asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Kernel sources for Moto G9 (Play) (Guamp)
808214 commits 1 branch 0 tags 1.7 GiB
C 98.1%
Assembly 1.2%
Makefile 0.3%
Shell 0.1%
Find a file
Xin Long f46826a6fc tipc: add an extra conn_get in tipc_conn_alloc 
[ Upstream commit a7b42969d63f47320853a802efd879fbdc4e010e ]

One extra conn_get() is needed in tipc_conn_alloc(), as after
tipc_conn_alloc() is called, tipc_conn_close() may free this
con before deferencing it in tipc_topsrv_accept():

   tipc_conn_alloc();
   newsk = newsock->sk;
                                 <---- tipc_conn_close();
   write_lock_bh(&sk->sk_callback_lock);
   newsk->sk_data_ready = tipc_conn_data_ready;

Then an uaf issue can be triggered:

  BUG: KASAN: use-after-free in tipc_topsrv_accept+0x1e7/0x370 [tipc]
  Call Trace:
   <TASK>
   dump_stack_lvl+0x33/0x46
   print_report+0x178/0x4b0
   kasan_report+0x8c/0x100
   kasan_check_range+0x179/0x1e0
   tipc_topsrv_accept+0x1e7/0x370 [tipc]
   process_one_work+0x6a3/0x1030
   worker_thread+0x8a/0xdf0

This patch fixes it by holding it in tipc_conn_alloc(), then after
all accessing in tipc_topsrv_accept() releasing it. Note when does
this in tipc_topsrv_kern_subscr(), as tipc_conn_rcv_sub() returns
0 or -1 only, we don't need to check for "> 0".

Fixes: c5fa7b3cf3 ("tipc: introduce new TIPC server infrastructure")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-12-08 11:18:30 +01:00
arch ARM: mxs: fix memory leak in mxs_machine_init() 2022-12-08 11:18:29 +01:00
block block: sed-opal: kmalloc the cmd/resp buffers 2022-11-25 17:40:23 +01:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-25 11:49:16 +02:00
crypto crypto: drbg - make reseeding from get_random_bytes() synchronous 2022-06-25 11:49:13 +02:00
Documentation docs: update mediator contact information in CoC doc 2022-11-25 17:40:28 +01:00
drivers net/mlx5: Fix FW tracer timestamp calculation 2022-12-08 11:18:29 +01:00
firmware Fix built-in early-load Intel microcode alignment 2020-01-23 08:21:29 +01:00
fs ntfs: check overflow when iterating ATTR_RECORDs 2022-11-25 17:40:30 +01:00
include audit: fix undefined behavior in bit shift for AUDIT_BIT 2022-12-08 11:18:28 +01:00
init random: handle latent entropy and command line from random_init() 2022-06-25 11:49:11 +02:00
ipc shm: extend forced shm destroy to support objects from several IPC nses 2021-12-08 08:50:11 +01:00
kernel ring_buffer: Do not deactivate non-existant pages 2022-11-25 17:40:25 +01:00
lib dyndbg: let query-modname override actual module name 2022-10-26 13:19:31 +02:00
LICENSES LICENSES: Remove CC-BY-SA-4.0 license text 2018-10-18 11:28:50 +02:00
mm mm: fs: initialize fsdata passed to write_begin/write_end interface 2022-11-25 17:40:29 +01:00
net tipc: add an extra conn_get in tipc_conn_alloc 2022-12-08 11:18:30 +01:00
samples samples/kretprobes: Fix return value if register_kretprobe() failed 2021-11-26 11:36:11 +01:00
scripts cert host tools: Stop complaining about deprecated OpenSSL functions 2022-11-25 17:40:20 +01:00
security capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 2022-11-10 17:46:55 +01:00
sound ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove 2022-12-08 11:18:29 +01:00
tools selftests/intel_pstate: fix build for ARCH=x86_64 2022-11-25 17:40:21 +01:00
usr initramfs: restore default compression behavior 2020-04-13 10:44:59 +02:00
virt KVM: arm64: vgic: Fix exit condition in scan_its_table() 2022-11-03 23:52:24 +09:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap libnvdimm-for-4.19_misc 2018-08-25 18:13:10 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS MAINTAINERS: co-maintain random.c 2022-06-25 11:49:01 +02:00
Makefile Linux 4.19.267 2022-11-25 17:40:30 +01:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.