linux

mirror of https://github.com/hardkernel/linux.git synced 2026-06-06 19:08:57 +09:00

Go to file

Nadav Amit a00ed4e5d5 x86/alternative: Fix race in try_get_desc()

commit efd608fa74 upstream.

I encountered some occasional crashes of poke_int3_handler() when
kprobes are set, while accessing desc->vec.

The text poke mechanism claims to have an RCU-like behavior, but it
does not appear that there is any quiescent state to ensure that
nobody holds reference to desc. As a result, the following race
appears to be possible, which can lead to memory corruption.

  CPU0					CPU1
  ----					----
  text_poke_bp_batch()
  -> smp_store_release(&bp_desc, &desc)

  [ notice that desc is on
    the stack			]

					poke_int3_handler()

					[ int3 might be kprobe's
					  so sync events are do not
					  help ]

					-> try_get_desc(descp=&bp_desc)
					   desc = __READ_ONCE(bp_desc)

					   if (!desc) [false, success]
  WRITE_ONCE(bp_desc, NULL);
  atomic_dec_and_test(&desc.refs)

  [ success, desc space on the stack
    is being reused and might have
    non-zero value. ]
					arch_atomic_inc_not_zero(&desc->refs)

					[ might succeed since desc points to
					  stack memory that was freed and might
					  be reused. ]

Fix this issue with small backportable patch. Instead of trying to
make RCU-like behavior for bp_desc, just eliminate the unnecessary
level of indirection of bp_desc, and hold the whole descriptor as a
global.  Anyhow, there is only a single descriptor at any given
moment.

Fixes: 1f676247f3 ("x86/alternatives: Implement a better poke_int3_handler() completion scheme")
Signed-off-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@kernel.org
Link: https://lkml.kernel.org/r/20220920224743.3089-1-namit@vmware.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2022-10-05 10:39:44 +02:00

arch

x86/alternative: Fix race in try_get_desc()

2022-10-05 10:39:44 +02:00

block

block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait

2022-09-23 14:15:48 +02:00

certs

certs/blacklist_hashes.c: fix const confusion in certs blacklist

2022-06-22 14:22:01 +02:00

crypto

KEYS: asymmetric: enforce SM2 signature use pkey algo

2022-08-17 14:24:28 +02:00

Documentation

Input: iforce - add support for Boeder Force Feedback Wheel

2022-09-20 12:39:45 +02:00

drivers

clk: iproc: Do not rely on node name for correct PLL setup

2022-10-05 10:39:44 +02:00

fs: split off setxattr_copy and do_setxattr function from setxattr

2022-10-05 10:39:44 +02:00

include

serial: Create uart_xmit_advance()

2022-09-28 11:11:54 +02:00

init

stack: Declare {randomize_,}kstack_offset to fix Sparse warnings

2022-08-17 14:23:10 +02:00

ipc

ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()

2022-06-09 10:23:10 +02:00

kernel

swiotlb: max mapping size takes min align mask into account

2022-10-05 10:39:40 +02:00

lib

crypto: lib - remove unneeded selection of XOR_BLOCKS

2022-09-05 10:30:03 +02:00

LICENSES

LICENSES/dual/CC-BY-4.0: Git rid of "smart quotes"

2021-07-15 06:31:24 -06:00

mm,hwpoison: check mm when killing accessing process

2022-10-05 10:39:39 +02:00

net

wifi: mac80211: fix regression with non-QoS drivers

2022-10-05 10:39:43 +02:00

samples

samples/landlock: Format with clang-format

2022-06-09 10:23:23 +02:00

scripts

mksysmap: Fix the mismatch of 'L0' symbols in System.map

2022-09-23 14:15:51 +02:00

security

apparmor: Fix memleak in aa_simple_write_to_buffer()

2022-08-25 11:40:01 +02:00

sound

ASoC: tas2770: Reinit regcache on reset

2022-10-05 10:39:41 +02:00

tools

selftests: Fix the if conditions of in test_extra_filter()

2022-10-05 10:39:43 +02:00

usr

usr/include/Makefile: add linux/nfc.h to the compile-test coverage

2022-02-01 17:27:15 +01:00

virt

KVM: SEV: add cache flush to solve SEV cache incoherency issues

2022-09-23 14:15:52 +02:00

.clang-format

clang-format: Update with the latest for_each macro list

2021-05-12 23:32:39 +02:00

.cocciconfig

…

.get_maintainer.ignore

Opt out of scripts/get_maintainer.pl

2019-05-16 10:53:40 -07:00

.gitattributes

.gitattributes: use 'dts' diff driver for dts files

2019-12-04 19:44:11 -08:00

.gitignore

.gitignore: ignore only top-level modules.builtin

2021-05-02 00:43:35 +09:00

.mailmap

mailmap: add Andrej Shadura

2021-10-18 20:22:03 -10:00

COPYING

COPYING: state that all contributions really are covered by this file

2020-02-10 13:32:20 -08:00

CREDITS

MAINTAINERS: Move Daniel Drake to credits

2021-09-21 08:34:58 +03:00

Kbuild

kbuild: rename hostprogs-y/always to hostprogs/always-y

2020-02-04 01:53:07 +09:00

Kconfig

kbuild: ensure full rebuild when the compiler is updated

2020-05-12 13:28:33 +09:00

MAINTAINERS

Input: goodix - add a goodix.h header file

2022-07-12 16:34:51 +02:00

Makefile

Linux 5.15.71

2022-09-28 11:11:58 +02:00

README

Drop all 00-INDEX files from Documentation/

2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.