p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
663,474 Commits 2 Branches 0 Tags 3.6 GiB
C 97.1%
Assembly 1.1%
C++ 0.6%
Shell 0.4%
Makefile 0.3%
Other 0.3%
Go to file
Cong Wang 073c516ff7 nsfs: mark dentry with DCACHE_RCUACCESS 
Andrey reported a use-after-free in __ns_get_path():

  spin_lock include/linux/spinlock.h:299 [inline]
  lockref_get_not_dead+0x19/0x80 lib/lockref.c:179
  __ns_get_path+0x197/0x860 fs/nsfs.c:66
  open_related_ns+0xda/0x200 fs/nsfs.c:143
  sock_ioctl+0x39d/0x440 net/socket.c:1001
  vfs_ioctl fs/ioctl.c:45 [inline]
  do_vfs_ioctl+0x1bf/0x1780 fs/ioctl.c:685
  SYSC_ioctl fs/ioctl.c:700 [inline]
  SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691

We are under rcu read lock protection at that point:

        rcu_read_lock();
        d = atomic_long_read(&ns->stashed);
        if (!d)
                goto slow;
        dentry = (struct dentry *)d;
        if (!lockref_get_not_dead(&dentry->d_lockref))
                goto slow;
        rcu_read_unlock();

but don't use a proper RCU API on the free path, therefore a parallel
__d_free() could free it at the same time.  We need to mark the stashed
dentry with DCACHE_RCUACCESS so that __d_free() will be called after all
readers leave RCU.

Fixes: e149ed2b80 ("take the targets of /proc/*/ns/* symlinks to separate fs")
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2017-04-19 15:56:24 -07:00
Documentation Driver core fixes for 4.11-rc6 2017-04-09 09:03:51 -07:00
arch sparc64: Fix hugepage page table free 2017-04-18 13:11:07 -07:00
block blk-mq: Restart a single queue if tag sets are shared 2017-04-07 12:40:09 -06:00
certs certs: Add a secondary system keyring that can be added to dynamically 2016-04-11 22:48:09 +01:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-04-18 09:03:50 -07:00
drivers backlight: pwm_bl: Fix GPIO out for unimplemented .get_direction() 2017-04-19 14:45:51 -07:00
firmware WHENCE: use https://linuxtv.org for LinuxTV URLs 2015-12-04 10:35:11 -02:00
fs nsfs: mark dentry with DCACHE_RCUACCESS 2017-04-19 15:56:24 -07:00
include Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-04-18 09:03:50 -07:00
init mm: move mm_percpu_wq initialization earlier 2017-03-31 17:13:30 -07:00
ipc Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-03 10:16:38 -08:00
kernel Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2017-04-18 13:56:51 -07:00
lib sparc64: Use LOCKDEP_SMALL, not PROVE_LOCKING_SMALL 2017-04-18 13:11:07 -07:00
mm mm: make mm_percpu_wq non freezable 2017-04-19 15:53:48 -07:00
net ipv6: drop non loopback packets claiming to originate from ::1 2017-04-17 15:09:23 -04:00
samples statx: Include a mask for stx_attributes in struct statx 2017-04-03 01:06:00 -04:00
scripts Kbuild fixes for v4.11 2017-04-05 08:37:28 -07:00
security Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-03 10:16:38 -08:00
sound ALSA: hda - fix a problem for lineout on a Dell AIO machine 2017-03-31 10:58:26 +02:00
tools While testing my development branch, without the fix for the pid use 2017-04-18 10:19:47 -07:00
usr kbuild: initramfs cleanup, set target from Kconfig 2017-01-05 09:40:16 -08:00
virt KVM/ARM Fixes for v4.11-rc6 2017-04-05 16:27:47 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Add hch to .get_maintainer.ignore 2015-08-21 14:30:10 -07:00
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Merge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2016-08-02 16:48:52 -04:00
.mailmap mailmap: add Martin Kepplinger's email 2017-04-13 18:24:21 -07:00
COPYING
CREDITS MAINTAINERS: Remove old e-mail address 2017-02-13 12:24:56 -05:00
Kbuild scripts/gdb: provide linux constants 2016-05-23 17:04:14 -07:00
Kconfig
MAINTAINERS virtio: oops fixes 2017-04-14 08:49:39 -07:00
Makefile Linux 4.11-rc7 2017-04-16 13:00:18 -07:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.