acrn-kernel

Go to file

Shifeng Li 19269741c3 RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() [ Upstream commit 2b78832f50c4d711e161b166d7d8790968051546 ] When removing the irdma driver or unplugging its aux device, the ccq queue is released before destorying the cqp_cmpl_wq queue. But in the window, there may still be completion events for wqes. That will cause a UAF in irdma_sc_ccq_get_cqe_info(). [34693.333191] BUG: KASAN: use-after-free in irdma_sc_ccq_get_cqe_info+0x82f/0x8c0 [irdma] [34693.333194] Read of size 8 at addr ffff889097f80818 by task kworker/u67:1/26327 [34693.333194] [34693.333199] CPU: 9 PID: 26327 Comm: kworker/u67:1 Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1 [34693.333200] Hardware name: SANGFOR Inspur/NULL, BIOS 4.1.13 08/01/2016 [34693.333211] Workqueue: cqp_cmpl_wq cqp_compl_worker [irdma] [34693.333213] Call Trace: [34693.333220] dump_stack+0x71/0xab [34693.333226] print_address_description+0x6b/0x290 [34693.333238] ? irdma_sc_ccq_get_cqe_info+0x82f/0x8c0 [irdma] [34693.333240] kasan_report+0x14a/0x2b0 [34693.333251] irdma_sc_ccq_get_cqe_info+0x82f/0x8c0 [irdma] [34693.333264] ? irdma_free_cqp_request+0x151/0x1e0 [irdma] [34693.333274] irdma_cqp_ce_handler+0x1fb/0x3b0 [irdma] [34693.333285] ? irdma_ctrl_init_hw+0x2c20/0x2c20 [irdma] [34693.333290] ? __schedule+0x836/0x1570 [34693.333293] ? strscpy+0x83/0x180 [34693.333296] process_one_work+0x56a/0x11f0 [34693.333298] worker_thread+0x8f/0xf40 [34693.333301] ? __kthread_parkme+0x78/0xf0 [34693.333303] ? rescuer_thread+0xc50/0xc50 [34693.333305] kthread+0x2a0/0x390 [34693.333308] ? kthread_destroy_worker+0x90/0x90 [34693.333310] ret_from_fork+0x1f/0x40 Fixes: `44d9e52977` ("RDMA/irdma: Implement device initialization definitions") Signed-off-by: Shifeng Li <lishifeng1992@126.com> Link: https://lore.kernel.org/r/20231121101236.581694-1-lishifeng1992@126.com Acked-by: Shiraz Saleem <shiraz.saleem@intel.com> Signed-off-by: Leon Romanovsky <leon@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2023-12-13 18:39:14 +01:00
Documentation	tee: optee: Fix supplicant based device enumeration	2023-12-13 18:39:12 +01:00
LICENSES	LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers	2021-12-16 14:33:10 +01:00
arch	arm64: dts: rockchip: Expand reg size of vdec node for RK3399	2023-12-13 18:39:13 +01:00
block	blk-core: use pr_warn_ratelimited() in bio_check_ro()	2023-11-20 11:52:17 +01:00
certs	certs: Fix build error when PKCS#11 URI contains semicolon	2023-02-09 11:28:11 +01:00
crypto	crypto: pcrypt - Fix hungtask for PADATA_RESET	2023-11-28 17:06:58 +00:00
drivers	RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info()	2023-12-13 18:39:14 +01:00
fs	iomap: update ki_pos a little later in iomap_dio_complete	2023-12-08 08:51:20 +01:00
include	drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group	2023-12-13 18:39:12 +01:00
init	proc: sysctl: prevent aliased sysctls from getting passed to init	2023-11-28 17:07:08 +00:00
io_uring	io_uring: fix off-by one bvec index	2023-12-03 07:32:13 +01:00
ipc	ipc: fix memory leak in init_mqueue_fs()	2022-12-31 13:32:01 +01:00
kernel	hrtimers: Push pending hrtimers away from outgoing CPU earlier	2023-12-13 18:39:03 +01:00
lib	zstd: Fix array-index-out-of-bounds UBSAN warning	2023-12-13 18:39:04 +01:00
mm	mm/damon/sysfs: eliminate potential uninitialized variable warning	2023-12-13 18:39:12 +01:00
net	drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group	2023-12-13 18:39:12 +01:00
rust	rust: allocator: Prevent mis-aligned allocation	2023-08-11 12:08:18 +02:00
samples	fprobe: Pass entry_data to handlers	2023-10-25 12:03:12 +02:00
scripts	dt: dt-extract-compatibles: Don't follow symlinks when walking tree	2023-12-13 18:39:05 +01:00
security	ima: detect changes to the backing overlay file	2023-11-28 17:07:12 +00:00
sound	ASoC: fsl_sai: Fix no frame sync clock issue on i.MX8MP	2023-12-13 18:39:13 +01:00
tools	selftests/net: mptcp: fix uninitialized variable warnings	2023-12-08 08:51:17 +01:00
usr	usr/gen_init_cpio.c: remove unnecessary -1 values from int file	2022-10-03 14:21:44 -07:00
virt	kvm/vfio: ensure kvg instance stays around in kvm_vfio_group_add()	2023-09-13 09:42:46 +02:00
.clang-format	inet: ping: use hlist_nulls rcu iterator during lookup	2022-12-01 12:42:46 +01:00
.cocciconfig	…
.get_maintainer.ignore	get_maintainer: add Alan to .get_maintainer.ignore	2022-08-20 15:17:44 -07:00
.gitattributes	.gitattributes: use 'dts' diff driver for dts files	2019-12-04 19:44:11 -08:00
.gitignore	Kbuild: add Rust support	2022-09-28 09:02:20 +02:00
.mailmap	9 hotfixes. 6 for MM, 3 for other areas. Four of these patches address	2022-12-10 17:10:52 -08:00
.rustfmt.toml	rust: add `.rustfmt.toml`	2022-09-28 09:02:20 +02:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	MAINTAINERS: Remove Michal Marek from Kbuild maintainers	2022-11-16 14:53:00 +09:00
Kbuild	Kbuild updates for v6.1	2022-10-10 12:00:45 -07:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	devlink: move code to a dedicated directory	2023-08-30 16:11:00 +02:00
Makefile	Linux 6.1.67	2023-12-11 10:41:01 +01:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.