shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-08 22:23:19 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
1ab0607b48fdcbac787b073f845f2ef529d4e936
linux/kernel
History
Thomas Gleixner 1ab0607b48 futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1) 
commit e9c243a5a6 upstream.

If uaddr == uaddr2, then we have broken the rule of only requeueing from
a non-pi futex to a pi futex with this call.  If we attempt this, then
dangling pointers may be left for rt_waiter resulting in an exploitable
condition.

This change brings futex_requeue() in line with futex_wait_requeue_pi()
which performs the same check as per commit 6f7b0a2a5c ("futex: Forbid
uaddr == uaddr2 in futex_wait_requeue_pi()")

[ tglx: Compare the resulting keys as well, as uaddrs might be
  	different depending on the mapping ]

Fixes CVE-2014-3153.

Reported-by: Pinkie Pie
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-07 10:28:29 -07:00
..
cpu
sched/preempt: Fix up missed PREEMPT_NEED_RESCHED folding
2014-01-13 17:38:55 +01:00
debug
kgdb/kdb: Fix no KDB config problem
2014-01-25 08:55:09 +01:00
events
perf: Fix hotplug splat
2014-02-27 12:38:03 +01:00
gcov
gcov: reuse kbasename helper
2013-11-13 12:09:34 +09:00
irq
genirq: Allow forcing cpu affinity of interrupts
2014-06-07 10:28:08 -07:00
locking
rtmutex: Fix deadlock detector for real
2014-06-07 10:28:07 -07:00
power
arm, pm, vmpressure: add missing slab.h includes
2014-02-03 13:24:01 -05:00
printk
printk: fix syslog() overflowing user buffer
2014-02-17 12:24:45 -08:00
rcu
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-01-28 08:38:04 -08:00
sched
sched/clock: Prevent tracing recursion in sched_clock_cpu()
2014-03-11 11:33:48 +01:00
time
tick-sched: Check tick_nohz_enabled in tick_nohz_switch_to_nohz()
2014-05-31 13:20:28 -07:00
trace
ftrace/module: Hardcode ftrace_module_init() call into load_module()
2014-06-07 10:28:07 -07:00
.gitignore
Ignore generated file kernel/x509_certificate_list
2013-12-10 18:21:34 +00:00
acct.c
fs: Fix hang with BSD accounting on frozen filesystem
2013-05-04 14:57:58 -04:00
async.c
async: rename and redefine async_func_ptr
2013-03-12 13:59:14 -07:00
audit_tree.c
inotify: Fix reporting of cookies for inotify events
2014-02-18 11:17:17 +01:00
audit_watch.c
inotify: Fix reporting of cookies for inotify events
2014-02-18 11:17:17 +01:00
audit.c
audit: convert PPIDs to the inital PID namespace.
2014-05-31 13:20:27 -07:00
audit.h
audit: Use struct net not pid_t to remember the network namespce to reply in
2014-02-28 04:04:33 -08:00
auditfilter.c
audit: Update kdoc for audit_send_reply and audit_list_rules_send
2014-03-08 15:31:54 -08:00
auditsc.c
audit: convert PPIDs to the inital PID namespace.
2014-05-31 13:20:27 -07:00
backtracetest.c
bounds.c
mm: do not allocate page->ptl dynamically, if spinlock_t fits to long
2013-12-20 12:25:45 -08:00
capability.c
audit: Simplify and correct audit_log_capset
2014-01-13 22:26:48 -05:00
cgroup_freezer.c
cgroup: replace cftype->read_seq_string() with cftype->seq_show()
2013-12-05 12:28:04 -05:00
cgroup.c
cgroup: fix a failure path in create_css()
2014-03-18 17:15:36 -04:00
compat.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal
2013-05-01 07:21:43 -07:00
configs.c
proc: Supply PDE attribute setting accessor functions
2013-05-01 17:29:18 -04:00
context_tracking.c
context_tracking: Wrap static key check into more intuitive function name
2013-12-02 20:43:14 +01:00
cpu_pm.c
kernel/cpu_pm.c: fix various typos
2012-05-31 17:49:27 -07:00
cpu.c
Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2013-11-14 16:55:11 +09:00
cpuset.c
cpuset: fix a race condition in __cpuset_node_allowed_softwall()
2014-02-27 09:39:54 -05:00
crash_dump.c
Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux
2011-11-06 19:44:47 -08:00
cred.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2012-12-18 10:55:28 -08:00
delayacct.c
kernel/delayacct.c: remove redundant checking in __delayacct_add_tsk()
2013-11-13 12:09:12 +09:00
dma.c
Remove all #inclusions of asm/system.h
2012-03-28 18:30:03 +01:00
elfcore.c
switch elf_core_write_extra_phdrs() to dump_emit()
2013-11-09 00:16:23 -05:00
exec_domain.c
exit.c
exit: call disassociate_ctty() before exit_task_namespaces()
2014-04-26 17:19:07 -07:00
extable.c
kernel/extable: fix address-checks for core_kernel and init areas
2013-11-28 09:49:41 -08:00
fork.c
exec: kill task_struct->did_exec
2014-01-23 16:37:02 -08:00
freezer.c
libata, freezer: avoid block device removal while system is frozen
2013-12-19 13:50:32 -05:00
futex_compat.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal
2013-02-23 18:50:11 -08:00
futex.c
futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1)
2014-06-07 10:28:29 -07:00
groups.c
userns: Kill nsown_capable it makes the wrong thing easy
2013-08-30 23:44:11 -07:00
hrtimer.c
hrtimer: Set expiry time before switch_hrtimer_base()
2014-06-07 10:28:12 -07:00
hung_task.c
hung_task: Display every hung task warning
2014-01-25 12:13:33 +01:00
irq_work.c
Merge branch 'nohz/printk-v8' into irq/core
2013-02-05 00:48:46 +01:00
itimer.c
itimer: Use printk_once instead of WARN_ONCE
2012-04-10 11:00:30 +02:00
jump_label.c
static_key: WARN on usage before jump_label_init was called
2013-10-19 19:45:35 -04:00
kallsyms.c
kernel: kallsyms: memory override issue, need check destination buffer length
2013-04-15 15:17:26 +09:30
kcmp.c
kcmp: include linux/ptrace.h
2012-12-20 17:40:19 -08:00
Kconfig.freezer
Kconfig.hz
kernel: remove CONFIG_USE_GENERIC_SMP_HELPERS
2013-11-15 09:32:22 +09:00
Kconfig.locks
locking: Fix copy/paste errors of "ARCH_INLINE_*_UNLOCK_BH"
2013-05-28 08:50:00 +02:00
Kconfig.preempt
locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage
2012-03-23 13:18:57 +01:00
kexec.c
powerpc, kexec: Fix "Processor X is stuck" issue during kexec from ST mode
2014-06-07 10:28:28 -07:00
kmod.c
execve: use 'struct filename *' for executable name passing
2014-02-05 12:54:53 -08:00
kprobes.c
kprobes: use KSYM_NAME_LEN to size identifier buffers
2013-11-13 12:09:26 +09:00
ksysfs.c
kdump: fix exported size of vmcoreinfo note
2014-01-23 16:37:03 -08:00
kthread.c
kthread: make kthread_create() killable
2013-11-13 12:08:59 +09:00
latencytop.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
Makefile
KEYS: Remove files generated when SYSTEM_TRUSTED_KEYRING=y
2013-12-13 15:59:11 +00:00
module_signing.c
keys: change asymmetric keys to use common hash definitions
2013-10-25 17:15:18 -04:00
module-internal.h
KEYS: Separate the kernel signature checking keyring from module signing
2013-09-25 17:17:01 +01:00
module.c
module: remove warning about waiting module removal.
2014-06-07 10:28:11 -07:00
notifier.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
nsproxy.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2013-09-07 14:35:32 -07:00
padata.c
padata: Fix wrong usage of rcu_dereference()
2013-12-05 21:28:42 +08:00
panic.c
panic: Make panic_timeout configurable
2013-11-26 12:12:26 +01:00
params.c
params: improve standard definitions
2013-12-04 14:09:46 +10:30
pid_namespace.c
pid_namespace: pidns_get() should check task_active_pid_ns() != NULL
2014-04-26 17:19:04 -07:00
pid.c
pidns: fix free_pid() to handle the first fork failure
2013-09-30 14:31:03 -07:00
posix-cpu-timers.c
posix-timers: Convert abuses of BUG_ON to WARN_ON
2013-12-09 16:56:29 +01:00
posix-timers.c
posix-timers: Remove unused variable
2013-04-18 12:51:19 +02:00
profile.c
mm: fix GFP_THISNODE callers and clarify
2014-03-10 17:26:19 -07:00
ptrace.c
exec/ptrace: fix get_dumpable() incorrect tests
2013-11-13 12:09:33 +09:00
range.c
range: Do not add new blank slot with add_range_with_merge
2013-06-18 11:32:10 -05:00
reboot.c
kexec: migrate to reboot cpu
2013-12-18 19:04:50 -08:00
relay.c
kernel: delete __cpuinit usage from all core kernel files
2013-07-14 19:36:59 -04:00
res_counter.c
memcg: reduce function dereference
2013-09-12 15:38:02 -07:00
resource.c
kernel/resource.c: remove the unneeded assignment in function __find_resource
2013-07-03 16:08:06 -07:00
seccomp.c
seccomp: allow BPF_XOR based ALU instructions.
2013-03-26 11:07:19 +11:00
signal.c
kernel/signal.c: change do_signal_stop/do_sigaction to use while_each_thread()
2014-01-23 16:37:02 -08:00
smp.c
kernel/smp.c: remove cpumask_ipi
2014-01-30 16:56:54 -08:00
smpboot.c
kernel: delete __cpuinit usage from all core kernel files
2013-07-14 19:36:59 -04:00
smpboot.h
smpboot: Provide infrastructure for percpu hotplug threads
2012-08-13 17:01:07 +02:00
softirq.c
Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2014-01-31 09:02:51 -08:00
stacktrace.c
kernel: Map most files to use export.h instead of module.h
2011-10-31 09:20:12 -04:00
stop_machine.c
stop_machine: Fix^2 race between stop_two_cpus() and stop_cpus()
2014-03-11 11:33:47 +01:00
sys_ni.c
unify compat fanotify_mark(2), switch to COMPAT_SYSCALL_DEFINE
2013-05-09 13:46:38 -04:00
sys.c
kernel/sys.c: k_getrusage() can use while_each_thread()
2014-01-23 16:37:02 -08:00
sysctl_binary.c
kernel/sysctl_binary.c: use scnprintf() instead of snprintf()
2013-11-13 12:09:33 +09:00
sysctl.c
hung_task: check the value of "sysctl_hung_task_timeout_sec"
2014-05-06 07:59:35 -07:00
system_certificates.S
KEYS: correct alignment of system_certificate_list content in assembly file
2013-12-10 18:25:28 +00:00
system_keyring.c
KEYS: correct alignment of system_certificate_list content in assembly file
2013-12-10 18:25:28 +00:00
task_work.c
task_work: documentation
2013-09-11 15:58:27 -07:00
taskstats.c
genetlink: only pass array to genl_register_family_with_ops()
2013-11-19 16:39:05 -05:00
test_kprobes.c
kernel/: rename random32() to prandom_u32()
2013-04-29 18:28:42 -07:00
time.c
sched: Rename sched.c as sched/core.c in comments and Documentation
2013-06-19 12:58:42 +02:00
timeconst.bc
kernel: Replace timeconst.pl with a bc script
2013-02-16 23:17:25 +01:00
timer.c
timer: Prevent overflow in apply_slack
2014-06-07 10:28:09 -07:00
tracepoint.c
tracepoint: Do not waste memory on mods with no tracepoints
2014-05-31 13:20:28 -07:00
tsacct.c
cputime: Use accessors to read task cputime stats
2013-01-27 19:23:31 +01:00
uid16.c
userns: Kill nsown_capable it makes the wrong thing easy
2013-08-30 23:44:11 -07:00
up.c
kernel: provide a __smp_call_function_single stub for !CONFIG_SMP
2013-11-15 09:32:22 +09:00
user_namespace.c
user namespace: fix incorrect memory barriers
2014-04-26 17:19:02 -07:00
user-return-notifier.c
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
user.c
KEYS: fix uninitialized persistent_keyring_register_sem
2013-12-13 15:59:11 +00:00
utsname_sysctl.c
kernel/utsname_sysctl.c: put get/get_uts() into CONFIG_PROC_SYSCTL code block
2013-02-27 19:10:22 -08:00
utsname.c
userns: Kill nsown_capable it makes the wrong thing easy
2013-08-30 23:44:11 -07:00
watchdog.c
watchdog: update watchdog_thresh properly
2013-09-24 17:00:25 -07:00
workqueue_internal.h
sched: Rename sched.c as sched/core.c in comments and Documentation
2013-06-19 12:58:42 +02:00
workqueue.c
workqueue: make rescuer_thread() empty wq->maydays list before exiting
2014-06-07 10:28:22 -07:00