mailbox.txt
Makefile Documentation: add script and build target to check for broken file references 2017-10-12 11:07:42 -06:00
memory-barriers.txt locking/memory-barriers: De-emphasize smp_read_barrier_depends() some more 2018-03-10 10:22:22 +01:00
memory-hotplug.txt
men-chameleon-bus.txt
nommu-mmap.txt
ntb.txt
numastat.txt
padata.txt
parport-lowlevel.txt
percpu-rw-semaphore.txt
phy.txt
pi-futex.txt Documentation: fix locking rt-mutex doc refs 2017-10-19 12:56:44 -06:00
pnp.txt
preempt-locking.txt
pwm.txt
rbtree.txt rbtree: cache leftmost node internally 2017-09-08 18:26:48 -07:00
remoteproc.txt
rfkill.txt
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt
rtc.txt Documentation: rtc: move iotcl interface documentation to ABI 2018-01-12 00:20:41 +01:00
SAK.txt
sgi-ioc4.txt
siphash.txt
SM501.txt
smsc_ece1099.txt
speculation.txt Documentation: Document array_index_nospec 2018-01-30 21:54:28 +01:00
static-keys.txt
SubmittingPatches
svga.txt documentation/svga.txt: update outdated file 2017-11-20 10:45:50 -07:00
switchtec.txt NTB: switchtec_ntb: Update switchtec documentation with notes for NTB 2017-11-18 20:37:13 -05:00
sync_file.txt
tee.txt
this_cpu_ops.txt
unaligned-memory-access.txt
vfio-mediated-device.txt
vfio.txt
video-output.txt
xillybus.txt
xz.txt
zorro.txt