shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-08 03:40:35 +09:00
Code Issues Packages Projects Releases Wiki Activity
986,151 Commits 55 Branches 2,486 Tags
841ee1fff741ce102b13889949160d1d47f4cda4
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Christian Brauner 841ee1fff7 UPSTREAM: close_range: unshare all fds for CLOSE_RANGE_UNSHARE | CLOSE_RANGE_CLOEXEC 
After introducing CLOSE_RANGE_CLOEXEC syzbot reported a crash when
CLOSE_RANGE_CLOEXEC is specified in conjunction with CLOSE_RANGE_UNSHARE.
When CLOSE_RANGE_UNSHARE is specified the caller will receive a private
file descriptor table in case their file descriptor table is currently
shared.

For the case where the caller has requested all file descriptors to be
actually closed via e.g. close_range(3, ~0U, 0) the kernel knows that
the caller does not need any of the file descriptors anymore and will
optimize the close operation by only copying all files in the range from
0 to 3 and no others.

However, if the caller requested CLOSE_RANGE_CLOEXEC together with
CLOSE_RANGE_UNSHARE the caller wants to still make use of the file
descriptors so the kernel needs to copy all of them and can't optimize.

The original patch didn't account for this and thus could cause oopses
as evidenced by the syzbot report because it assumed that all fds had
been copied. Fix this by handling the CLOSE_RANGE_CLOEXEC case.

syzbot reported
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:71 [inline]
BUG: KASAN: null-ptr-deref in atomic64_read include/asm-generic/atomic-instrumented.h:837 [inline]
BUG: KASAN: null-ptr-deref in atomic_long_read include/asm-generic/atomic-long.h:29 [inline]
BUG: KASAN: null-ptr-deref in filp_close+0x22/0x170 fs/open.c:1274
Read of size 8 at addr 0000000000000077 by task syz-executor511/8522

CPU: 1 PID: 8522 Comm: syz-executor511 Not tainted 5.10.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 __kasan_report mm/kasan/report.c:549 [inline]
 kasan_report.cold+0x5/0x37 mm/kasan/report.c:562
 check_memory_region_inline mm/kasan/generic.c:186 [inline]
 check_memory_region+0x13d/0x180 mm/kasan/generic.c:192
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 atomic64_read include/asm-generic/atomic-instrumented.h:837 [inline]
 atomic_long_read include/asm-generic/atomic-long.h:29 [inline]
 filp_close+0x22/0x170 fs/open.c:1274
 close_files fs/file.c:402 [inline]
 put_files_struct fs/file.c:417 [inline]
 put_files_struct+0x1cc/0x350 fs/file.c:414
 exit_files+0x12a/0x170 fs/file.c:435
 do_exit+0xb4f/0x2a00 kernel/exit.c:818
 do_group_exit+0x125/0x310 kernel/exit.c:920
 get_signal+0x428/0x2100 kernel/signal.c:2792
 arch_do_signal_or_restart+0x2a8/0x1eb0 arch/x86/kernel/signal.c:811
 handle_signal_work kernel/entry/common.c:147 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x124/0x200 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:302
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x447039
Code: Unable to access opcode bytes at RIP 0x44700f.
RSP: 002b:00007f1b1225cdb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 00000000006dbc28 RCX: 0000000000447039
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00000000006dbc2c
RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
R13: 00007fff223b6bef R14: 00007f1b1225d9c0 R15: 00000000006dbc2c
==================================================================

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+96cfd2b22b3213646a93@syzkaller.appspotmail.com

Tested on:

commit:         10f7cddd selftests/core: add regression test for CLOSE_RAN..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git vfs
kernel config:  https://syzkaller.appspot.com/x/.config?x=5d42216b510180e3
dashboard link: https://syzkaller.appspot.com/bug?extid=96cfd2b22b3213646a93
compiler:       gcc (GCC) 10.1.0-syz 20200507

Reported-by: syzbot+96cfd2b22b3213646a93@syzkaller.appspotmail.com
Fixes: 582f1fb6b7 ("fs, close_range: add flag CLOSE_RANGE_CLOEXEC")
Cc: Giuseppe Scrivano <gscrivan@redhat.com>
Cc: linux-fsdevel@vger.kernel.org
Link: https://lore.kernel.org/r/20201217213303.722643-1-christian.brauner@ubuntu.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
(cherry picked from commit fec8a6a691)
Bug: 216276716
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I0c6bbd8a46b93293c212fff08728514915d5c690
2022-01-25 21:20:27 +00:00
android
Revert "ANDROID: GKI: update virtual device symbol list"
2022-01-24 22:34:42 +00:00
arch
ANDROID: arch/Kconfig: fix up LTO LLVM_IAS depdency
2022-01-25 01:20:50 -08:00
block
Merge 5.10.88 into android13-5.10
2021-12-29 13:18:16 +01:00
certs
certs: Trigger creation of RSA module signing key if it's not an RSA key
2021-09-15 09:50:29 +02:00
crypto
ANDROID: fips140: add userspace interface for evaluation testing
2021-11-22 18:16:49 +00:00
Documentation
BACKPORT: scripts/Makefile.clang: default to LLVM_IAS=1
2022-01-25 01:20:50 -08:00
drivers
UPSTREAM: coresight: trbe: Defer the probe on offline CPUs
2022-01-24 17:42:01 +00:00
fs
UPSTREAM: close_range: unshare all fds for CLOSE_RANGE_UNSHARE | CLOSE_RANGE_CLOEXEC
2022-01-25 21:20:27 +00:00
include
UPSTREAM: fs, close_range: add flag CLOSE_RANGE_CLOEXEC
2022-01-25 21:20:17 +00:00
init
ANDROID: GKI: Do not force select MODULE_SIG_ALL
2022-01-14 19:57:16 +00:00
ipc
shm: extend forced shm destroy to support objects from several IPC nses
2021-12-01 09:19:10 +01:00
kernel
Merge 5.10.93 into android13-5.10
2022-01-20 09:35:27 +01:00
lib
Merge 5.10.84 into android13-5.10
2021-12-08 09:44:28 +01:00
LICENSES
LICENSES/deprecated: add Zlib license text
2020-09-16 14:33:49 +02:00
mm
UPSTREAM: mm: move anon_vma declarations to linux/mm_inline.h
2022-01-18 14:27:45 -08:00
net
Merge 5.10.92 into android13-5.10
2022-01-19 14:47:43 +01:00
samples
Merge 5.10.91 into android13-5.10
2022-01-11 15:45:50 +01:00
scripts
BACKPORT: scripts/Makefile.clang: default to LLVM_IAS=1
2022-01-25 01:20:50 -08:00
security
Merge 5.10.90 into android13-5.10
2022-01-06 08:31:22 +01:00
sound
Merge 5.10.93 into android13-5.10
2022-01-20 09:35:27 +01:00
tools
FROMGIT: tools/resolve_btfids: Build with host flags
2022-01-18 18:00:57 +00:00
usr
Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-08-07 13:29:39 -07:00
virt
Merge 5.10.88 into android13-5.10
2021-12-29 13:18:16 +01:00
.clang-format
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
2020-10-17 11:18:18 -07:00
.cocciconfig
.get_maintainer.ignore
Opt out of scripts/get_maintainer.pl
2019-05-16 10:53:40 -07:00
.gitattributes
.gitattributes: use 'dts' diff driver for dts files
2019-12-04 19:44:11 -08:00
.gitignore
Merge 5.10.38 into android12-5.10
2021-05-20 15:35:25 +02:00
.mailmap
mailmap: add two more addresses of Uwe Kleine-König
2020-12-06 10:19:07 -08:00
BUILD.bazel
ANDROID: kleaf: drop toolchain_version = CLANG_VERSION
2022-01-11 09:19:04 +00:00
build.config.aarch64
ANDROID: remove more stale variables from build.config files
2022-01-25 21:16:33 +00:00
build.config.allmodconfig
ANDROID: build.config.allmodconfig: Enable hermetic builds
2021-10-22 06:15:36 +00:00
build.config.allmodconfig.aarch64
ANDROID: drop KERNEL_DIR setting in build.config.common
2020-08-31 15:20:37 +00:00
build.config.allmodconfig.arm
ANDROID: drop KERNEL_DIR setting in build.config.common
2020-08-31 15:20:37 +00:00
build.config.allmodconfig.x86_64
ANDROID: drop KERNEL_DIR setting in build.config.common
2020-08-31 15:20:37 +00:00
build.config.amlogic
ANDROID: GKI: amlogic: add DTB overlays
2021-02-12 10:08:04 +01:00
build.config.arm
ANDROID: remove more stale variables from build.config files
2022-01-25 21:16:33 +00:00
build.config.common
ANDROID: move CLANG_VERSION definition to build.config.constants
2021-12-12 20:11:25 +00:00
build.config.constants
ANDROID: clang: update to 14.0.1
2022-01-10 11:54:24 +00:00
build.config.db845c
ANDROID: db845c: Fix up db845c build with symbol strict mode
2021-09-23 14:35:29 +00:00
build.config.gki
ANDROID: gki: Removed cf modules from gki_defconfig
2020-02-01 00:27:50 +00:00
build.config.gki_kasan
ANDROID: build.configs: migrate away from CC_LD_ARG
2021-07-02 09:50:13 +00:00
build.config.gki_kasan.aarch64
ANDROID: drop KERNEL_DIR setting in build.config.common
2020-08-31 15:20:37 +00:00
build.config.gki_kasan.x86_64
ANDROID: drop KERNEL_DIR setting in build.config.common
2020-08-31 15:20:37 +00:00
build.config.gki_kprobes
ANDROID: build.configs: migrate away from CC_LD_ARG
2021-07-02 09:50:13 +00:00
build.config.gki_kprobes.aarch64
ANDROID: Adding kprobes build configs for Cuttlefish
2021-03-03 02:03:02 +00:00
build.config.gki_kprobes.x86_64
ANDROID: Adding kprobes build configs for Cuttlefish
2021-03-03 02:03:02 +00:00
build.config.gki-debug.aarch64
ANDROID: drop KERNEL_DIR setting in build.config.common
2020-08-31 15:20:37 +00:00
build.config.gki-debug.x86_64
ANDROID: drop KERNEL_DIR setting in build.config.common
2020-08-31 15:20:37 +00:00
build.config.gki.aarch64
ANDROID: GKI: Enable system_dlkm build for gki
2022-01-14 19:58:15 +00:00
build.config.gki.aarch64.fips140
ANDROID: Fips 140: move fips symbols entirely in own list
2021-06-11 15:04:07 +00:00
build.config.gki.aarch64.fips140_eval_testing
ANDROID: fips140: support "evaluation testing" builds via build.sh
2021-11-30 17:55:09 +00:00
build.config.gki.x86_64
ANDROID: GKI: Enable system_dlkm build for gki
2022-01-14 19:58:15 +00:00
build.config.hikey960
ANDROID: hikey960: Fix up HiKey960 build with symbol strict mode
2021-09-29 18:33:26 +00:00
build.config.khwasan
ANDROID: Add a build config fragment for KHWASan.
2021-04-06 10:01:56 +00:00
build.config.rockpi4
ANDROID: Build LZ4 ramdisk for rockpi4
2021-04-16 17:47:43 +00:00
build.config.x86_64
ANDROID: remove more stale variables from build.config files
2022-01-25 21:16:33 +00:00
COPYING
COPYING: state that all contributions really are covered by this file
2020-02-10 13:32:20 -08:00
CREDITS
MAINTAINERS: Move Jason Cooper to CREDITS
2020-11-30 10:20:34 +01:00
Kbuild
kbuild: rename hostprogs-y/always to hostprogs/always-y
2020-02-04 01:53:07 +09:00
Kconfig
kbuild: ensure full rebuild when the compiler is updated
2020-05-12 13:28:33 +09:00
MAINTAINERS
BACKPORT: Makefile: move initial clang flag handling into scripts/Makefile.clang
2022-01-25 01:20:50 -08:00
Makefile
BACKPORT: Makefile: move initial clang flag handling into scripts/Makefile.clang
2022-01-25 01:20:50 -08:00
OWNERS
ANDROID: Add OWNERS files referring to the respective android-mainline OWNERS
2021-04-03 14:11:30 +00:00
README
Drop all 00-INDEX files from Documentation/
2018-09-09 15:08:58 -06:00
README.md
ANDROID: README: Add requirement for "Bug:" tag for FROMLIST
2020-05-01 15:36:12 -07:00

README.md

How do I submit patches to Android Common Kernels

  1. BEST: Make all of your changes to upstream Linux. If appropriate, backport to the stable releases. These patches will be merged automatically in the corresponding common kernels. If the patch is already in upstream Linux, post a backport of the patch that conforms to the patch requirements below.

    • Do not send patches upstream that contain only symbol exports. To be considered for upstream Linux, additions of EXPORT_SYMBOL_GPL() require an in-tree modular driver that uses the symbol -- so include the new driver or changes to an existing driver in the same patchset as the export.
    • When sending patches upstream, the commit message must contain a clear case for why the patch is needed and beneficial to the community. Enabling out-of-tree drivers or functionality is not not a persuasive case.

  2. LESS GOOD: Develop your patches out-of-tree (from an upstream Linux point-of-view). Unless these are fixing an Android-specific bug, these are very unlikely to be accepted unless they have been coordinated with kernel-team@android.com. If you want to proceed, post a patch that conforms to the patch requirements below.

Common Kernel patch requirements

  • All patches must conform to the Linux kernel coding standards and pass script/checkpatch.pl
  • Patches shall not break gki_defconfig or allmodconfig builds for arm, arm64, x86, x86_64 architectures (see https://source.android.com/setup/build/building-kernels)
  • If the patch is not merged from an upstream branch, the subject must be tagged with the type of patch: UPSTREAM:, BACKPORT:, FROMGIT:, FROMLIST:, or ANDROID:.
  • All patches must have a Change-Id: tag (see https://gerrit-review.googlesource.com/Documentation/user-changeid.html)
  • If an Android bug has been assigned, there must be a Bug: tag.
  • All patches must have a Signed-off-by: tag by the author and the submitter

Additional requirements are listed below based on patch type

Requirements for backports from mainline Linux: UPSTREAM:, BACKPORT:

  • If the patch is a cherry-pick from Linux mainline with no changes at all
    • tag the patch subject with UPSTREAM:.
    • add upstream commit information with a (cherry picked from commit ...) line
    • Example:
      • if the upstream commit message is
        important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>
  • then Joe Smith would upload the patch for the common kernel as
        UPSTREAM: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        (cherry picked from commit c31e73121f4c1ec41143423ac6ce3ce6dafdcec1)
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch requires any changes from the upstream version, tag the patch with BACKPORT: instead of UPSTREAM:.
    • use the same tags as UPSTREAM:
    • add comments about the changes under the (cherry picked from commit ...) line
    • Example:
        BACKPORT: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        (cherry picked from commit c31e73121f4c1ec41143423ac6ce3ce6dafdcec1)
        [joe: Resolved minor conflict in drivers/foo/bar.c ]
        Signed-off-by: Joe Smith <joe.smith@foo.org>

Requirements for other backports: FROMGIT:, FROMLIST:,

  • If the patch has been merged into an upstream maintainer tree, but has not yet been merged into Linux mainline
    • tag the patch subject with FROMGIT:
    • add info on where the patch came from as (cherry picked from commit <sha1> <repo> <branch>). This must be a stable maintainer branch (not rebased, so don't use linux-next for example).
    • if changes were required, use BACKPORT: FROMGIT:
    • Example:
      • if the commit message in the maintainer tree is
        important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>
  • then Joe Smith would upload the patch for the common kernel as
        FROMGIT: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        (cherry picked from commit 878a2fd9de10b03d11d2f622250285c7e63deace
         https://git.kernel.org/pub/scm/linux/kernel/git/foo/bar.git test-branch)
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch has been submitted to LKML, but not accepted into any maintainer tree
    • tag the patch subject with FROMLIST:
    • add a Link: tag with a link to the submittal on lore.kernel.org
    • add a Bug: tag with the Android bug (required for patches not accepted into a maintainer tree)
    • if changes were required, use BACKPORT: FROMLIST:
    • Example:
        FROMLIST: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <fred.jones@foo.org>

        Bug: 135791357
        Link: https://lore.kernel.org/lkml/20190619171517.GA17557@someone.com/
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>

Requirements for Android-specific patches: ANDROID:

  • If the patch is fixing a bug to Android-specific code
    • tag the patch subject with ANDROID:
    • add a Fixes: tag that cites the patch with the bug
    • Example:
        ANDROID: fix android-specific bug in foobar.c

        This is the detailed description of the important fix

        Fixes: 1234abcd2468 ("foobar: add cool feature")
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <joe.smith@foo.org>
  • If the patch is a new feature
    • tag the patch subject with ANDROID:
    • add a Bug: tag with the Android bug (required for android-specific features)
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 7.9 GiB
Languages
C 97.7%
Assembly 1.6%
Makefile 0.3%
Perl 0.1%